ADDIS ABABA UNIVERSITY

COLLEGE OF BUSINES AND ECONOMICS

DEPARTMENT OF ACCOUNTING AND FINANCE

Internal audit practice the case of Somali Regional Government Public sector offices,
Ethiopia

A thesis submitted to the Department of Accounting and Finance in partial fulfillment

of the requirements for the degree of Masters of Science in Accounting and Finance.

By

Kaldir Hasan Odowa

June, 2015
Internal audit practice the case of Somali Regional Government Public sector offices,
Ethiopia

A thesis submitted to the Department of Accounting and Finance in partial fulfillment

of the requirements for the degree of Masters of Science in Accounting and Finance.

By: Kaldir Hasan Odowa

Chairperson (Graduate Committee) Signature

Approved by Board of Examiners:

__________________________ ___________________
Advisor Signature
__________________________ ___________________
Examiner Signature

__________________________ ___________________
Examiner Signature
 Statement of Declaration

I, the undersigned, declare that this thesis is my original work, has not been presented
for a degree in any other university and that all sources of materials used for the thesis
have been dully acknowledged.

Declared by:
Name: Kaldir Hasan Odowa
Signature: ____________
Date: ________________
 Statement of Certification

This is to certify that Kaldir Hasan Odowa has carried out his research work on the
topic entitled “Internal audit practice the case of Somali Regional Government
Public sector offices, Ethiopia”. The work is original in nature and is suitable for
submission for the reward of the Master`s Degree in Accounting and Finance.

Advisor: Dr. Laxmikantham P.:________________________________

Date: ____________________________
Abstract
This study examines internal audit practice in Somali regional government public
offices, population of the study were 101 internal audit staffs and 80 internal auditors
were selected as sample size using simple random sampling. The study investigates
key problems in internal audit practices regarding the organizational policy
authorizing internal audit, auditee cooperation, independence and objectivity,
proficiency and scope of work of internal audit, reporting follow-up and quality review,
and planning of internal audit unit. The study adopts mixed method approach in order
to achieve the research objectives and to answer research questions. Specifically, the
techniques used in the study include survey with internal auditors, documentary
analysis and in-depth interviews with financial control support process owners
(internal audit department heads). With these research methods, the results of the study
reveal that organizational policy authorizing internal audit and reporting follow up
and are in line with the standards. But there is lack of auditee cooperation to the
internal audit staffs, audit planning is not considered organizational risk profile,
independence and objectivity of internal auditors are impaired and quality assurance
is not carried out that leads ineffectiveness of internal audit. In the end, the study
forwards that both Somali regional state government sector offices and internal audit
staffs in the region to should work with the ISPPIA standards formulated by IIA’s to
mitigate challenges in the internal audit practice in the region.

Key words: Internal Auditing Standard, Internal Audit Practices; Public Sector
offices.

I|Page
Acknowledgments

First and for most, I thank the almighty god for his wisdom and patience that gave me
during my work. I would like to express my deepest thanks to my thesis advisor Dr.
Laxmikantham P., (PhD) for his immeasurable assistance and guidance during my
study. My thanks also go to Addis Ababa University for providing me financial
assistance.

I would also like to give special credit to internal audit staffs in the SRS government
sector offices for their invaluable information that has improved this study. My thanks
also go to all my friends who were with me throughout my research work.

Lastly, I am pleased to express my sincere thanks to everyone who has contributed for
the accomplishment of this study.

II | P a g e
Acronyms and Abbreviations

CAE: Chief Audit Executive

CPA: Certified Public Accountants
IA: Internal Auditors
IIA: Institute of internal auditors
IPPF: International Professional Practices Framework
ISPPIA: International Standards for the Professional Practice of Internal
Auditing
MoFED: Ministry of finance and Economic Development
OAG: Office of the Audit General
SPSS: Statistical Package for Social Science
SRS: Somali Regional State

III | P a g e
 Table of Contents
Abstract .......................................................................................................................... I

Acknowledgments .........................................................................................................II

Acronyms and Abbreviations ..................................................................................... III

List of Tables ............................................................................................................. VII

List of Figures ............................................................................................................ VII

Chapter One .................................................................................................................. 1

1. Introduction ............................................................................................................... 1

1.1 Background of the Research .......................................................................... 1

1.2 Statement of the Problems ............................................................................. 3

1.3 Research Questions ........................................................................................ 5

1.4 Objective of the Study.................................................................................... 5

1.4.1 General Objective ................................................................................... 6

1.4.2 Specific Objectives ................................................................................. 6

1.5 Significance of the Study ............................................................................... 7

1.6 Scope and limitation of the Study .................................................................. 7

1.7 Structure of the study ..................................................................................... 7

Chapter Two .................................................................................................................. 9

2. Literature Review ...................................................................................................... 9

2.2 Theoretical Review ........................................................................................ 9

2.2.1 Definition and Scope of Internal audit .................................................... 9

2.2.2 The Four Main Elements internal audit ................................................ 10

2.2.3 The Audit Charter ................................................................................. 10

2.2.4 Audit Competencies .............................................................................. 11

2.2.5 Quality control in auditing at international level .................................. 11

IV | P a g e
 2.2.6 Main Challenges for Internal Audit ...................................................... 11

2.2.7 Types of Audits ..................................................................................... 12

2.2.8 The role of internal audit ...................................................................... 12

2.2.9 International Internal Auditing Standards............................................. 13

2.2.10 Internal Audit Reporting Structure ....................................................... 14

2.2.11 The Development of Internal Audit in Ethiopia ................................... 15

2.3 Review of empirical studies ......................................................................... 16

Chapter Three.............................................................................................................. 28

3. Research Design and Methodology ........................................................................ 28

3.1 Research Approaches ................................................................................... 28

3.2.1 Quantitative Research Approaches ....................................................... 28

3.2.2 Qualitative Research Approaches ......................................................... 29

3.2.3 Mixed Research Approaches ................................................................ 32

3.3 Research Methods Adopted and Technique ................................................. 33

3.3.1 Quantitative Aspect-Survey Design...................................................... 33

3.3.2 Qualitative Aspect: Semi-structured Interview ..................................... 34

3.4 Conclusions .................................................................................................. 39

Chapter Four ............................................................................................................... 40

4. Results and Discussions .......................................................................................... 40

4.1 Organizational Policy Authorizing Internal Audit ....................................... 40

4.1.1 Availability of Audit Charter ................................................................ 40

4.2 Auditee Cooperation .................................................................................... 42

4.2.1 Extent the Management and Other Organs Support, Understand and
Appreciate the Role of Internal Audit Function in Good Governance. .............. 43

4.3 Independence and Objectivity of Internal Audit .......................................... 44

4.4 Proficiency and Scope of Internal Audit ...................................................... 46

V|Page
 4.4.1 Proficiency of internal audit ................................................................. 46

4.4.2 Scope of Internal Audit Work ............................................................... 50

4.5 Reporting Follow-up and Quality Review ................................................... 51

4.6 Audit Planning ............................................................................................. 54

4.7 Conclusions .................................................................................................. 56

Chapter Five ................................................................................................................ 57

5. Summary of Findings, Conclusions and Recommendations .............................. 57

5.1 Introduction .................................................................................................. 57

5.2 Summary of Findings ................................................................................... 57

5.3 Conclusion.................................................................................................... 59

5.4 Recommendations ........................................................................................ 61

References

Appendixes

VI | P a g e
 List of Tables
Table 4.1 Descriptive statistics of Organizational policy authorizing internal audit …… 41
Table 4.2 Descriptive Statistics of auditee Cooperation……………………………….. 42
Table 4.3 Descriptive statistics of independence and objectivity of internal audit 43
Table 4.4 Do you think that the organization's audit department or divisions has
progressed in terms of numbers of staffs and Qualified of staff………………………… 48
Table 4.5 Descriptive Statistics of proficiency of internal audit………………………... 49
Table 4.6 Descriptive Statistics of Descriptive Statistics for the Reporting Follow-up
and Quality review …………………………………….................................................. 52
Table 4.7 Audit Planning………………………………………………………………. 55

List of Figures
Figure 4.1 Do you have Audit charter ………………………………………………….. 40
Figure 4.2 Extent the management and other organs support, understand and appreciate
the role of internal audit function in good governance………………………………….. 44
Figure 4.3 Do internal audit department is large enough to successfully carry out it…… 47
Figure 4.4 Scope of internal audit work ……………………………………………… 51

VII | P a g e
 Chapter One

1. Introduction

1.1 Background of the Research

The purpose of this chapter is to brief background internal auditing practices, problems
relating internal auditing, objective to be reached finding, significance and scope and
research method be adopted to reach research objective study. Hence, the chapter is
arranged into seven sections as: 1.1 background of the research 1.2 statement of the
problems 1.3 objective of the study 1.4 significance of the study 1.5 scope and
limitation of the study and 1.6 structure of the study.

Public sector offices are part of the public body which is partly or wholly financed by
government budget and concerned with providing basic government services to the
whole society (Ministry of Finance and Economic Development (MoFED, 2004). The
compositions of the public sectors are varied by their function and purposes, but in
most cases, they are designed in order to enable the public sectors to achieve their goals.
Internal auditing is an innovative function that has focused on emerging control and
audit expertise including control self-assessment, which enlists the support of the
employees in diagnosing efficiencies and implementing improvements in different
areas of auditing. Internal auditors assist both management and boards of directors and
audit committees by examining, evaluating and reporting on the adequacy and
effectiveness of the management’s risk processes and by recommending improvements
when necessary (Soltani, 2007). Similarly, according Ethiopian internal audit manual,
auditing is process by which a competent, independent person, accumulates and
evaluates evidence about quantifiable information related to a specific economic entity
for the purpose of determining and reporting on the degree of correspondence between
the quantifiable information and established criteria. Besides recent research shows
that IA effectiveness does play a role in ensuring effective management in public sector
(Enofe et al. 2013). Moreover, internal audit is considered as a value adding
activity in contemporary organizations (AlTwaijry, Brierley & Gwilliam 2003;
Bou-Raad 2000; Roth 2002; Yee et al. 2008), internal audit function has a positive

1|Page
effect on the quality of financial reporting, on good government governance, and
quality of financial reporting has a positive effect on good government governance
Rahmatika, (2013).

Although, the internal auditors have many roles and contributions to the organization
and the public interest, it also faces many challenges from the organization they work.
Some of the challenges identified by the Ministry of Finance and Economic
Development (2004), in their internal audit manual are lack of management respect,
lack of independence, assigned of internal auditors to many tasks and being ignored
(conflict of interest) and lack of professional development.

Additionally, Mihret and Yismaw, (2007) has been undertaken study on internal audit
effectiveness in Ethiopian public universities revealed that internal audit department of
the organization needs to enhance the technical proficiency of the internal audit staff
and minimize staff turnover so as to foster audit effectiveness, internal audit's lack of
authority on budgets reduces its control of resource acquisition and utilization, and
improvement in the areas of audit planning, documentation of audit work, audit
communications and follow-up of recommendations, additionally, the lack of attention
by management may send a wrong signal about the importance of internal audit
services to the auditee, which in turn adversely affects the auditee attributes. likewise,
Kedir et al. (2014) studied internal auditing standards and its practice the case of East
Arsi Zone, Ethiopia revealed that competency in terms of educational level,
background and experience is in line with the standards but auditors also are impaired
their independency because most of the time they are attached with internal functional
areas.

Following this, in Ethiopia, there are some studies examining internal audit function in
the public sector Mihret and Yismaw, (2007), Hailemariam, (2014), Kedir et al. (2014),
studied on the determinants of internal audit effectiveness in the public sector, case
study in selected Ethiopian public sector offices and internal auditing standards and its
practice the case of East Arsi in Ethiopia respectively. But there is no any study on

2|Page
internal audit practice in the Somali regional state (SRS) government public sector
offices. Therefore, this study is conducted on the internal audit practices in (SRS)
government public sector offices with special emphasis on organizational policy in
authorizing, auditee cooperation, independence and objectivity of internal audit
function (service), proficiency and scope of internal audit (IA), reporting follow-up
and quality review, and planning of IA in the SRS government public sector offices
and to recommend suitable solutions to the problems.

1.2 Statement of the Problems

Internal audit function is an important function in any organization that has a positive
effect on the quality of financial reporting, good government governance, & quality
financial reporting has a positive effect on good government governance (Rahmatika,
2013).

Further, According to Ethiopian the internal audit procedure manual internal auditors
are employed to provide an independent and objective opinion to the head of public
body on risk management, control and governance by measuring and evaluating their
effectiveness in achieving the public body’s agreed objectives and provide an
independent and objective consultancy service specifically to help management
improve the public body’s risk management, control and governance and applies
professional skills through a systematic and disciplined evaluation of the policies,
procedures and operations that management put in place to ensure the achievement of
the public body’s objectives and through recommendations for improvement.

Despite, internal audit effectiveness does play a role in ensuring effective management
in public sector Enofe et al. (2013), management support, the existence of adequate
and competent IA staff, and the availability of approved IA charter contribute for the
internal audit effectiveness in the public sector significantly and positively
Hailemariam, (2014). Today’s internal auditing independency is impaired because
most of the time they are attached with internal functional areas, Kedir et al., (2014).
Also, recent research on internal audit practices case of Ethiopian governmental higher

3|Page
educational institutions shows that lack of proper management commitment, lack of
developmental programs for internal auditors and other organizational factors are
critical factors influencing effectiveness of IAF in the public universities (Bethlehem,
2009).

Although internal audit effectiveness is strongly influenced by the factors depicted

above paragraph, internal audit staffs are organized inefficiently with low technical
staff proficiency, that does not prepare a strategic plans to conduct their activities to
produce effective internal audit output to their organization (Cohen & Sayag, 2010;
Arena and Azzone, 2009; Mihret and Yismaw, 2007). Furthermore, recent research on
internal audit effectiveness on an Ethiopian public sector case study by Mihret and
Yismaw, (2007) shows that internal audit's lack of authority on budgets reduces its
control of resource acquisition and utilization, scope of internal audit services is limited
to regular activities. The internal auditors, under the impression that their reports are
not sufficiently utilized by the management, may not be encouraged to exert the
maximum possible effort in their engagements, the study has also shown that internal
audit of the organization studied needs improvement in the areas of audit planning,
documentation of audit work, audit communications and follow-up of
recommendations.

Even thought, there are some studies on internal practice in Ethiopia they did not entire
internal audit practice but only focusing specific points for example, Hailemariam,
(2014) do not investigate the quality assurance, planning and risk assessment and
reporting follow-up, but only he management perception, management support,
organizational independence of internal auditors, adequate and competent internal
auditor’s staff and the presence of approved internal audit charter, through the
questionnaires administered without considering interview and document analysis.
Mulugeta, (2008) on the other hand focuses on the internal audit reporting relationship
in Ethiopian public enterprises by ignoring the other factors that affect internal audit
effectiveness. Lastly, Fekadu, (2009) present evidence on the internal audit practices
on Ethiopian governmental higher educational institutions, to obtain the required
information only open-ended and closed ended questionnaires were used as data
4|Page
gathering tools. Then qualitative approaches were employed to analyze and interpret
the filled in data without considering qualitative approach to analyze and interpret.

Therefore, the researcher believed this research preaches that gap by using difference
research mixed research approach in order to gather advantages of both approaches and
investigating internal audit practice in terms of organizational policy in authorizing,
auditee cooperation, independence and objectivity of internal audit function (service),
proficiency and the scope of internal audit, reporting follow-up and quality review and
planning of IA in the region. Besides the realization of full value of internal audit
practice in the region has contribute effectiveness of good governance. The study
examined the internal audit practices in the Somali regional state (SRS) government
public sector offices, in addition to this, there is no research on internal audit practice
in the region before, that among reasons that leads to done this research.

1.3 Research Questions

In order to achieve the intended objectives of the study and to address the research
problem, the following research questions were formulated:
I. Does organizational policy in authorizing internal audit in SRS
government sector offices exist?
II. To what extent managers or employees of SRS government public
sector offices have proper understanding, knowledge and support of
internal audit role in good governance?
III. To what extent is the availability of independence and objectivity, scope
and proficiency of internal audit in government public offices?
IV. To what extent there is the quality assurance of internal audit unit?

1.4 Objective of the Study

This section presented the general and specific objectives of the study.

5|Page
 1.4.1 General Objective

Internal auditing has a number of important roles if it is effectively and carefully carried
out. It can make a significant contribution in assurance and consulting activity designed
to add value and improve the public body’s operations. It helps the public body
accomplish its objectives by bringing a systematic, disciplined approach to evaluate
and improve the effectiveness of risk management, control and governance processes.

Therefore, the general objective of this was the examination of the internal audit
practice in the Somali regional state public sector offices.

1.4.2 Specific Objectives

I. To assess organizational policy in authorizing internal audit in SRS

government sector offices.

II. To examine the extent managers or employees of SRS government public

sector offices have proper understanding, knowledge and support of
internal audit role in good governance.

III. To investigate the independence and objectivity of internal audit is SRS

government sector offices,

IV. To examine proficiency and scope of internal audit in SRS government

public sector offices.

V. To investigate the reporting follow-up and quality review and planning

of internal audit unit

VI. To recommend alternative solutions for the actual problems identified

by this research.

6|Page
1.5 Significance of the Study

Internal auditors are responsible for evaluating and contributing to the improvement of
governance, risk management, and control processes using a systematic and disciplined
approach. Therefore, this research could be used as an initiation for those who
are interested to conduct a detailed and comprehensive study regarding the internal
audit practice in SRS government public sector offices. And also it enables the SRS
government public sector offices, specifically the managements, the higher
responsible body, and audit committee of selected public sector to be aware of the
importance internal audit function and gives insight how they use the internal audit
service most efficiency.

1.6 Scope and limitation of the Study

The study, focus on the internal audit practices in the government public sector offices
only and it would be more successful if it is conducted in all public sector offices and
privately owned organizations. But due to time and financial constraints it is conducted
only selected 80 internal auditor in the public sector offices which are expected to show
the practice of rest of internal audit staffs in the region. Besides that, there were also
some restrictions in the interview sessions. Some of the interviewees did not allow their
conversation to be recorded. There were also some interviewees who allowed their
conversation to be partially recorded. Hence, interviewers faced difficulties to recap
their good points. In addition scope of study is selected component of internal audit
practices; such as organizational policy in authorizing internal audit (IA), auditee
cooperation, independence and objectivity, proficiency of IA and scope of work of
internal audit, reporting follow-up and quality review, and planning of internal audit
unit.

1.7 Structure of the study

This research involves five chapters. the first chapter with its sub topics was
introductory parts incorporated the introduction, statement of the problem, research

7|Page
objectives, research questions, significant of conducting the study, scope and limitation
of the study. The second chapter describes the detail review of related literatures with
regard to the internal audit practices. The third chapter expresses the information
regarding the sampling techniques used to conduct the research. The fourth chapter is
the analysis, discussions and presentation part of the research findings and finally, the
last chapter describe about the summary of finding, conclusions and recommendations
of the case study followed by the references and appendixes.

In this chapter it was presented background of the research, statement of the problems,
objective, significance, scope and limitation of the study, research methods and
structure of the study next chapter is literature review.

8|Page
 Chapter Two
2. Literature Review
In the previous chapter, the main problems and objectives to be addressed in the study
have been stated. This chapter presents the review of related literature. The chapter is
organized in three sections. The first section reviews theoretical studies on internal
auditing practices while the second section presents the empirical evidence on internal
auditing practices and related issues. The final section provides concluding remarks on
the review of the literature and identifies the knowledge gap that has been addressed in
the study.

2.2 Theoretical Review

In this section it presents theoretical review of relating to internal audit and its practices.

2.2.1 Definition and Scope of Internal audit

In the past, internal auditing was defined as:

Internal auditing is an independent appraisal function established within an
organization to examine and evaluate its activities as a service to the organization. This
statement is more an introduction than a definition. It tells little about what internal
auditors are responsible for. We will have to look further for a definition that embodies
the broad, unrestricted scope of professional internal auditing (Sawyer, 1988).

Accordingly, IIA new definition of internal audit, internal auditing is an independent,

objective assurance and consulting activity designed to add value and improve an
organization’s operations. It helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve the effectiveness
of risk management, control, and governance processes. (Griffiths, 2005)

‘Independent’ the concept of independence is fundamental. Internal auditing cannot

survive if it is not objective. All definitions of internal audit feature an element of

9|Page
independence, although its extent, and how it is achieved, is a topic in its own right.
The audit function must have sufficient status and be able to stand back from the
operation under review for it to be of use. If this is not achieved, then this forms a
fundamental flaw in the audit service and some internal audit functions may not be able
to subscribe to the standards. (Pickett, 2005).

2.2.2 The Four Main Elements internal audit

The scope of internal auditing is found in the Institute of Internal Auditors’

implementation standard 2110.A2 which states that: the internal audit activity should
evaluate risk exposures relating to the organization’s governance, operations and
information systems regarding the: reliability and integrity of financial and operational
information, effectiveness and efficiency of operations, safeguarding of assets,
compliance with laws, regulations, and contracts.

2.2.3 The Audit Charter

The internal audit charter is a formal document that defines the internal audit activity's
purpose, authority, and responsibility. The internal audit charter establishes the internal
audit activity's position within the organization, including the nature of the chief audit
executive’s functional reporting relationship with the board; authorizes access to
records, personnel, and physical properties relevant to the performance of
engagements; and defines the scope of internal audit activities. Final approval of the
internal audit charter resides with the board. As indicated ISPPIAS attribute 1000 –
Purpose, Authority, and Responsibility requires that the purpose, authority, and
responsibility of the internal audit activity must be formally defined in an internal audit charter,
consistent with the Definition of Internal Auditing, the Code of Ethics, and the Standards. The
chief audit executive must periodically review the internal audit charter and present it to senior
management and the board for approval (IIA’s 2012).

10 | P a g e
2.2.4 Audit Competencies

The first thing that needs to be in place to ensure competent internal auditors is effective
human resource policies and practices. Here we are concerned with the attributes of
successful internal auditors. The IIA Practice Advisory 1210-1 deals with proficiency
and requires that each internal auditor should possess certain knowledge, skills, and
other competencies (Pickett, 2005).

2.2.5 Quality control in auditing at international level

Three components comprise the framework for assuring quality in auditing: standards,
ethics, and internal and external quality reviews. This system encompasses the
activities of the regulatory agencies, standard-setting and professional bodies
associated with financial reporting and the audit of publicly listed companies. The
establishment of an appropriate oversight mechanism in auditing strongly contributes
to increasing the credibility of the audit profession. Although it is necessary that
supervision be undertaken in the first instance by the profession itself, the ultimate
responsibility for ensuring that auditors carry out their tasks with due care and in full
independence remains with the regulatory bodies. This issue is particularly important
for independent auditors of public companies (Soltani, 2007).

2.2.6 Main Challenges for Internal Audit

The main challenges (in addition to broadening the skill base and extending the scope
of the work programme to encompass all key business risks) were to enhance the cost
effectiveness and value added by the function. Risk-based auditing a further challenge
was to gain greater acceptance from senior management and thereby be in a position
to influence strategic thinking. This in turn should enhance the reputation of the
function and provide the opportunity for internal audit to become a greater source of
future management talent for the business. The final challenge cited by a number of

11 | P a g e
Directors was for Internal Audit to take a broader role in the Corporate Governance
agenda (Griffiths, 2005).

2.2.7 Types of Audits

According to Ethiopian internal audit manual auditing can be mainly grouped

into four types:-

 Financial audit: involves verification of financial data to express

opinion on their validity and reliability

 Compliance audit: involves verifying adherence to policies, plans,

procedures, laws and regulations
 Value for money (performance) audit: is a forward looking
evaluation of operations to identify areas in which economy,
efficiency and effectiveness (the three E’s) may be improved or to
evaluate compliance with and the adequacy of operational policies,
plans and procedures. It involves evaluation of inputs, process and
outputs. Other names used to describe this type of audit include
Operational, Management and Three E audit.
 Environmental audit: is an audit which confirms the degree of
compliance with both internally and externally determined emission
and pollution standards (MoFED,2005).

2.2.8 The role of internal audit

The role of internal audit has been transforming along with changes in its environment.
McNamee and McNamee (1995) as sited by Mihret (2010) discuss three major phases
of transformation in the history of internal audit (IA). Pre 1940s, IA was mainly focused
on checking propriety of transaction and records. In the 1940s, the development of
information economy based on the concept of systems caused the emergence of modern

12 | P a g e
IA with a systems evaluation approach. In this phase, IA has been concerned with
checking compliance with policies and procedures. Then, since the 1990s another wave
of transformation led IA to be viewed as a value adding service with a broader scope
of activities including assisting organizations in the management of risk.

Similarly, Spira and Page (2003) explain contemporary IA‘s shift in emphasis as a
result of pressures on organizations that caused changes in responsibilities of boards of
directors, management and external auditors. Various corporate governance initiatives
in the USA and the UK caused a change in the meaning of internal control to
incorporate management of risk. For example, Committee of Sponsoring Organisations
(COSO) framework‘s definition considers internal control as aiming to provide
assurance regarding efficiency and effectiveness of operations, reliability of financial
reports, and compliance with applicable laws and regulations (Commitee of Sponsoring
Organisations 1992). Such changes created opportunities for IA to provide consulting
services to management and assist boards of directors to manage risk.

2.2.9 International Internal Auditing Standards

According IIA’s International Standards for the Professional Practice of Internal Auditing
(Standards) revised 2012, internal auditing is conducted in diverse legal and cultural
environments; within organizations that vary in purpose, size, complexity, and
structure; and by persons within or outside the organization. While differences may
affect the practice of internal auditing in each environment, conformance with The
IIA’s International Standards for the Professional Practice of Internal Auditing
(Standards) is essential in meeting the responsibilities of internal auditors and the
internal audit activity. If internal auditors or the internal audit activity is prohibited by
law or regulation from conformance with certain parts of the Standards, conformance
with all other parts of the Standards and appropriate disclosures are needed.
If the Standards are used in conjunction with standards issued by other authoritative
bodies, internal audit communications may also cite the use of other standards, as
appropriate. In such a case, if inconsistencies exist between the Standards and other

13 | P a g e
standards, internal auditors and the internal audit activity must conform with the
Standards, and may conform with the other standards if they are more restrictive.
The purpose of the Standards is to:
 Delineate basic principles that represent the practice of internal auditing.
 Provide a framework for performing and promoting a broad range of value-
added internal auditing.
 Establish the basis for the evaluation of internal audit performance.
 Foster improved organizational processes and operations.

The Standards are principles-focused, mandatory requirements consisting of:

 Statements of basic requirements for the professional practice of internal
auditing and for evaluating the effectiveness of performance, which are
internationally applicable at organizational and individual levels.
 Interpretations, which clarify terms or concepts within the Statements
(IIA’s 2012).

2.2.10 Internal Audit Reporting Structure

Theoretically, the Chief Audit Executive should report functionally to the board or
audit committee and administratively to the chief executive officer of the organization
and functional reporting line for the internal audit function is the ultimate source of
independence and authority (Rupsys, 2005).

Report functionally means that the governing authority would approve the overall
charter of the internal audit function, approve the internal audit risk assessment and
related audit plan, receive communication from the C.A.E on the results of the internal
audit activities or other matters that the C.A.E determines are necessary, private
meeting with the C.A.E without management present, approve all decisions regarding
the appointment or the removal of the C.A.E, approve the annual compensation and
salary adjustment of the C.A.E, and make appropriate inquiries of the management and
the C.A.E to determine whether there are scopes or budgetary limitation that impede

14 | P a g e
the internal audit function to execute its responsibility. On the other hand,
administrative reporting is the reporting relationship within the organization’s
management structure that facilitates the day to-day operation of the internal audit
function it typically includes, budgeting and management accounting, human resource
administration including personal evaluations and composition, internal
communication and information flow, administration of the organization’s internal
policies and procedures (Gleim, 2002).

2.2.11 The Development of Internal Audit in Ethiopia

The history of the development of internal auditing in Ethiopia dates back to about the
middle of the 1940s. The first substantial development during this period was the
issuance of Ministry of Finance directives in 1942 (Kinfu, 1990). This was followed
by the formation of the Audit Commission by Proclamation No. 69/1944 to undertake
external audit of accounts of the Ministry of Finance (Government of Ethiopia, 1944),
which was subsequently mandated to conduct the external audit of other budgetary
institutions as well. This marks the start of today’s Office of the Auditor General of
Ethiopia (OFAG), which, amongst other duties, monitors and regulates the accounting
and auditing profession in the country. The second development was the formation of
the Office of the Auditor General (OAG) was then established in 1961 by proclamation
number 199/1961 (Government of Ethiopia 1961), which accorded the OAG greater
authority than the Audit Commission that was established in 1944. (Kinfu, 1990).
Internal audit as a separate function also appeared in this period (in 1987) when the
Auditor General was given the mandate to monitor and regulate internal auditing in
government offices and public enterprises (Argaw, 2000). This proclamation also gave
the auditor general the authority to issue minimum requirements for recruitment of
internal auditors, provide training to internal auditors, and require reports on internal
audit of government organizations.

The Ethiopian government has also been providing enhanced support to the
development of internal audit since 1994 (Teklegiorgis, 2000). In 1994, the Prime
15 | P a g e
Minister set up a task force that forwarded recommendations to improve internal audit
in government offices. Consequently, the Ministry of Finance and Economic
Development (MoFED) has been mandated to develop a manual for internal audit in
government organizations. Moreover, Proclamation No. 68/1997 requires that, the
Federal Democratic Republic of Ethiopia’s (FDRE) new economic policy be supported
by a modern and reliable audit system in order to ascertain proper implementation
through effective monitoring of administrative, developmental and service rendering
institutions in the Federal Public Sector (Zeleke, 2007). Generally, the history of
internal auditing in Ethiopia dated back to the 1940s.

2.3 Review of empirical studies

The previous section was presented the theories of internal audit focusing on role,
components, types and challenges of internal audit. This section presents reviews of
the empirical studies on the internal audit practices in public government sectors. The
second part of this chapter has addressed and examined comparatively empirical
evidence from different public sector internal audit practices in countries such as
Philippine, Saudi Arabia, Sudan, Ghana, Malaysia, Kenya and Ethiopian represents
developing countries whereas New Zealand, USA and Australia represents developed
countries. This review is arranged through team based literature review rather than
chronological based.

Internal audit effectiveness does play a role in ensuring effective management in public
sector (Enofe et al., 2013), internal audit is considered as a value adding activity
in contemporary organizations (Al-Twaijry, Brierley & Gwilliam 2003; Bou-Raad
2000; Roth 2002; Yee et al. 2008). Internal audit function has a positive effect on the
quality of financial reporting, on good government governance, and on good
government governance (Rahmatika, 2013).

Junio-Sabio, (2013) studied on the state of internal audit practice in selected Philippine
government agencies basis for policy advocacy. In this study, the researcher made use

16 | P a g e
of the descriptive survey method of research. Thus, the respondents of this research
were basically the heads of internal auditing units of various government agencies.
From the listing taken from the association of government internal auditors (AGIA)
there were forty-four (44) internal auditing units (IUA) from national government
agencies (NGAs). Government owned and controlled corporations (GOCC), legislative
bodies, constitutional commissions and judicial service, applying the Sloven’s formula
in getting the sample size the researcher generated a total of forty (40) respondents.
The study revealed that the current state of internal audit practice in the Philippine
Bureaucracy is characterized by often performing the essential internal auditor roles.
Specifically, the practice include the usual compliance with the IIIA attribute standards.

Study by Alzeban and Sawan, (2013) on the role of internal audit function in the public
sector context in Saudi Arabia based through Archival and documentary analysis,
supported by 29 semi-structured interviews data collection method and reported that
internal audit suffers from a lack of support from top management. Similarly, Brierley
et, al., (2001) Assessed study on the problems of establishing internal audit in the
Sudanese public sector, through interview and direct observation research methods and
revealed that there is a lack of cooperation and coordination between the various
parties responsible for internal audit in the public sector. Likewise, Study
conducted by Onumah and Krah, (2012), on barriers and catalysts to effective internal
audit in the Ghanaian public sector, This study collected the data from 120 internal
auditors in 40 ministries, departments and agencies (MDAs) through a self-
administered questionnaire, and semi-structured interview with a senior manager of the
Internal Audit Agency. The study revealed that the effectiveness of internal audit in the
Ghanaian public sector is hampered by lack of management ownership and support for
internal audit activities.

A study in Malaysia by Ali et al. (2004) looked at internal audit in the state and local
governments of Malaysia was found that the internal audit function in the public sector
in Malaysia is curtailed by inadequate support from top management while, the auditors
seldom extend their full cooperation. Additionally, Ali et al. (2004) indicated that in

17 | P a g e
many organizations, the non-audit personnel and top management are generally
unsupportive of internal audit. Likewise, study by Sarens and De Beelde (2004), it was
found that when internal audit got strong management support, it was in turn a strong
support function to management manifested by internal audit mission and plan being
aligned with management objectives and priorities. The study by babirye Mary (2007)
revealed significant and positive relationship between, management and staff
commitment and support to internal audit function. When internal audit has strong
management support and is considered as a strategic important function, more
consulting activities will be performed Rittenberg and Covaleski, 1997 (as cited in
Sarens and Beelde, 2004) The perception and attitude of management towards the
internal audit can have significant influence on the employees' behavior (Barret, 2001)
and how they will respond to its operations.

Shamsuddin et al. (2014) examines the factors that influence the effectiveness of the
internal auditors’ functions in public sectors in Malaysia. Data were collected through
semi-structured face-to-face interviews conducted on eight internal auditors from three
government ministries as well as an auditor from the Auditor General (AG) office. The
findings from this paper suggesting that internal auditors in public sector are facing
difficulties in carrying out their functions effectively due to lack of independence since
they have to audit their own “boss”.

Study by Alzeban and Sawan, (2013) revealed that It was confirmed by all interviewees
that whilst internal auditors have their own separate departments in the organizational
structure, these departments, nonetheless, operate under the administrative leadership
of lower level managers, internal audit report to the same level in which they are placed
in the organizational structure, a significant gap between the theoretical and the actual
reporting structures, also interviewees a result indicated two other main causes of the
restricted access faced by internal auditors in respect of their ability to meet with
personnel and to obtain the relevant information needed to fulfil their duties.
Furthermore, Alzeban and Sawan, (2013) observed that even when the internal audit

18 | P a g e
was located at a relatively senior managerial level, it might still be subject to pressure
from more highly placed management Simultaneously, top level managers control
organizational resources which they may withhold to prevent an in-depth investigation
by internal auditors of a matter which they do not want to be probed. Also Alzeban and
Sawan, (2013) noted that some other reasons for the challenge to the independence of
internal audit emerged as being the relationship between auditees and auditors.
Onumah and Krah, (2012) argued that the effectiveness of internal audit in the
Ghanaian public sector is hampered by several factors such as lack of budget authority
of the internal audit units and weak functioning of audit committees, among others.

Okibo & Kamau (2012) Exploring internal auditor independence motivators to Kenyan
perspective, the study collected its data using a self-made questionnaire which was
distributed among auditors in Kenya so as to establish the status of internal auditor’s
independence in Kenya. The researchers observed that the level of involvement by the
internal auditors in the management activities significantly affects their professional
independence. The study also observed that audit committees effectiveness also plays
a significant role in enhancing audit independence. Organizations may therefore
consider building capacity of the audit committees so as to improve internal audit
independence. Additionally, Kamau et al. (2012) found out that there is a statistically
significant causal relationship between the level of internal auditor’s skills and auditor
independence in Kenya.

Alzeban and Sawan, (2013) shown that the internal audit activities had not expanded
beyond the traditional audit of financial regularity and compliance; and that the primary
work of internal audit continues to focus on the traditional roles of internal audit in
terms of concentrating on the reliability of financial records and compliance with
procedures and regulations. Onumah and Krah, (2012) argued that the scope of internal
audit services in the Ghanaian public sector is limited to regular audit activities, mainly
pre-audit of payment vouchers which take estimated 74% of the average productive
audit time.

19 | P a g e
Alzeban and Sawan, (2013) argued that competence of internal audit was unanimously
confirmed that the lack of qualified staff stands represents one of the most
important problems facing internal audit in the Saudi public sector, and several reasons
were offered for this situation, including staff recruitment, educational qualifications,
professional qualifications, work experience and continuous development.

Brierley et al. (2001) argued that there is low salary levels, low levels of staff training
and expertise, low esteem and motivation of staff are seen in the context of a
very limited technological infrastructure to the internal audit in the Sudanese public
sector. Study conducted by Onumah and Krah, (2012), revealed that the effectiveness
of internal audit in the Ghanaian public sector is hampered by one of the factors is low
professional proficiency of internal auditors. Van Peursem (2004) as sited by Cooper
et al. (2006) major study has been undertaken in New Zealand by Van Peursem (2004)
on internal auditors' role and authority. In this study, internal auditors are asked to come
to a view on whether functions they perform in connection with internal audit
engagements are essential, and to what degree they feel they enjoy the authority over,
and independence from, management that we might expect of a professional. The
research constituted a survey of New Zealand auditors, all of whom were members of
the New Zealand branch of the IIA. A very high 73 percent response rate was achieved
over the original and follow-up survey. The study found that characteristics of a “true”
profession exist but do not dominate. Additionally, Van Peursem (2004) also observed
that public practice and experienced auditors may enjoy greater influence over
management, and accountancy trained auditors may enjoy greater status owing to the
“mystique” of their activities emanating from their membership of well-known
accountancy professional bodies.

A study in Malaysia by Ali et al. (2004) as sited by Cooper et al. (2006) looked at
internal audit in the State and Local governments of Malaysia. Based on a series of
semi-structured interviews, it was found that only a minority of local governments in
Malaysia have an internal audit function. The presence of quite a small number of local
governments with internal audit may be due to the fact that in at least two states, the
internal audit function of their local government departments is conducted by the
internal audit departments or units attached to the two state governments. There is no
20 | P a g e
comfort, however, for such an arrangement though it is certainly better than having no
internal audit done at all at the local government level. This is because internal audit in
so many of the state governments and their statutory bodies are operating with
numerous limitations. The severest problems are concerned with a shortage of audit
staff and staff lacking in audit competencies.

A study in Malaysia by Ali et al. (2004) concluded that the internal audit function in
the public sector in Malaysia is curtailed by understaffing. The auditors themselves
lack appropriate knowledge and training on effective auditing approaches. Junio-Sabio,
(2013) Concluded that government internal auditors generally perceived the knowledge
elements to be typically important. They generally regard the knowledge relating to
administration/management and legal to be very important while management science,
financial management, internal control and essentials of auditing to be equally
important in Philippine government agencies

Study by Okibo & Kamau, (2012) on to explore internal auditors’ compliance with
quality assurance standards a case of state owned corporations in Kenya. This research
collected data from 24 internal audit units from state owned corporations regarding
their compliance with quality assurance standards. The research carried out a
hypothesis testing using the data collected to find out whether the audit departments in
state owned corporations comply with quality assurance standards. The study found
out that there is generally low compliance with quality assurance standards among most
internal audit units in state owned corporations in Kenya. The research identified some
of the reasons that led to low compliance to include; lack of awareness of standards;
non-membership with IIA; non adoption of IPPF; age and experience of the internal
audit department and understanding of the quality assurance standards.

Sarens and Mohammad, (2011) studied the factors associated with convergence of
internal auditing practices Emerging vs developed countries. The techniques that are
used by at least 67 percent of the internal audit functions (IAFs) in the USA. A sample
of 26 countries and data from 1,708 IAFs were used in this study. The study revealed

21 | P a g e
evidence of a high degree of de facto convergence of internal auditing practices toward
US best practices. It also finds that IAFs in emerging countries converge more rapidly
to best practices than IAFs in developed countries. Finally, the use of the Institute of
Internal Auditors’ (IIA) Standards and an external quality assessment in the past three
years are found to be positively and significantly associated with convergence toward
US best practices.

In Ethiopia, there are five studies reviewed regarding tax audit, Hailemariam, (2014),
Mihret and Yismaw, (2007), Mulugeta, (2008), Fekadu, (2009), Kedir et al. (2014),
Hailemariam, (2014), studied determinants of internal audit effectiveness in the public
sector, case study in selected Ethiopian public sector offices, Mihret and Yismaw,
(2007) studied internal audit effectiveness in Ethiopian public sector, Mulugeta, (2008)
studied internal audit reporting relationship in Ethiopian public enterprises, Fekadu,
(2009) studied internal audit practices a case of Ethiopian governmental higher
educational institutions and Kedir et al. (2014) studied internal auditing standards and
its practice the case of east Arsi zone, Ethiopia.

Research findings by Hailemariam, (2014), based on questionnaire response from

internal auditor officers and manager, working in Ethiopian public sectors office,
suggests that the availability of approved IA charter were contributed for the internal
audit effectiveness in the public sector significantly and positively. Mihret and
Yismaw, (2007) studied internal audit effectiveness in Ethiopian public sector,
commonalities in policies, procedures and organizational contexts of most public sector
entities in Ethiopia and the same internal audit manual was used by all public bodies in
Ethiopia (Ministry of Finance and Economic Development, 2004). To enhance the
quality of data through triangulation, multiple data sources were used. Primary data
were collected via questionnaires distributed to internal audit personnel and an
interview was conducted with the internal audit director. A review of relevant
documents served as means of generating secondary data. The study argued
organizational setting do not have a strong impact on audit effectiveness. The study

22 | P a g e
results by Mulugeta, (2008) on internal audit reporting relationship in Ethiopian public
enterprises based on both stratified and random sampling method and primary and
secondary data collection method also Both quantitative and qualitative data analysis
method were used, argued that the audit charter is not effectively communicated in
those organizations. Additionally it shows it is vague and/ or need clarity.

Besides, Fekadu, (2009) studied on internal audit practices a case of Ethiopian

governmental higher educational institutions, in this study seven internal auditors were
used as data source which were selected using convenience sampling techniques, and
used as data gathering tools open-ended and closed ended questionnaires so as to obtain
the required information. Then qualitative approaches were employed to analyze and
interpret the filled in data. The result indicated that all sample respondents assured the
absence of audit charter in each of their respective university rather all respondents
stated that they are currently using the audit manual of the government.

Mihret and Yismaw, (2007) studied internal audit effectiveness in Ethiopian public
sector the study highlight that internal audit effectiveness is strongly influenced by
management support, additionally, Mihret and Yismaw, (2007) indicated that the
auditors feel that the university does not sufficiently utilize audit reports and the
management's response to the internal audit findings and recommendations is generally
not adequate. Similarly, research finding by (Hailemariam, 2014) based on
questionnaire response from internal auditor officers and manager, working in
Ethiopian public sector office, suggests that the management support contributed for
the internal audit effectiveness in the public sector significantly and positively.
Mulugeta, (2008) studied on internal audit reporting relationship in Ethiopian public
enterprises revealed that all sample respondents understanding of role of internal audit
in good governance by management and other organs in the system is low.

23 | P a g e
research findings by Hailemariam, (2014), based on questionnaire response from
internal auditor officers and manager, working in Ethiopian public sectors office,
suggests organizational independent of internal auditors were positively related with
the IAE but their contribution for the IAE were statistically not significance. Kedir et
al. (2014) studied internal auditing standards and its practice the case of east Arsi zone,
Ethiopia. Accordingly competency, compliance, independency, risk management and
quality assurance has been taken as major parameters for comparison. 36
questionnaires were distributed for the target population, and questionnaires were
designed to measure the level of agreement of the respondents on the applicability of
each parameter. This study revealed that auditors independency is impaired because
most of the time they are attached with internal functional areas. Also Fekadu, (2009)
revealed that all sample respondents stated that their CAE functionally reports to the
president office that has forced them to lose their independence. Contrarily, Mulugeta,
(2008) shown majority of his sample respondents believe that the current internal audit
structure promotes independency. Study conducted by Mihret and Yismaw, (2007)
indicated that the internal audit office reports to the President but the office does not
administer its own budget.

The study by Mulugeta, (2008) indicated that the activities of IAF are more of
traditional type that emphasize on verification of accounts, compliance, internal control
and a little on fraud investigation. Similarly, Kedir et al. (2014) studied internal
auditing standards and its practice the case of east Arsi zone, Ethiopia concluded that
the scope of the internal audit function in the enterprises surveyed did not yet go far
from the traditional practices and much time is devoted in performing financial and
compliance audits. Mihret and Yismaw, (2007) highlighted that the scope of internal
audit services is limited to regular activities. Extending the scope of services by
widening the range of systems and activities audited, with appropriate risk analysis,
would improve audit effectiveness.

24 | P a g e
Mihret and Yismaw, (2007) shown that the internal audit office of the organization
studied has low technical staff proficiency and high staff turnover, which would limit
its capacity to provide effective service to the management. Furthermore, most of the
employees have a short-term employment contract and need to upgrade their
competencies to enable them to provide the expected high quality service. Fekadu,
(2009) noted that according to his sample response in Ethiopian higher governmental
institutions internal auditors qualification is adequate for internal audit activities. Also,
Mulugeta, (2008) revealed that majority of sample respondents noted that Size internal
audit staffs are not sufficient but they are qualified. Similarly, Kedir et al. (2014) stated
according data collected to the employees of public enterprises in East Arsi zone, all
staffs in the internal auditing department of selected public enterprises found to be
competent in terms of educational background, qualification and experience. But the
size of the IA staff is small due to the wrong perceptions that they are enough for
financial and compliance audits. But ideally they are not sufficient.

Study by Fekadu, (2009) revealed there is no quality assurances program internal audit
department, no external quality assessment every five years and hence, no recent
quality assessment results communicated by CAE in the Ethiopian higher
governmental institutions. Likewise, Kedir et al. (2014) studied internal auditing
standards and its practice the case of east Arsi zone, Ethiopia revealed that public
enterprises ’audit department has quality assurance programs. Mihret and Yismaw,
(2007) has shown that internal audit of the organization studied needs improvement in
the areas of audit planning, documentation of audit work, audit communications and
follow-up of recommendations.

Conclusions and Identification of Knowledge Gap

In general, the literature review indicates that internal auditing role is wide. Within the
context of improving risk management, control and governance processes, and the type
of work undertaken to add value to an organization will vary greatly. Besides internal
audit effectiveness is strongly influenced by internal audit quality and management
support Mihret and Yismaw, (2007) Hence, IA effectiveness does play a role in

25 | P a g e
ensuring effective management in public sector there is a needs to enhance the technical
proficiency of the internal audit staff and minimize staff turnover so as to foster audit
effectiveness. The organizational status and internal organization of the internal audit
office are fairly rated, but internal audit's lack of authority on budgets reduces its
control of resource acquisition and utilization, improvement in the areas of audit
planning, documentation of audit work, audit communications and follow-up of
recommendations. In additions, the lack of attention by management may send a wrong
signal about the importance of internal audit services to the auditee, which in turn
adversely affects the auditee attributes (Mihret and Yismaw, 2007).

The review of empirical studies reveals that most of the studies were outside Ethiopia,
but there are few studies work on internal audit practices in Ethiopia but they are not
cover all component of internal audit practices. For example, Hailemariam, (2014) do
not investigate the quality assurance, planning and risk assessment and reporting
follow-up, but only he management perception, management support, organizational
independence of internal auditors, adequate and competent internal auditor’s staff and
the presence of approved internal audit charter, through the questionnaires
administered without considering interview and document analysis. Mulugeta, (2008)
on the other hand focuses on the internal audit reporting relationship in Ethiopian
public enterprises by ignoring the other factors that affect internal audit effectiveness.
Lastly, Fekadu, (2009) present evidence on the internal audit practices on Ethiopian
governmental higher educational institutions, to obtain the required information only
open-ended and closed ended questionnaires were used as data gathering tools. Then
qualitative approaches were employed to analyze and interpret the filled in data without
considering qualitative approach to analyze and interpret. Therefore this study,
employed mixed research approaches, and investigates internal audit practice in terms
of organizational policy in authorizing, auditee cooperation, independence and
objectivity of internal audit function (service), proficiency and the scope of internal
audit, reporting follow-up and quality review and planning of IA in the region.

26 | P a g e
This study is needed for three reasons. Firstly, it there is no reliable and comprehensive
study to examine internal audit practice in study area. Secondly, it will pave the way
forward for the government, and other stakeholders to understand the internal audit
practice in the government public sector offices. Finally, this study advances the
knowledge of internal auditing in public sector offices. The following chapter provides
details of the research method in respect of the identified research problem.

27 | P a g e
 Chapter Three

3. Research Design and Methodology

The previous chapter reviewed both theoretical and empirical studies, and it tried to
give a brief conclusion and gap in the existing knowledge. This chapter presents
research design used in this study. The remaining discussion in this chapter is organized
in three sections. In section 3.1, the different research approaches available to a
researcher in general are discussed, and in section 3.2, the specific research methods
adopted with proper justification for adopting a certain method are explained. Finally,
in section 3.3, concluding remarks are presented.

3.1 Research Approaches

Depending on the philosophical stance, strategies of inquiry and specific methods, a

research approach can be categorized as quantitative research approach, qualitative
research approach and mixed research approach. The discussions in the subsequent
sections present these three approaches of research. Specifically, quantitative research
approach, qualitative and mixed methods research approaches.

3.2.1 Quantitative Research Approaches

This refers to the type of research that is based on the methodological principles of
positivism and neopositivism, and adheres to the standards of a strict research design
developed prior to the actual research. It is applied for quantitative measurement and
hence statistical analysis is used. Quantitative research is used in almost every sphere
of life, such as in clinical, biological, epidemiological, sociological and business
research (Adams et al. 2007).

Researchers who adopt a more deductive approach use theory to guide the design of
the study and the interpretation of the results. In line with this, the overall objective of
quantitative research is to test or verify a theory, rather than to develop one. Therefore,
the theory offers a conceptual framework for the entire study, and it also serves as an
organizing model for the entire data collection procedure (Welman and Kruger, 2001).

28 | P a g e
Shaw (2006) sees quantitative techniques as an attempt to test a hypothesis by
incorporating it into the research design and responding to it by measuring its strength
and weaknesses that give numerical measurements to the data collected.

Firestone (1987) stated that quantitative data are those which can be sorted, classified,
measured in a strictly objective ways. They are also capable of being accurately
described by a set of rules or formulae which then make their definition (if not always
their interpretation) unambiguous and independent of individual judgments.
Quantitative researchers put their emphasis on procedures, methodologies and
statistics. As a result, it relies on statistical techniques aided by computational
algorithms and software packages for analysis the problem under study.

The well planned and implemented quantitative research has the merit of being able
scientific principles moving from theory to data, the need to explain causal
relationships between variables, the collection of quantitative data, the application of
controls to ensure validity of data, the operationalization of concepts to ensure clarity
of definition, a highly structured approach, researcher independence of what is being
researched, the necessity to select samples of sufficient size in order to generalize
conclusions (Thornhill, 2009).

Notwithstanding the above advantage, quantitative research design has a number of

limitations. First, it belittles human individuality and the ability to think. Second, it
fails to provide the researcher with information on the context of the situation where
the studied phenomenon occurs. Third, it have limited outcomes to only those outlined
in the original research proposal due to closed type questions and the structured format
and finally, quantitative research appears to lack flexibility in design which may be
crucial when additional information revealed through data collection needs further
exploration for knowledge.

3.2.2 Qualitative Research Approaches

This type of research uses a number of methodological approaches based on diverse

theoretical principles (phenomenology, hermeneutics and social interactionism). It

29 | P a g e
employs methods of data collection and analysis that are non-quantitative, aims
towards the exploration of social relations, and describes reality as experienced by the
respondents. Qualitative research methods have long been used in the field of social
sciences. For instance, these are the principal methods employed by anthropologists to
study the customs and behaviors of people from other cultures, and are also used in
such diverse areas as sociology, psychology, education, history and cultural studies.
These methods have much to offer in studying the health and well-being of people and
their daily lives in business and home. (Adams et al. 2007).

Easterbyet et al. (1991) mentioned that the task of the qualitative methodologist as to
capture what people say and do as a product of how they interpret the complexity of
their world, and to understand events from the viewpoints of the participants. Creswell
(2009) pinpointed that qualitative approach is one in which the inquirer often makes
knowledge claims based primarily on constructivist perspectives (i.e., the multiple
meanings of individual experiences meanings socially and historically constructed,
with an intent of developing a theory or pattern) or advocacy/participatory perspectives
(i.e., political, issue-oriented, collaborative, or change oriented) or both.

Greener (2008) and Creswell (2009) stated that qualitative research approach uses
strategies of inquiry such as case studies, narratives research, phenomenology’s,
ethnographies, action research and grounded theory. Greener (2008) described case
study as strategies of inquiry in which the research will involve more than one ways of
delivering data about the case or organization/unit under study for a prolonged time
period. This may include collecting and analyzing documents, talking to peoples,
survey data, participates observation, consumer research and any other data collection
techniques which offer qualitative information about the case. According to Creswell
(2009) narrative research is a strategy of inquiry in which the research studies the life
of individuals and asks one or more individual to provide stories about their lives. This
information is then often retold or restored by the researcher into the narrative
chronology.

Dawson (2002) explained that ethnography has its roots in anthropology and was a
popular form of inquiry at the turn of the century when anthropologists travelled the

30 | P a g e
world in search of remote tribes. The emphasis in ethnography is on describing and
interpreting cultural behavior. Ethnographers immerse themselves in the lives and
culture of the group being studied, often living with that group for a prolonged period
of time. These researchers participate in group activities whilst observing its behavior,
taking notes, conducting interviews, analyzing, reflecting and writing reports. The
research process is flexible and typically involves contextually in response to the lived
realities encountered in the field setting. Phenomenological research is a strategies of
inquiry in which the researcher identifies the essence of human experiences about the
phenomenon as described by participants (Creswell, 2009). Understanding the lived
experiences marks phenomenology as a philosophy as well as method, and the
procedure involves studying a small number of subjects through intensive and
prolonged engagement to develop patter and relationships of meaning. Finally Dawson
(2002) defined that grounded theory is a strategy of inquiry which was first laid out in
1967 by two researchers named Glaser and Strauss. The emphasis in this strategy is on
the generation of theory which is grounded in the data (which means it has emerged
from the data). In grounded theory, methods such as focus groups and interviews tend
to be the preferred data collection method, along with a comprehensive literature
review which takes place throughout the data collection process.

Qualitative research uses data collection methods such as interviews, participant

observation, open ended questioners, documentary and audiovisual materials studies
and finally the findings are conveyed subjectively through descriptions using words
rather than numbers. This means, in qualitative research the main emphasis is on
description and inductive discovery of evolving theory that may arise after observation
is carried out or data is collected.

Like that of quantitative research method, qualitative research approaches has its own
strengths and weaknesses. The advantage of a qualitative research approach is that it
provide a more realistic feel of the world that cannot be experienced in the numerical
data and statistical analysis used in quantitative research. It is flexible ways to perform
data collection, subsequent analysis, and interpretation of collected information.
Further, it provides a holistic view of the phenomena under investigation and the

31 | P a g e
researcher have an ability to interact with the research subjects in their own language
and on their own terms.

Despite the above advantage, qualitative research design has its own limitations. First,
it required much time for data collection, analysis and interpretation i.e., the researcher
has to spend a considerable amount of time in the research setting in order to examine
holistically and aggregately, the interactions, reactions and activities (Babbie, 1995).
Second, lack of standardized rules in the research design and the emphasis on giving
meanings and interpretations to events and things reduces the objectivity. Third, in
qualitative research the researches arrives on different conclusions based on the same
information depending on the personal characteristics of the researcher (subjectivity)
and inability to investigate causality between different research phenomena. Four, the
findings of qualitative research cannot be statistically generalized for a broader
population of interest for it is based on a small and unrepresentative number of
investigated cases.

3.2.3 Mixed Research Approaches

Triangulation is about exposing potentially conflicting perspectives to analysis and

showing that data can be integrated and cross-referenced to highlight consistency.
Pervez and Kjell, (2005) stressed that to enhance validity, there is a need to collect or
analyze data through triangulation and where correctness or precision is important.
Hence, it is quite logical to collect information through different methods and angles.
Babbie (1995) mentioned that a combination of qualitative and quantitative approaches
should be viewed as an acceptable methodological approach for research occupying a
variety of epistemological positions.

Creswell (2009) defined that mixed approach is one in which the researcher tends to
base knowledge claims on pragmatic grounds (e.g., consequence-oriented, problem-
centered, and pluralistic). It employs strategies of inquiry that involve collecting data
either simultaneously or sequentially to best understand research problem. The data
collection also involves gathering both numeric information (e.g., on instruments) as
well as text information (e.g., on interviews) so that the final database represents both

32 | P a g e
quantitative and qualitative information. As a result, when methods are combined, the
advantages of each methodology complement those of the other, making a stronger
research design that will yield more valid and reliable findings. Indeed, the
inadequacies of individual methods are reduced.

In general, according to McKerchar, (2008) the choice among the three research
approaches is guided by mainly the research problem apart from the underlying
philosophy of each research method. That is, whether the research problem is based on
a framework developed deductively through a review of the literature and prefigured
information to be collected in advance of the study or to allow it to emerge from
participants in the project or both.

3.3 Research Methods Adopted and Technique

This study was incorporated both quantitative and qualitative research approaches
(mixed methods) in order to generate the advantage of both approaches. And to address
different objectives of the study, which cannot be achieved by a single method.
McKerchar, (2010) argues that “each strategy has its strength and weaknesses and the
drive for mixed method research is to use one strategy to either inform, validate or
compensate for the weaknesses of another”.

3.3.1 Quantitative Aspect-Survey Design

To gather data relevant for internal audit practice in SRS government public sector
offices a survey method was adopted with self-administered questionnaire.

survey design in the study, helpful in order to represents a wider population, provides
descriptive, inferential and explanatory information, gather data on an economical and
efficient, or gathering of information that will not available from archive records. As
well as to make inferences. In this regard Fowler, (1984) noted that the strengths of
survey methods that result in their wider use included the value of statistical sampling,
consistent measurement, and the ability to obtain information not systematically
available elsewhere.

33 | P a g e
Furthermore, from a different type of survey for this study, a researcher was used self-
administered questionnaires. When we see the self-administered questionnaires has the
advantage of scanning a wide field of issues, population, programs etc. with low cost.

3.3.2 Qualitative Aspect: Semi-structured Interview

Self-administered questionnaires was used to describe what is happening within a

study area. Qualitative method mainly includes three kinds of data collection: in-depth
interview, direct observation and written documents (Patton 2003). For this study, data
collected through semi structured interview.

Semi-structured Interview

An interview is a purposeful discussion with two or more people, and helps the
researcher to gather valid and reliable data that are relevant to achieve research
questions and objectives. Interviews may be structured (using standardized questions
for each respondent), semi-structured, and unstructured conversations (Saunders et al.
2003). Structured interview uses pre-established questions, asked in a predetermined
order, using a standard mode of delivery.

On the other hand, unstructured interview attempts to draw out information, attitudes,
opinions, and beliefs around particular themes, ideas, and issues without the aid of
predetermined questions (Leary, 2004).

As Dowson (2002) noted, semi-structured interview helps the researcher to utilize the
advantage of both structured and unstructured interview, so that the interview remains
flexible and other important information can still arise.

This study was adopted semi-structured interview to explore the data that is unclear for
the researcher and the information that was not be collected through survey and
document analysis. The interview was with financial control support process owners
(Head of Internal Audit) of the respective government public sector offices.

34 | P a g e
Documentary Analysis

Document analysis is the collection review, interrogation, and analysis of various forms
of text as a primary source of research data. It refers to both a data collection method
and a mode of analysis (Leary, 2004).

Document analysis is a tool that may be conducted using documents such as written
materials, organizational or program records, official publications and reports,
newspapers, a minutes of meeting, and personal documents (diaries, artistic works,
letters, photographs and journals) (Patton, 2003).

As Creswell, (2009) noted, use of documentary analysis has its own strengths and
limitations.

The strengths are enables the researcher to obtain the language and words of
participants, can be accessed to the researcher at a time conveniently, represents data
which are thoughtful and economical. Whereas, the limitations include incompleteness,
lack of accuracy, requires transcribing or optically scanning for computer entry, not all
people are equally articulate and perceptive, and may be protected from private access.
In addition to the data obtained through other methods, this study was employed
documents analysis such as reports, manuals, journal articles, newspapers, internet,
proceedings and other relevant materials. Besides, internal audit standards of the
Ethiopian government, specified in the manual closely match those published by the
Institute of Internal Auditors Therefore, both internal audit standards of Ethiopian
government and ISPPIA were used for this study.

Sample Design

Sampling is the process or technique of selecting a suitable sample for the purpose of
determining parameters or characteristics of the whole population. Regarding to this
Paula et al. (2001) noted that, sampling refers to drawing a sample or selecting a
subset of elements from a population. The design of a sampling strategy is an
important issue for a research study and it can be a powerful tool for accurately

35 | P a g e
measuring opinions and characteristics of a population. The usual goal in sampling
is to produce a representative sample. As it is stated by Paula et al. (2001), a perfect
representative sample would be a mirror image of the population from which it was
selected.

There are two main types of sampling procedures: probability sampling and purposive
sampling. Choosing the type of sampling technique depends upon the area of research,
research methodology, and preference of the researcher (Dawson, 2002). Probability
sampling involves selecting elements randomly in that the selection of any one element
is independent of the selection of the other elements while purposive sampling is used
to make description rather than generalization (Dawson, 2002). As stated above, the
results of the study would be generalized. In addition to this, the researcher believed
that all units of the sample frame provide similar information for the study. Therefore,
probability sampling is employed.

There are different methods of probability sampling. Among this, stratified random
sampling was applied to conduct this research work. Stratified random sampling is a
technique which attempts to restrict the possible samples to those which are less
extreme by ensuring that all parts of the population are represented in the sample in
order to increase the efficiency. In line with this, Louis et al. (2000) and Catherine
(2002) stated that stratified sampling involves dividing the population into
homogenous groups, each group containing subjects with similar characteristics.
Therefore, the researcher to choose stratified random sampling for the current study.

Therefore, according to Somali regional state of Ethiopia three year progress report
(EFY 2003- EFY2005), the region has 9 administrative zones consisting of 68 woredas
(districts), 4 city councils and 47 regional sector bureaus with 101 internal audit staffs
that consist 27 regional sector bureaus, 16 regional inspection staffs that is under
BOFED and 58 woredas internal auditing department staffs so that the study population
was the total internal audit staffs in the region, & that was population eligible for the
study. These sector offices are selected purposively, because the use of purposive

36 | P a g e
sampling enables the researcher to generate meaningful insights that help to gain a
deeper understanding of the research phenomena by selecting the most informative
participants that is satisfactory to its specific needs.

As aforementioned above sampling procedure employed in this study was stratified

method. During the stratification process, the researcher stratified the population
in different groups based on the levels in the region. The researcher was categorize
population of the study in to three groups based on their level of government.
Researcher grouped in to three different groups A up to C that means regional sector
bureaus, woredas (districts) level and city council and inspection department because
they are different in terms of scope of work, professional qualification because most of
woredas and city council internal audit staffs was diploma level. Inspection department
staffs the scope of their work is more than others due to performing internal audit
supervision and other related activities, conducting conference two times a year,
making capacity training on the woredas auditors. Therefore, researcher grouped “A”
up to grade “C” (i.e. Group A represented Regional sector bureaus with 47 internal
audit staffs, “B” worades (districts) level with 58 internal audit staffs, “C” regional
inspection department with 16 staffs controlled by BoFED) to heterogeneities groups
of the population of the study.

Sampling frame is a complete list of the study population. For this study, the sampling
frame was all internal auditors in the Somali regional state government sector. All
internal auditors employed until the conduct of the survey are included in the sample
frame. The total number of internal auditors were 101 until the conduct of the survey.

Determination of economical sample size is a major challenge for a researcher in

conducting a survey (Bordens and Abbott, 2005). There is no a standard rule for the
determination of sample size. Both large and small sample sizes have their own
limitations. Too large a sample might become unwieldy and too small a sample might
be unrepresentative. What matters in the determination of sample size is
representativeness of the sample to a population. Therefore, from the total population

37 | P a g e
of 101 in the sampling frame, a sample of 80 respondents was selected using Taro
(1967) sampling formula with considering 95% level of confidence. Thus, accordingly
the participants are grouped according into three categories. Namely i.e. internal
auditors of regional bureaus a sample of 21 were selected randomly, woreda level
internal auditors a sample of 46 were selected randomly and regional inspection
department staffs a sample of 13 of respondents were selected randomly. Total sample
size of 80 internal auditors was considered for this study and distributed structured
questionnaire. Also 10 financial support process owners were interviewed.

Data Collection

The study was investigated internal audit practice in SRS government public sector
offices. The study was used both primary and secondary sources of data, the primary
sources of data was obtained from closed ended self-administrated questionnaires and
semi structured interviewing with financial control support process owners (internal
audit heads) of the respective government public sector offices.

The questionnaires adopted and modified was from the prior author (Mihret and
Yismaw, 2007. The questionnaire administered was distributed on randomly selected
internal auditors and the financial control support process owners were interviewed.
The interview enabled the researcher to capture and ascertain both subjective and
objective facts. Thus, face to face interview is important in order to increase probability
of response rate and flexibility in extracting more qualitative information.
Secondary data was obtained from documents, reports, journals, proceedings, bulletins,
Internet, periodicals, various books and other relevant materials.

Analysis Method

Both quantitative and qualitative data analysis method was used. Based on the nature
of the data collected through questionnaires, interview the following procedures and
statistical tools was employed.

38 | P a g e
The data that collected through questionnaires was analyzed using the SPSS version
15.0 (statistical package for social science) for descriptive statistics while result from
in-depth interviews with financial control support process owner and document
analysis was presented to support to descriptive statistics from survey result.

3.4 Conclusions

In this chapter, research methodology options available to a researcher including

quantitative, qualitative, and mixed method approach each using different knowledge
claims, strategies of inquiry, and methods of data collection and analysis are discussed.
The link of research questions and research methods adopted in this particular study is
also presented with proper justification in method selection in line with the strength
and weakness of each research method. Mixed research design is opted for the study
that helps the researcher to achieve the research objectives, and the required data is
collected through survey questionnaire, in-depth interview and documentary analysis.

39 | P a g e
 Chapter Four

4. Results and Discussions

In the previous chapter, the research methodology has been discussed, and the methods
adopted for the study to attain the objectives have been stated. This chapter presents
the results and discussion of the data collected using different methods. The chapter is
organized in two sections first section presents the results of the study that have been
collected through different methods adopted and discussion of the results followed by
the of conclusions on the chapter in the section two.

4.1 Organizational Policy Authorizing Internal Audit

Under this title is discussed organizational policy authorizing internal audit in SRS
government public sector offices.

4.1.1 Availability of Audit Charter

As it shown Figure 4.1 respondents were asked whether they have audit charter or not,
52 (65%) of the respondents were responded that audit charter is available in their
department, remaining 28 (35%) of respondents responded that they don’t have audit
charter in their audit department.

Figure 4.1 Do You Have Audit Charter

Yes
No

28
35.00%
52
65.00%

Source: Survey results

40 | P a g e
 Table 4.1 Descriptive Statistics of Organizational Policy Authorizing IA

N Mean Std. Deviation

Internal audit activities Comply 80 4.38 .663

with the IIA's standards
authority of internal audit is clearly
defined 80 4.45 .634

authority of internal audit is in line

with standards for the professional
80 4.13 .817
practice formulated by IIA

Document defining internal audits

purpose & authority is approved
80 3.20 1.130
by board of directors or audit
committee
Valid N (list wise) 80
Source: Survey results

Note: N- number of respondents; response measurements...….5 – Strongly agree, 4 –

Agree, 3 – Neutral, 2 – Disagree, 1 – Strongly disagree
___________________________________________________________________

In addition to the above figure 4.3 respondents were other four questions. The mean
response of four questions under organizational policy authorizing internal audit were
more than 4.00 and the standard deviation were also less than 1.00, except last question
which states document defining internal audits purpose & authority is approved by
board of directors or audit committee with mean response of 3.20 and standard
deviation of more than 1.13, Which indicates that the respondents perception were
close to one other except last question. Moreover, internal auditors SRS government
public sector offices were asked during the interview internal audit activities and
authority Comply with the IIA's standards and they responded that it is comply with
the IIA's standards.

41 | P a g e
Based on table 4.1 questionnaire responses and interview evidence revealed that the
internal audit activities comply with the IIA's standards, authority of internal audit is
clearly defined and authority of internal audit is in line with standards for the
professional practice formulated by IIA. Besides they were said document defining
internal audits purpose and authority is approved by board of directors or audit
committee is neutral. Therefore, Organizational policy authorizing internal audit is in
line with standard formulated by IIA. Similarly, According to ISPPIA attribute
standards no.1000 it requires the purpose, authority, and responsibility of the internal
audit activity must be formally defined in an internal audit charter, consistent with the
definition of internal auditing, the code of ethics, and the standards. The chief audit
executive must periodically review the internal audit charter and present it to senior
management and the board for approval. This is in line with research conducted by
Junio-Sabio, (2013)

4.2 Auditee Cooperation

In this title it presented auditee cooperation to the internal audit in SRS government
public sector offices.

Table 4.2 Descriptive Statistics of Auditee Cooperation

N Mean Std. Deviation

internal auditors have full access to records and
information they need in conducting audit 80 2.15 .797

internal audits receive full cooperation from

auditees 80 2.08 1.111

The management of your organization has a

commitment to add value to internal audit function 80 2.15 1.181

Valid N (listwise) 80
Source: Survey results
Note: N- number of respondents; response measurements...….5 – Strongly agree, 4 –
Agree, 3 – Neutral, 2 – Disagree, 1 – Strongly disagree
___________________________________________________________________

42 | P a g e
The mean response of three questions regarding to the auditee cooperation to internal
audit were more than 2 and the standard deviation were also more than 1.00 except
first question which indicated internal auditors have full access to records and
information they need in conducting audit and the standard deviation were 797.
Therefore, except first question respondent’s perception were not close to one other.
Based on table 4.2 results internal auditors in SRS government public sector offices
disagreed with existence of audit cooperation from auditee in terms of the internal
auditors to have full access to records and information they need in conducting audit,
internal audits receive full cooperation from auditees, and the management of their
organizations have a commitment to add value to internal audit function. On the other
hand, respondents were asked during the interview whether they get any cooperation
from auditee and they responded that there is no cooperation from auditee when they
are doing their responsibilities. The study revealed that selected public sector offices
internal audit is not getting any cooperation from auditees. This is in line with research
conducted by Mihret and Yismaw, (2007), Alzeban and Sawan, (2013), Onumah and
Krah, (2012), and Malaysia by Ali et al. (2004).

4.2.1 Extent the Management and Other Organs Support,

Understand and Appreciate the Role of Internal Audit
Function in Good Governance.

In addition to the above table 4.2 respondents were asked extent of management and
other organs support, understand and appreciate the role of internal audit function in
good governance. As depicted figure 4.4 out of the 80 respondents 4 (5%) respondents
were responded very high, 2 (2.5%) were responded high, 14(17.5%) were responded
medium, and the remaining 60 (75%) respondent were responded low. Furthermore,
interview result from respondents indicated that management and other organs did not
support, understand the role of internal audit function in the good governance.
Therefore, figure 4.2 result indicated the extent of management and other organs
support, understand and appreciate the role of internal audit function in good
governance is low. This is in line with research conducted by Mulugeta, (2008).

43 | P a g e
Mihret and Yismaw, (2007), Alzeban and Sawan, (2013), Onumah and Krah, (2012),
and Malaysia by Ali et al. (2004).
Figure 4.2 Extent the Management and Other Organs Support, Understand
and Appreciate the Role of Internal Audit Function in Good Governance.
60

50

40
Frequency

60
30
75.00%

20

10
14
4 2 17.50%
5.00% 2.50%

0
Very high High Medium Low

Source: Survey results

4.3 Independence and Objectivity of Internal Audit

There were six questions under the independence and objectivity of internal audit, only
two questions out of five which were internal audit is free from intervention in
performing its duties and internal auditors feel free to include any audit findings in their
audit reports, had a mean response of 2.00 and standard deviation of more than 1.00.

44 | P a g e
Table 4.3 Descriptive Statistics of Independence and Objectivity of Internal Audit
Std.
N Mean Deviation
Internal auditors sufficiently detached from
80 2.85 1.303
functional areas to guarantee its independence
Internal audit is free from intervention in
80 2.00 1.006
performing its duties
Internal auditors feel free to include any audit
80 2.25 1.227
findings in their audit reports
Internal auditors provides reports to the board of
80 3.30 1.391
directors or audit committee
The board of directors or audit committee
80 3.30 .960
oversees employment decisions in internal audit
Internal audit assignment are rotated
periodically 80 1.38 .848
Valid N (listwise) 80
Source: Survey results
Note: N- number of respondents; response measurements....5 – Strongly agree, 4 –
Agree, 3 – Neutral, 2 – Disagree, 1 – Strongly disagree
____________________________________________________________________
The remaining the four questions three of them which were internal auditors
sufficiently detached from functional areas to guarantee its independence, internal audit
provides reports to the board of directors or audit committee and the board of directors
or audit committee oversees employment decisions in internal audit were a mean
response of is around than 3.00 and standard deviation of all questions were more than
1.00 except last question which states the board of directors or audit committee
oversees employment decisions in internal audit with standard deviation of less than
1.00. Additionally, last question which were internal audit assignment are rotated
periodically were a response mean of more than 1.00 standard deviation of .848. All
six questions except last two questions their standard deviation were more than 1.00.
This shows that all above questions except last two is far away from one other.
Furthermore, interview result from respondents showed internal auditors are not free
from intervention in performing its duties, internal auditors not feel free to include any
audit finding in their audit report and there is no internal audit assignment rotation in a
periodically.

45 | P a g e
The implication of the above table 4.3 result showed the internal auditors agreed that
internal audit is not free from intervention in performing its duties and internal auditors
are not feel free to include any audit findings in their audit reports. Besides, internal
auditors said it is neutral that the internal auditors sufficiently detached from functional
areas to guarantee its independence, internal audit provides reports to the board of
directors or audit committee and the board of directors or audit committee oversees
employment decisions in internal audit. Also internal auditors strongly disagree that
internal audit assignment are rotated periodically. But According to ISPPIA attribute
standards no.1100- The internal audit activity must be independent, and internal
auditors must be objective in performing their work.
Therefore, we can conclude that internal audit in the region is not free from intervention
in performing its duties, internal auditors not feel free to include any audit finding in
their audit report and there is no internal audit assignment rotation in a periodically.
But internal audit provides reports to the board of directors or audit committee and the
board of directors or audit committee oversees employment decisions in internal audit.
This is in line with research conducted by Kedir et al., (2014), Fekadu, (2009), Mihret
and Yismaw, (2007), Shamsuddin et al, (2014), Alzeban and Sawan, (2013).

4.4 Proficiency and Scope of Internal Audit

This section presents result analysis and discussion for the proficiency and scope of
internal audit of internal audit in the SRS government public sector offices.

4.4.1 Proficiency of internal audit

Under this subsection its presented proficiency of internal audit in SRS government
public sector offices.

46 | P a g e
 4.4.1.1 Do the IA department is large enough to successfully carry
out it

Results in below figure 4.3 shows that respondents were asked to level their
agreement about the internal audit department large enough to successfully carry
out their duties. 10(12.5%), of the total respondents were noted that internal audit
department is large enough to successfully carry out their duties. The remaining
70(87.5%) were responded that their department are not large enough to
successfully carry out its duties. additionally, during interviewing financial control
support process owner were asked whether internal audit department is large
enough to successfully carry out its duties they responded that internal audit
department is not in able to carry out its duty. Therefore, from the result we can
conclude that internal audit department is not large enough to successfully carry
out their duties.

Figure 4.3 Do the IA Department is Large Enough to Successfully Carry out

its duties?

12.50% Yes
No

87.50%

Source: Survey results

In addition to the above result in figure 4.3 respondents were asked whether internal
audit department has progressed in terms of numbers of staffs and qualified staffs.

47 | P a g e
 Table 4.4 Do you Think that the Organization's IA department or divisions
has Progressed in Terms of Numbers of Staffs and Qualified of staffs
Do you think that the organization's audit department Frequency Percent
or divisions has progressed in terms of numbers of
staff
Valid Unnecessary number of staff 0 0
Sufficient 0 0
Not sufficient 76 95
Medium 4 5
Very low 0 0
Almost no 0 0
Total 80 100
Do you think that the organization's audit department
or divisions has progressed in terms of Qualified of
staff
Valid Highly qualified 1 2.5
Qualified 24 60
Medium 13 32.5
Unqualified 2 5.0
Total 40 100
Source: Survey results
As described in the table 4.4 respondents were asked the their organization audit
department or divisions has progressed in terms of number of staffs and appropriately
the qualification their staffs, regarding to the number of staffs 76 (95%) of the
respondents assured the is no existence of sufficient staffs, whereas, 4 (5%)
respondents said medium, in relation to the qualification of the staffs of audit
department or divisions in their organization. 2 (2.5) % of the respondents assured
progress of their audit division in terms of number of staff are highly qualified. Besides
48 (60%) respondents said their department has qualified staff. However, the other 26
(32.5%) respondents believed that their department is medium to appropriately
qualified staffs. However, the remaining 4 (5%) believed that their department is
unqualified staffs. Therefore we can conclude that more than 50% of respondents were
said there is a lack of number of staffs but there is qualified staffs in their audit
department. Therefore, finding revealed that internal audit department or divisions in
the region has progressed in terms of number of staffs but the staffs are appropriately
the qualified.

48 | P a g e
Finally, in addition to the above three questions, there were seven questions under
proficiency of internal audit four questions out of seven questions respondents were
agreed that were there is complete internal audit manual, Adequate short term training
is arranged for internal auditors each year, internal audit has policies for training of
internal audit staff, and Internal auditors possess sufficient experience to understand
the organizations systems were their mean response is more than 4.00 and standard
deviation of less than 1.

Table 4.5 Descriptive Statistics of Proficiency of Internal Audit

Std.
N Mean Deviation
Internal audit obtains a sufficient budget to 80
successfully carry out its duties 1.48 .927

Internal auditors possess sufficient experience to 80

understand the organizations systems 4.15 .797

internal audit staffs possess knowledge & skills 80

in a variety of areas beyond accounting & 2.40 .739
finance as necessary
internal audit has policies for training of internal 80
4.28 .811
audit staff
internal auditors undertake continuous 80
professional development activities 2.43 .868

Adequate short term training is arranged for 80

internal auditors each year 4.50 .503

There is a complete internal audit manual to 80

4.23 .968
guide internal audit work
Valid N (listwise) 80
Source: Survey results
Note: N- number of respondents; response measurements...….5 – Strongly agree, 4 –
Agree, 3 – Neutral, 2 – Disagree, 1 – Strongly disagree
____________________________________________________________________

The two of the three remaining questions were a mean response of more than 2.00 and
standard deviation of more than 1 which states internal audit staffs possess knowledge
& skills in a variety of areas beyond accounting & finance as necessary and internal

49 | P a g e
auditors undertake continuous professional development activities. The remaining last
question which states internal audit obtains a sufficient budget to successfully carry out
its duties respondents were disagree and had mean response of 1.48 and standard
deviation of 0.933. Also result revealed all responses have standard deviation of less
than 1.00 which indicates that the respondents perception were close to one other.

According to ISPPIA attribute standards No.1210 requires internal auditors should

possess the knowledge, skills and other competencies needed to perform their
individual responsibilities. Accordingly the implication of the above table 4.5 result
showed that there is complete internal audit manual in auditing department, adequate
short term training is arranged for internal auditors each year, internal audit has policies
for training of internal audit staff, and Internal auditors possess sufficient experience
to understand the organizations systems. But there is lack of budget to the internal audit
to successfully carry out its duties, internal audit staffs are not possess knowledge &
skills in a variety of areas beyond accounting & finance as necessary and internal
auditors do not undertake continuous professional development activities. This is in
line with research conducted by Mihret and Yismaw, (2007), Fekadu, (2009),
Mulugeta, (2008), Kedir et al., (2014), Alzeban and Sawan, (2013), Brierley et al.
(2001), Onumah and Krah, (2012), Van Peursem (2004), Ali et al. (2004), and Junio-
Sabio, (2013).

4.4.2 Scope of Internal Audit Work

As depicted in figure 4.4 shows that almost all 80(100%) of the respondents were
responded that their audit scope included financial audit. 38 (47.5%) of respondents
said that Internal control is involved the scope of their auditing activities. Also 4 (5%)
of respondents responded that operational audit activities is included their audit scope.
also 50 (62%) respondents said that compliance audit is among internal audit scope of
their organization. Moreover, 2 (2.5%) IT Audit comprised scope of the internal audit
in their organization. 20 (25%) respondents said fraud investigation were among their
audit scope. Moreover, interview result from financial control support process owners
indicated that the internal audit scope in the SRS government public sector is more of

50 | P a g e
financial audit and compliance audit while IT audit, operational audit is not include yet
the scope of the internal audit in the region but they take first training on operational
audit and future it will include scope of the internal audit in the region.

Generally it was found that financial audit and compliance audit is part of internal audit
the scope of internal audit in the region, while internal control, operational audit, IT
audit and fraud investigation are not included internal audit scope activities of the
region. In addition to this interview responded revealed that internal auditor in the
region were not taken operational audit training before but first operational training
were taking during when researcher collecting data (March, 18, 2015). But according
to ISPPIA performance standards No.2110.A1 requires that the internal audit activity
must evaluate the design, implementation, and effectiveness of the organization’s ethics-related
objectives, programs, and activities. This is in line with research conducted by Mulugeta,
(2008), Kedir et al. (2014), Mihret and Yismaw, (2007), Alzeban and Sawan, (2013),
and Onumah and Krah, (2012).

Figure 4.4 Scope of internal audit work

90
80
80
70
60
50
50
38
40
30
20
20
10 4 2 2.50%
100% 47.50% 5% 62% 25%
0
Financial Audit Internal Operational Compliance IT audit Fruad
Control audit Audit investgation

Source: Survey results

4.5 Reporting Follow-up and Quality Review

Under this title it presents reporting follow-up and quality review of internal audit.

51 | P a g e
 Table 4.6 Descriptive Statistics of Reporting Follow-up and Quality Review of IA
Do the internal audit supervisor or manager supervises field work Frequency %
Valid Yes 48 60.0
No 32 40.0
Total 80 100
Is an internal audit supervisor reviews internal audit working papers
Valid Yes 54 67.5
No 26 32.5
Total 80 100
Do the internal auditors follow up implementation of corrective actions
relating to audit findings
Valid Yes 52 65
No 28 35
Total 80 100
Do the internal audit findings are discussed with auditees before being
reported
Valid Yes 46 57.5
No 34 42.5
Total 80 100
Is there corrective action plan is agreed with management before the
report is issued
Valid Yes 42 52.5
No 38 47.5
Total 80 100
is the management takes timely corrective action based on internal audit
recommendations
Valid Yes 60 75.0
No 20 25.0
Total 80 100
Does internal auditing have a quality assurance program
Valid Yes 0 0
No 80 100
Total 80 100
Does it have a plan to undergo an external quality assessment every five
years as required by the standards
Valid Yes 0 0
No 80 100
Total 80 100
Source: Survey results

According to ISPPIA performance standards No.2500 – monitoring progress requires

that the chief audit executive must establish and maintain a system to monitor the
disposition of results communicated to management. Accordingly, as depicted on table

52 | P a g e
4.6, respondents were asked to judge whether the internal audit supervisor or manager
supervises field work or not. The result was presented in Table 4.6, it shows 48 (60%)
of the respondents said the internal audit supervisor or manager supervises field work,
the remaining 32 (40%) respondents responded that internal audit supervisor or
manager do not supervises field work.

Moreover, from table 4.6 also respondents were asked whether an internal audit
supervisor reviews internal audit working papers or not. 54 (67.5%) of the respondents
have responded that internal audit supervisors reviews internal audit working papers.
while remaining 26 (32.5%) respondents said internal audit supervisors do not review
internal audit working papers. Also from the above 4.6 table respondents also were
asked whether the internal auditors follow up implementation of corrective actions
relating to audit findings or not. As result revealed in the above table 4.6 it shows that
52 (65%) of respondents said the internal auditors follow up implementation of
corrective actions relating to audit findings. Whereas the remaining 28 (35%)
respondents said that internal auditors do not follow up implementation of corrective
actions relating to audit finding. The respondents were also asked whether the internal
audit findings are discussed with auditee before being reported or not. Out of total
respondents 46 (57.5%) said that they are discuss with auditee to the audit findings
before being reported, while 34 (42.5%) of respondents said that they are not discus
with auditee any audit finding before being reported.

In addition, the respondents were asked whether there is corrective action plan is agreed
with management before the report is issued. As shown in the above table 42 (52.5%)
respondents said there is corrective action plan agreement with management before the
report is issued, while 38 (47.5%) of the respondents said there is no corrective action
plan agreement with management before the report is issued. Therefore, as it revealed
in the finding more than 50% of respondents responded there is corrective action plan
agreement with management before the report is issued. When the respondents asked
is the management takes timely corrective action based on internal audit
recommendations. Out of the total respondents 60 (75%) of the respondents responded

53 | P a g e
that the management takes timely corrective action based on internal audit
recommendations, while remaining 20 (25%) respondents responded that the
management do not take corrective action based on internal audit recommendations.

According to ISPPIA attribute standards No.1300 quality assurance and improvement

program, this program is designed to enable an evaluation of the internal audit
activity’s conformance with the definition of internal auditing and the standards and an
evaluation of whether internal auditors apply the code of ethics. The program also
assesses the efficiency and effectiveness of the internal audit activity and identifies
opportunists for improvement. Accordingly, respondents were asked whether quality
assurance program is available or not and fully 80(100%) they were responded that
there is no quality assurance program in audit department in their organizations.

Moreover, interview result from financial control support process owners indicated that
there is reporting follow-up but quality assurance program in auditing department is
not available in the region.

Therefore, the implication of the above table 4.6 result indicated that there is reporting
follow-up internal audit in the SRS, internal audit findings are discussed with auditees
before being reported, corrective action plan is agreed with management before the
report is issued and management takes timely corrective action based on internal audit
recommendations but there is no quality assurance program. This is in line with
research conducted by Fekadu, (2009), Kedir et al., (2014), Okibo & Kamau, (2012),
and Sarens and Mohammad, (2011)

4.6 Audit Planning

Under this sub title it was presented and discussed audit planning relating data from
questionnaires and interview results.

54 | P a g e
Table 4.7 Audit Planning

Is annual internal audit plan is prepared Frequency Percent

Valid Yes 76 95.0
No 4 5.0
Total 80 100.0
Is risk assessment is done as part of audit planning
Valid Yes 6 7.5
No 74 92.5
Total 80 100
Is internal audit plan is based on your organization
risk profile
Valid Yes 0 0
No 80 100
Total 80 100
Does internal auditing have a quality assurance
program
Valid Yes
No 80 100
Total 800 100
Does it have a plan to undergo an external quality
assessment every five years as required by the
standards
Valid Yes
No 80 100
Total 800 100
Source: Survey results

According ISPPIA performance standards No. 2010 requires that the chief audit
executive must establish a risk-based plan to determine the priorities of the internal
audit activity, consistent with the organization’s goals. As presented above table 4.7
respondents were asked whether annual internal audit plan is prepared. Out of the total
respondents 76 (95%) respondents were responded annual internal audit plan is
prepared, remaining 4 (5%) were responded annual internal audit plan is not prepared.
Also Respondents were asked whether risk assessment is done as part of audit planning.
Only 6 (7.5 %) respondents said risk assessment is done as part of audit planning, while
almost 74 (92.5%) said risk assessment in not done as part of audit planning. Moreover,
respondents were also asked whether internal audit plan is based on their organization

55 | P a g e
risk profile. All respondents 80 (100%) said internal audit plan is not based on their
organization risk profile. Additionally interview result revealed that annual audit plan
is prepared in their offices but respondents said internal audit plan is not based on risk
profile of their offices.
From above result we can observe that annual internal audit plan is prepared, but risk
assessment is not done as part of audit planning. Additionally, internal audit plan is not
based on organizational risk profile of the region. Accordingly ISPPIA Performance
Standards No 2010.A1 requires that the internal audit activity’s plan of engagements
must be based on a documented risk assessment, undertaken at least annually. The input
of senior management and the board must be considered in this process. This is in line
with research conducted by Mihret and Yismaw, (2007),

4.7 Conclusions

The chapter has presented the results and discussions of the study along with the
interpreting of the result of the study. In the first section, presents the results of the
study that have been collected through different methods adopted, analyzed and
interpreted the results followed by the presentation of conclusions on the chapter in the
section two. The next chapter presents summary of finding, conclusions and
recommendations.

56 | P a g e
 Chapter Five

5. Summary of Findings, Conclusions and Recommendations

5.1 Introduction

The purpose of this chapter is to delineate the summary of findings, conclusion and
some recommendations. Overall, this chapter is to depict chapter 1 to 4 collectively
and to synthesize the contribution of this study through conclusion.

5.2 Summary of Findings

The objective of the study is to assess internal audit practice in SRS government public
sector offices. Descriptive statistics analyses was used. Based on these, the research
findings are summarized as follows.
The descriptive statistics showed that about 65% of survey respondents had bachelor
degree, while 32.5% hold Diploma, and 2.5% had a Master Degree. In terms of work
experience, majority 57% of the survey respondents had 1 to 3 years of work
experience while 8% had 3 to 5 years of experience. The rest 35% had 5 to 10 years.

The questionnaire results showed that internal audit activities in SRS government
public sector offices comply with the IIA's standards, authority of internal audit is
clearly defined, and authority of internal audit is in line with standards for the
professional practice formulated by IIA. But document defining internal audits purpose
and authority is not fully approved by board of directors or audit committee.

From the results of descriptive statistic showed that there is lack of support to the
internal audit unit from auditee and there is lack of management commitment to add
value to the internal audit function. Additionally, result showed majority of the
respondents 75% said that the extent the management and other organs support,
understand and appreciate the role of internal audit function in good governance is low.

57 | P a g e
From the descriptive statistic results showed that internal audit assignment are not
rotated periodically, internal audit is not free from intervention in performing its duties
and internal auditors are not feel free to include any audit findings in their audit reports.
Besides internal auditor provides reports to the board of directors or audit committee
and the board of directors or audit committee oversees employment decisions in
internal audit.

The descriptive statistics also indicates that there is complete internal audit manual in
auditing department, adequate short term training is arranged for internal auditors each
year, internal audit has policies for training of internal audit staff, and internal auditors
possess sufficient experience to understand the organizations systems. But, there is lack
of budget to the internal audit unit to successfully carry out its duties, internal audit
staffs are not possess knowledge & skills in a variety of areas beyond accounting &
finance as necessary and internal auditors do not undertake continuous professional
development activities.

It was also found that almost all 100% of respondents noted that their audit scope
included financial audit, 62% responded that their audit scope included compliance
audit, also 47.5% said their audit scope included internal control while respondents said
about their audit work scope included operational audit, and IT audit, and fraud
investigation were 5%, 2.5%, 10% respectively.

It was also found that 67.5% of the respondents believed that internal audit supervisors
reviews internal audit working papers. Whereas 65% of respondents said that the
internal auditors follow up implementation of corrective actions relating to audit
findings. Additionally 57.5% said that internal auditors discuss with auditees to the
audit findings before being reported. Around 52.5% respondents said there is corrective
action plan agreement with management before the report is issued. Also 75% of the
respondents believed that the management takes timely corrective action based on
internal audit recommendations but 100% of respondents noted there is no quality
assurance program in audit department in their organization.

58 | P a g e
From the result of descriptive statistics 95% respondents believed that annual internal
audit is prepared. While almost all of the respondents 92.5% said risk assessment is not
done as part of audit planning. Moreover, almost all respondents 95% also believed
internal audit plan is not based on their organizational risk profile.

5.3 Conclusion

Public sector offices are part of the public body which is partly or wholly financed by
government budget and concerned with providing basic government services to the
whole society. It is varied by their function and purposes, but in most cases, they are
designed in order to enable the public sectors to achieve their goals (MoFED, 2004).
IA effectiveness does play a role in ensuring effective management in public sector
(Enofe et al. 2013). Similarly, internal audit is considered as a value adding activity
in contemporary organizations (AlTwaijry, Brierley & Gwilliam 2003; Bou-Raad
2000; Roth 2002; Yee et al. 2008). Moreover, internal audit function has a positive
effect on the quality of financial reporting, on good government governance, and
quality of financial reporting has a positive effect on good government governance
Rahmatika, (2013).

The management support, the existence of adequate and competent IA staff, and the
availability of approved IA charter contribute for the internal audit effectiveness in the
public sector significantly and positively Hailemariam, (2014).

Although, the internal auditors have many roles and contributions to the organization
and the public interest, it also faces many challenges from the organization they work.
Some of the challenges identified by the Ministry of Finance and Economic
Development (2004), in their internal audit manual are lack of management respect,
lack of independence, assigned of internal auditors to many tasks and being ignored
(conflict of interest) and lack of professional development. The general objective of
this study was the examination of the internal audit practice in the Somali regional state
public sector offices.

59 | P a g e
To achieve the above research objectives a mixed research approach was adopted. The
main reason for used such approach is to alleviate the limitations of quantitative and
qualitative research approaches and to gather data that could not be obtained by
adopting a single method. Thus, the thesis used cross sectional survey on internal
auditors in the SRS government public sectors with structured questionnaire,
documentary analysis and in-depth interview with financial control support process
owners (internal audit department heads). Also, results analysis, the responses obtained
from survey of internal audit department staffs was tabulated and interpreted by using
SPSS version 15.0 through descriptive statistics while result from documentary
analysis and in-depth interviews with financial control support process owner was
presented to support to descriptive statistics from survey result.

In selected government public sector offices internal auditing practice has been seen
studied in terms of organizational policy authorizing internal audit, auditee
cooperation, independence and objectivity of internal audit, scope of internal audit
work, proficiency of internal audit, reporting follow-up and quality review, and audit
planning. All staffs in the internal auditing department of selected SRS government
public offices found to be organizational policy authorizing internal audit is in line with
standards. But there is lack of cooperation from auditee to the internal audit department.
Additionally study was found the extent of management and other organs support,
understand and appreciate the role of internal audit function in good governance is low.
In terms of independences and objectivity study was found internal audit is not free
from intervention in performing it duties and internal auditors are not feel free to
include any finding in to their audit report and there is a lack of internal audit
assignment rotation in a periodically. But internal audit provides reports to the board
of directors or audit committee and the board of directors or audit committee oversees
employment decisions in internal audit.

The proficiency of internal audit in terms of educational background, qualification and

experience. But the size of the IA staff is small, there is lack of budget to carry out
beyond financial and compliance audits. And also there is no possess knowledge &

60 | P a g e
skills in a variety of areas beyond accounting & finance as necessary and internal
auditors do not undertake continuous professional development activities.

The scope of the internal audit function did not yet go far to cover scope of internal
audit and much time is devoted in performing financial and compliance audits.

Regarding reporting follow-up and quality review there is reporting follow-up but there
is no quality review internal audit in the SRS. Also in relation to the audit planning
study revealed that annual internal audit plan is prepared. But risk assessment is not
done as part of audit planning. Additionally, internal audit plan is not based on
organizational risk profile of the region.

5.4 Recommendations

This section provides some recommendations as a solution to mitigate the operational

problems of internal audit practice in the SRS government public sector offices so that
to improve internal audit effectiveness. Therefore, the researcher has tried to provide
briefly the following recommendations:

I. To increase the internal audit effectiveness in the SRS government public sector
offices, auditee should support internal auditors in terms of full access to
records and information they need in conducting audit services, give full
cooperation and management of the government public sector should have
commitment to add value to internal audit function. Furthermore, senior
management government public sector should increase extent of management
and other organs support, understand and appreciate the role of internal audit
function in good governance.

II. As the ISPPIA attribute standards 1100 requires the internal audit activity must
be independent, and internal auditors must be objective in performing their
work. But the study found that internal audit in the region is not free from
intervention in performing its duties, internal auditors not feel free to include
61 | P a g e
 any audit finding in their audit report, there is no internal audit assignment
rotation in a periodically and also there is lack of budget to the internal audit
unit to successfully carry out its duties. Therefore, internal audit activity must
be independence and objectivity.

III. In relation to the proficiency according ISPPIA attribute standards no. 1200 -
proficiency and due professional care requires that engagements must be
performed with proficiency and due professional care. Hence, training
programs beyond accounting and finance, professional development to the
internal audit staffs in the SRS government public sector offices should be
developed and assigned resource they needed in performing their work to
enhance the effectiveness of internal audits in the government sectors.
Furthermore, as study finding revealed that financial audit and compliance audit
is part of internal audit the scope of internal audit in the region, while internal
control, operational audit, IT audit and fraud investigation are not included
internal audit scope activities of the region. Therefore, the internal audit activity
(internal audit unit) should be extended to the scope of internal audit defined
by institute of internal auditors.

IV. As required ISPPIA Attribute Standards no. 1300 – quality assurance and
improvement program requires the chief audit executive must develop and maintain a
quality assurance and improvement program that covers all aspects of the internal audit
activity. But none of the respective government public sector offices ’audit
department has quality assurance programs. Thus, CAE should be able to
develop quality assurance programs.

V. Finally, the internal audit staffs of the SRS government public sector offices
also recommended to work in accordance with the internal audit standard
formulated by MoFED and risk assessment should be done as part of audit
planning and also internal audit plan should be based on their organizational
risk profile.

62 | P a g e
References

Alzeban, A and Sawan, N (2013).The role of internal audit function in the public
sector context in Saudi Arabia. African Journal of Business Management Vol.
7(6), pp. 443-454, 14 February. pp. 444-448. ISSN 1993-8233.

Amanuddin, S. (2014, December). factors that determine the effectiveness of internal

audit functions in the malaysian public sectors. International Journal of
Business, Economics and Law,, 5(1).

Argaw, L., 2000, The State of Internal Auditing in Ethiopia-The way Forward to
Professionalism, Inaugural Ceremony of the Institute of Internal Auditors-
Ethiopian Chapter Addis Ababa) 21-37.
Bahram, C. (2007) An Introduction to Auditing And Assurance. In: Bahram, B.et al.
Auditing An International Approach. First edition. England. Pearson
Education Limited. PP.4-584.

Babbie E. 1995, ‘The practice of Social Research’, London Wadsworth, p.28.

Brierley, J. A., El-Nafabib, H. M., & Gwilliam, D. R. (2001). The Problems of

Establishing Internal Audit in the Sudanese Public Sector. International
Journal of Auditing.

Brown, D. L, & Jones, K. T. (2011). Audit experience, accounting education and

perceptions about the efficacy of Sarbanes-Oxley and the PCAOB. Journal of
Accounting and Finance, 11(2), pp. 58- 68.

Catherine Dawson, 2002, ‘Practical research methodology, A user-friendly guide

to mastering research techniques and projects’, how to books Ltd publisher,
United Kingdom.

Charles Guandaru Kamau, Samuel Kariuki Nduati, Agnes Ndinda Mutiso. Exploring
Internal Auditor Independence Motivators: Kenyan Perspective. International

63 | P a g e
 Journal of Economics, Finance and Management Sciences. Vol. 2, No. 2, 2014,
pp. 132-137.

Cohen, J., & Kida, T. (1989). The impact of analytical review results, internal control
reliability and experience on auditors' use of analytical review. Journal of
Accounting Research, 27(2), pp. 263 -276.

Creswell, J. W 2009, ‘Research design: Qualitative and quantitative approaches,

3rd ed, Sage Publications, London, UK

Mihret A. and Yismaw W, (2007),"Internal audit effectiveness: an Ethiopian public

sector case study", Managerial Auditing Journal, Vol. 22 Iss 5 pp. 470 – 484.

Dr A. O. Enofe,Dr C. J. Mgbame, V. E. Osa-Erhabor, A. J. Ehiorobo. (2013) the role

of internal audit in effective management in public sector. Research journal of
finance and accounting. Vol.4, No.6, pp. 166. ISSN 2222-1697.

Easterby-Smith, M, Thorpe R and Lowe, A. 1991, ‘Management Research: An

Introduction’ 1st ed, Sage Publication, London, pp: 23-25.

Fekadu, B. (2009). Internal Audit Practices: A Case of Ethiopian Governmental

Higher Educational Institutions for the Partial Fulfillment of MSC. In
Accounting and Finance. Addis Ababa: Addis Ababa University.

Fireston, W.A. 1987 Page 17, Source-

www.anderson.edu/acadamics/sot/guide/ch1.html (accessed 24, February
2011).

Fuersta, Michael E., Lawrence G. Goldberga, and Pere Gomis-Porqueras, Regulation

and Its Effect on Banking Industry Structure and Performance: Some Cross-
Country Evidence.

64 | P a g e
Gaballa, A. S. M, & Ning, Z. (2011). An analytical study of the effects of experience
on the perfor-mance of the external auditor. International Conference on
Business and Economics Research, 1, 169 -173.

Sarens G. and Mohammad A, (2011),"Factors associated with convergence of internal

auditing practices", Journal of Accounting in Emerging Economies, Vol. 1 Iss
2 pp. 104 – 122
Sue G. 2008, ‘Business research method’, ventures publication ApS, Swedish
institute, ISBN 978-87-7681-421-2.

Kedir H. et al. (2014, october). Internal auditing standards and its practice the case of.
Basic Research Journal of Business Management and Accounts, 3(6)(2315-
6899), 08-84.

Intakhan, P, & Ussahawanitchakit, P. (2010). Roles of audit experience and ethical

reasoning in audit professionalism and audit effectiveness through a moderator
of stakeholder pressure: An empirical study of tax auditors in Thailand. Journal
of Academy of Business and Economics, 10(5), 1-15.

Irvinn Gliem, Definition of Internal Auditing, Exposure draft January 1999.

Adams J, et al. (2007). Research Methods for Graduate Business and Social Science
Students. First edition. New Delhi. Sage Publications Inc. PP.26-50.

John A. Brierley, Hussein M., David R.Gwilliam (2001) The Problems of Establishing
Internal Audit in the Sudanese Public Sector. International Journal of Auditing.
Int. J. Audit. 5: 73-87.

Junio-Sabio, C. (2013, October 29). The state of internal audit practice in selected
philippine government agencies: basis for policy advocacy. International
Journal of Information Technology and Business Management, 18(2304-
0777).

65 | P a g e
Kaplan, S. E., et al (2008). The influence of auditor experience on the per-suasiveness
of information provided by management. Auditing: A journal of practice &
theory, 27(1), 67–83.

Van Peursem K, (2004),"Internal auditors’ role and authority", Managerial Auditing

Journal, Vol. 19 Iss 3 pp. 378 – 393.

Kinfu, 1990, 'Accounting and auditing in Ethiopia: an historical perspective', paper

presented to The First National Conference of Ethiopian Studies, Addis Ababa.
Knapp, C. A, & Knapp, M. C. (2001). The effects of experience and explicit fraud risk
assessment in detecting fraud with analytical procedures. Accounting,
Organizations and Society, 26, 25-37

Krah, J. M. (2012). Barriers and Catalysts to Effective internal audit in the Ghanaian
oublic sector, in Venancio, Tauringana, Musa Mangena. Accounting in Africa,
Volume 12 Part A, 177-207.

Leary, Zina 2004, The Essential Guide to Doing Research, Sage Publications, London,
UK.

Libby, R, & Frederick, D. M. (1990). Experience and the ability to explain audit
findings. Journal of Accounting Research, 28(2), 348 – 367.

Louis Cohen, Lawrence Manion, and Keith Morrison, 2000, ‘Research methods in
education’, 5th ed. Routledge Falmer Publisher, USA and Canada.

Marco Allegrini Giuseppe D'Onza Leen Paape Robert Melville Gerrit Sarens,
(2006),"The European literature review on internal auditing", Managerial
Auditing Journal, Vol. 21 Iss 8 pp. 845 – 853.

66 | P a g e
McKerchar, M 2008, ‘Philosophical paradigms, inquiry strategies and knowledge
claims: applying the principles of research design and conduct to taxation’,
E-Journal of Tax Research, 6(1):5-22.

Mihret D. et al., (2007) internal audit effectiveness: an Ethiopian public sector case
study. Managerial Auditing Journal, 22 (5). pp. 470-484. ISSN 0268-6902.

Mu’azu Saidu BADARA1, S. Z. S. (2013). "The Relationship between Audit

Experience and Internal Audit Effectiveness in the Public Sector
Organizations." International Journal of Academic Research in Accounting,
Finance and Management Sciences 3(2225-8329): 329–339.

Mulugeta, S. (2008). Internal Audit: Reporting Relationship in Ethiopian Public

Enterprises. addisababa university, Accounting and finance. addisababa:
Addisababa University.

Okibo, B. W., & Kamau, C. G. (2012). A study to explore internal auditors’

compliance with Quality Assurance Standards: A case of state owned
corporations in Kenya. International Journal of Research Studies in
Management, 1(1), 109-126.

Patton, (2003), ‘Qualitative Evaluation Checklist’, Evaluation checklist project,

available at <www.wminch.edu.evalctr/checklists>

Pervez G and Kjell G. 2005, ‘Research methods in Business Studies, 3rd edition; a
practical guide’, Pearson Education Limited, pp 93-128

Phil Griffiths, C. (2005) what is risk based audit. In: Phil Griffiths, B.et al. risk based
auditing. England. Gower Publishing Limited. PP.11-53.

Pickett, C. (2005) the Internal Audit Role. In: John Wiley & Sons Inc, B.et al. the
essential handbook of internal auditing. 2nd ed. England. John Wiley & Sons
Ltd. pp.110-136.

67 | P a g e
Rahmatika (2014) The Impact of Internal Audit Function Effectiveness on Quality of
Financial Reporting and its Implications on Good Government Governance
Research on Local Government Indonesia. Research journal of finance and
accounting. Vol.5, No.18, pp.65-71. ISSN 2222-2847.

Rupsys, R (2005) The Analysis of Reporting Lines,

Sawan, A. A. (2013, February 14). The role of internal audit function in the public
sector context in Saudi Arabia. African Journal of Business Management,
7(6), 443-454. Retrieved from http://www.academicjournals.org/AJBM

Saunders M, Lewis P and Thornhill A 2003, Research Methods for Business Students,
3rd ed, Harlow, Prentice Hall, England.

Shaw H. 2006, ‘A guide to successful postgraduate dissertation’, London Metropolitan

University, London.

Teklegiorgis, H., 2000, Kynote Speech, Inaugural Ceremony of the Institute of

Internal Auditors--Ethiopia Chapter Addis Ababa, 16 December 2000.

Tubbs, R. M. (1992). The Effect of experience on the auditor's organization and amount
of knowledge. The accounting review, 87(4), 783 – 801.

Zeleke B (2007). A Study on Effective Implementation of Internal Audit Function to

Promote Good Governance in the Public Sector Ethiopian Civil Service College
Research, Publication and Consultancy Coordination Office.

68 | P a g e
Appendix 1- Internal Auditors Survey Instrument

ADDIS ABABA UNIVERSITY

COLLAGE OF BUSINESS AND ECONOMICS

DEPARTMENT OF ACCOUNTING AND

FINANCE (GRADUATE PROGRAM)

This is questionnaire designed to meet the objective of research project titled

“Internal Audit Practice of government public sectors” for partial fulfillment of
MSC in Accounting and Finance from Addis Ababa University.

Dear respondent, I would like to assure you that your response will only be used
for the intended purpose and remains confidential.

Thank You for Your Support

69 | P a g e
 Instruction: following questions and statements is prepared as questionnaire for
this research please indicate your answer by ticking ( ) the appropriate one
from the options.

Part one: General information

1. Educational background

(1) MSC and above in accounting

(2) BA in accounting

(3) Diploma in accounting

(4) Below diploma in accounting

(5) Certified like CIA (Certified internal auditor), ACCA,

Other than accounting qualification: please specify

2. work experience as an internal auditor

1. 1- 3 years
2. Between 3-5 years
3. Between 5-10 years
4. Between 10-20 years
5. > 20 years

70 | P a g e
 Part Two
Examining the internal audit practice

3. Do you have audit charter?

1. Yes 2. No

4. Do you agree that your internal audit activity comply with The IIA’s
Standards?
(1) Strongly disagree
(2) Disagree

(3) Neutral

(4) Agree
(5) Strongly Agree

5. Authority of internal audit is clearly defined.

(1) Strongly disagree

(2) Disagree

(3) Neutral

(4) Agree
(5) Strongly Agree

6. The authority of internal audit is in line with standards for the

professional practice formulated by the institute of internal auditors.

71 | P a g e
 (1) Strongly disagree
(2) Disagree

(3) Neutral

(4) Agree
(5) Strongly Agree

7. The document defining internal audits purpose and authority is

approved by board of directors or audit committee.

(1) Strongly disagree

(2) Disagree

(3) Neutral

(4) Agree
(5) Strongly Agree

8. Is internal auditing’s position in your organization at a sufficiently

high level and sufficiently detached from functional areas to guarantee
its independence?

(1) Strongly disagree

(2) Disagree

(3) Neutral

(4) Agree
(5) Strongly Agree

9. Internal auditors have full access to records and information they

need in conducting audits.

72 | P a g e
 (1) Strongly disagree
(2) Disagree

(3) Neutral

(4) Agree
(5) Strongly Agree

10. Internal auditors receive full cooperation from auditees

(1) Strongly disagree
(2) Disagree

(3) Neutral

(4) Agree
(5) Strongly Agree

11. To what extent the management and other organs of the system
support, understand and appreciate the role of internal audit function
in good governance?

(1) Very high (3) Medium (5) Very low

(2) High (4) low

12. The management of your organization has a commitment to add value

to the internal audit function?

73 | P a g e
 (1) Strongly disagree
(2) Disagree

(3) Neutral

(4) Agree
(5) Strongly Agree

13. Do you think internal department is large enough to successfully carry

out its duties?

1. Yes 2. No

14. Which of the following represent the scope of work for internal audit
in your organization?
(Please mark each boxes as much as it is applicable)

(1) Verification of financial transaction (Financial audit)

(2) Assessing and promoting the adequacy of corporate

governance

(3) Assessment of internal control

(4) Evaluates projects/ programs accomplishments (effectiveness)

(5) Operational audit

(6) Compliance audit

(7) Assessment of organizational risk

(8) Fraud investigation

(9) Information system audit

74 | P a g e
 15. Do you think that the organization’s audit department or divisions has
progressed in terms of:-

a Number of staff

(1) Unnecessary number of staff

(2) Sufficient

(3) Not sufficient

(4) Medium

(5) Very low

(6) Almost no
b Appropriately qualified staff

(1) Highly
qualified

(2) Qualified

(3) Medium

75 | P a g e
 (4) Unqualified

16. Internal audit obtains a sufficient budget to successfully carry out its
duties.

(1) Strongly disagree

(2) disagree
(3) Neutral
(4) Agree
(5) Strongly Agree

17. Internal auditors possess sufficient experience to understand the

organizations systems.
(1) Strongly disagree
(2) disagree
(3) Neutral
(4) Agree
(5) Strongly Agree

18. The internal audit staffs possess knowledge and skills in a variety of
areas (beyond accounting and finance), as necessary.
(1) Strongly disagree
(2) disagree
(3) Neutral
(4) Agree
(5) Strongly Agree

19. Internal audit has policies for training of internal audit staff.
(1) Strongly disagree
(2) disagree
(3) Neutral
(4) Agree
(5) Strongly Agree

76 | P a g e
 20. Internal auditors undertake continuous professional development
activities.
(1) Strongly disagree
(2) Disagree
(3) Neutral
(4) Agree
(5) Strongly agree

21. Adequate short term training is arranged for internal auditors each
year.
(1) Strongly disagree
(2) disagree
(3) Neutral
(4) Agree
(5) Strongly agree
22. There is a complete internal audit manual to guide internal audit
work.

(1) Strongly Disagree

(2) Disagree
(3) Neutral
(4) Agree
(5) Strongly Agree
23. Do you think internal audit is free from intervention in performing its
duties?

(1) Strongly disagree

(2) Disagree
(3) Neutral

77 | P a g e
 (4) Agree
(5) Strongly Agree

24. Internal auditors feel free to include any audit findings in their audit
reports?
(1) Strongly Disagree
(2) Disagree
(3) Neutral
(4) Agree
(5) Strongly Agree

25. Internal audit provides reports to the board of directors or audit

committee?
(1) Strongly disagree
(2) Disagree
(3) Neutral
(4) Agree
(5) Strongly Agree

26. The board of directors or audit committee oversees employment

decisions in internal audit.
(1) Strongly disagree
(2) Disagree
(3) Neutral
(4) Agree
(5) Strongly Agree
27. Internal audit assignment are rotated periodically.
(1) Strongly disagree
(2) Disagree
(3) Neutral
(4) Agree
(5) Strongly Agree

78 | P a g e
 28. Do the internal audit supervisor (or manager) supervises field work?
1. Yes 2. No

29. Is an internal audit supervisor reviews internal audit working papers?

1. Yes 2. No
30. Do the audit findings are discussed with auditees (organization being
auditing) before being reported?
1. Yes 2. No

31. Do the internal auditors follow up implementation of corrective

actions relating to audit findings?

1. Yes 2. No

32. Is there Corrective action plan is agreed with management before the
report is issued?

1. Yes 2. No

33. Is the Management takes timely corrective action based on internal

audit recommendations?

1. Yes 2. No

34. Is annual internal audit plan is prepared?

1. Yes 2. No

35. Is risk assessment is done as part of audit planning?

1. Yes 2. No
36. Is internal audit plan is based on your organization’s risk profile?
1. Yes 2. No

37. Does internal auditing have a quality assurance program?

1. Yes 2. No

79 | P a g e
 38. Does it have a plan to undergo an external quality assessment every
five years as required by the Standards?

1. Yes 2. No

Appendix 2- Financial Control Support Process Owner’s In-Depth Interview

instrument
INTERVIEW QUESTIONS

1. Do you have charter that defining all your responsibility and authority?
2. Is internal auditing sufficiently resourced to provide objective assurance
on risk and control?
3. Do internal auditors get any cooperation from audittee?
4. To what extent management and other organs support, understand the role
of internal audit function in the good governance?
5. Are your free from intervention in performing your duties?
6. To what extent internal audit scope in your office is performing?
7. Is internal audit department in your organization is large enough to
successfully carry out its duties?
8. Is there reporting follow-up and quality review in auditing department in
your organization?
9. Is internal audit annual audit plan is prepared in your organization?
10. Do you think that the organization’s audit department or divisions has
progressed in terms of number of qualified staff?

80 | P a g e
Appendix 3- International Standards for the Professional Practice of Internal
Audit Standards

Attribute Standards
1000 – Purpose, Authority, and Responsibility
The purpose, authority, and responsibility of the internal audit activity must be formally
defined in an internal audit charter, consistent with the Definition of Internal Auditing,
the Code of Ethics, and the Standards. The chief audit executive must periodically
review the internal audit charter and present it to senior management and the board for
approval.
1000.A1 – The nature of assurance services provided to the organization must be
defined in the internal audit charter. If assurances are to be provided to parties outside
the organization, the nature of these assurances must also be defined in the internal
audit charter.
1000.C1 – The nature of consulting services must be defined in the internal audit
charter.
1010 – Recognition of the Definition of Internal Auditing, the Code of Ethics, and
the Standards in the Internal Audit Charter

81 | P a g e
The mandatory nature of the Definition of Internal Auditing, the Code of Ethics, and
the Standards must be recognized in the internal audit charter. The chief audit executive
should discuss the Definition of Internal Auditing, the Code of Ethics, and the
Standards with senior management and the board.
1100 – Independence and Objectivity
The internal audit activity must be independent, and internal auditors must be objective
in performing their work.
1110 – Organizational Independence
The chief audit executive must report to a level within the organization that allows the
internal audit activity to fulfill its responsibilities. The chief audit executive must
confirm to the board, at least annually, the organizational independence of the internal
audit activity.

1110.A1 – The internal audit activity must be free from interference in determining the
scope of internal auditing, performing work, and communicating results.
1111 – Direct Interaction with the Board
The chief audit executive must communicate and interact directly with the board.
1120 – Individual Objectivity
Internal auditors must have an impartial, unbiased attitude and avoid any conflict of
interest.
1130 – Impairment to Independence or Objectivity
If independence or objectivity is impaired in fact or appearance, the details of the
impairment must be disclosed to appropriate parties. The nature of the disclosure will
depend upon the impairment.
1130.A1 – Internal auditors must refrain from assessing specific operations for which
they were previously responsible. Objectivity is presumed to be impaired if an internal
auditor provides assurance services for an activity for which the internal auditor had
responsibility within the previous year.
1130.A2 – Assurance engagements for functions over which the chief audit executive
has responsibility must be overseen by a party outside the internal audit activity.

82 | P a g e
1130.C1 – Internal auditors may provide consulting services relating to operations for
which they had previous responsibilities.
1130.C2 – If internal auditors have potential impairments to independence or
objectivity relating to proposed consulting services, disclosure must be made to the
engagement client prior to accepting the engagement.
1200 – Proficiency and Due Professional Care
Engagements must be performed with proficiency and due professional care.
1210 – Proficiency
Internal auditors must possess the knowledge, skills, and other competencies needed to
perform their individual responsibilities. The internal audit activity collectively must
possess or obtain the knowledge, skills, and other competencies needed to perform its
responsibilities.
1210.A1 – The chief audit executive must obtain competent advice and assistance if
the internal auditors lack the knowledge, skills, or other competencies needed to
perform all or part of the engagement.
1210.A2 – Internal auditors must have sufficient knowledge to evaluate the risk of
fraud and the manner in which it is managed by the organization, but are not expected
to have the expertise of a person whose primary responsibility is detecting and
investigating fraud.
1210.A3 – Internal auditors must have sufficient knowledge of key information
technology risks and controls and available technology-based audit techniques to
perform their assigned work. However, not all internal auditors are expected to have
the expertise of an internal auditor whose primary responsibility is information
technology auditing.
1210.C1 – The chief audit executive must decline the consulting engagement or obtain
competent advice and assistance if the internal auditors lack the knowledge, skills, or
other competencies needed to perform all or part of the engagement.
1220 – Due Professional Care
Internal auditors must apply the care and skill expected of a reasonably prudent and
competent internal auditor. Due professional care does not imply infallibility.
1220.A1 – Internal auditors must exercise due professional care by considering the:

83 | P a g e
  Extent of work needed to achieve the engagement’s objectives;
 Relative complexity, materiality, or significance of matters to which
assurance procedures are applied;
 Adequacy and effectiveness of governance, risk management, and control
processes;
 Probability of significant errors, fraud, or noncompliance; and
 Cost of assurance in relation to potential benefits.
1220.A2 – In exercising due professional care internal auditors must consider the use
of technology-based audit and other data analysis techniques.
1220.A3 – Internal auditors must be alert to the significant risks that might affect
objectives, operations, or resources. However, assurance procedures alone, even when
performed with due professional care, do not guarantee that all significant risks will be
identified.
1220.C1 – Internal auditors must exercise due professional care during a consulting
engagement by considering the:
 Needs and expectations of clients, including the nature, timing, and
communication of engagement results;
 Relative complexity and extent of work needed to achieve the engagement’s
objectives; and
 Cost of the consulting engagement in relation to potential benefits.

84 | P a g e
 1230 – Continuing Professional Development
Internal auditors must enhance their knowledge, skills, and other competencies through
continuing professional development.
1300 – Quality Assurance and Improvement Program
The chief audit executive must develop and maintain a quality assurance and
improvement program that covers all aspects of the internal audit activity.
1310 – Requirements of the Quality Assurance and Improvement Program
The quality assurance and improvement program must include both internal and
external assessments.
1311 – Internal Assessments
Internal assessments must include:
 Ongoing monitoring of the performance of the internal audit activity; and
 Periodic self-assessments or assessments by other persons within the
organization with sufficient knowledge of internal audit practices.

1312 - External Assessments

External assessments must be conducted at least once every five years by a qualified,
independent assessor or assessment team from outside the organization. The chief audit
executive must discuss with the board:
 The form and frequency of external assessment; and
 The qualifications and independence of the external assessor or assessment
team, including any potential conflict of interest.
1320 – Reporting on the Quality Assurance and Improvement Program
The chief audit executive must communicate the results of the quality assurance and
improvement program to senior management and the board.
1321 – Use of “Conforms with the International Standards for the Professional
Practice of Internal Auditing”
The chief audit executive may state that the internal audit activity conforms with the
International Standards for the Professional Practice of Internal Auditing only if the
results of the quality assurance and improvement program support this statement.

85 | P a g e
1322 – Disclosure of Nonconformance
When nonconformance with the Definition of Internal Auditing, the Code of Ethics, or
the Standards impacts the overall scope or operation of the internal audit activity, the
chief audit executive must disclose the nonconformance and the impact to senior
management and the board.
Performance Standards
2000 – Managing the Internal Audit Activity
The chief audit executive must effectively manage the internal audit activity to ensure
it adds value to the organization.
2010 – Planning
The chief audit executive must establish a risk-based plan to determine the priorities of
the internal audit activity, consistent with the organization’s goals.
2010.A1 – The internal audit activity’s plan of engagements must be based on a
documented risk assessment, undertaken at least annually. The input of senior
management and the board must be considered in this process.
2010.A2 – The chief audit executive must identify and consider the expectations of
senior management, the board, and other stakeholders for internal audit opinions and
other conclusions.
2010.C1 – The chief audit executive should consider accepting proposed consulting
engagements based on the engagement’s potential to improve management of risks,
add value, and improve the organization’s operations. Accepted engagements must be
included in the plan.
2020 – Communication and Approval
The chief audit executive must communicate the internal audit activity’s plans and
resource requirements, including significant interim changes, to senior management
and the board for review and approval. The chief audit executive must also
communicate the impact of resource limitations.
2030 – Resource Management
The chief audit executive must ensure that internal audit resources are appropriate,
sufficient, and effectively deployed to achieve the approved plan.
2040 – Policies and Procedures

86 | P a g e
The chief audit executive must establish policies and procedures to guide the internal
audit activity.
2050 – Coordination
The chief audit executive should share information and coordinate activities with other
internal and external providers of assurance and consulting services to ensure proper
coverage and minimize duplication of efforts.
2060 – Reporting to Senior Management and the Board
The chief audit executive must report periodically to senior management and the board
on the internal audit activity’s purpose, authority, responsibility, and performance
relative to its plan. Reporting must also include significant risk exposures and control
issues, including fraud risks, governance issues, and other matters needed or requested
by senior management and the board.
2070 – External Service Provider and Organizational Responsibility for Internal
Auditing
When an external service provider serves as the internal audit activity, the provider
must make the organization aware that the organization has the responsibility for
maintaining an effective internal audit activity.
2100 – Nature of Work
The internal audit activity must evaluate and contribute to the improvement of
governance, risk management, and control processes using a systematic and disciplined
approach.
2110 – Governance
The internal audit activity must assess and make appropriate recommendations for
improving the governance process in its accomplishment of the following objectives:
 Promoting appropriate ethics and values within the organization;
 Ensuring effective organizational performance management and
accountability;
 Communicating risk and control information to appropriate areas of the
organization; and
 Coordinating the activities of and communicating information among the
board, external and internal auditors, and management.

87 | P a g e
2110.A1 – The internal audit activity must evaluate the design, implementation, and
effectiveness of the organization’s ethics-related objectives, programs, and activities.
2110.A2 – The internal audit activity must assess whether the information technology
governance of the organization supports the organization’s strategies and objectives.
2120 – Risk Management
The internal audit activity must evaluate the effectiveness and contribute to the
improvement of risk management processes.
2120.A1 – The internal audit activity must evaluate risk exposures relating to the
organization’s governance, operations, and information systems regarding the:
 Achievement of the organization’s strategic objectives;
 Reliability and integrity of financial and operational information;
 Effectiveness and efficiency of operations and programs;
 Safeguarding of assets; and
 Compliance with laws, regulations, policies, procedures, and contracts.

2120.A2 – The internal audit activity must evaluate the potential for the occurrence of
fraud and how the organization manages fraud risk.
2120.C1 – During consulting engagements, internal auditors must address risk
consistent with the engagement’s objectives and be alert to the existence of other
significant risks.
2120.C2 – Internal auditors must incorporate knowledge of risks gained from
consulting engagements into their evaluation of the organization’s risk management
processes.
2120.C3 – When assisting management in establishing or improving risk management
processes, internal auditors must refrain from assuming any management responsibility
by actually managing risks.
2130 – Control
The internal audit activity must assist the organization in maintaining effective controls
by evaluating their effectiveness and efficiency and by promoting continuous
improvement.

88 | P a g e
2130.A1 – The internal audit activity must evaluate the adequacy and effectiveness of
controls in responding to risks within the organization’s governance, operations, and
information systems regarding the:
 Achievement of the organization’s strategic objectives;
 Reliability and integrity of financial and operational information;
 Effectiveness and efficiency of operations and programs;
 Safeguarding of assets; and
 Compliance with laws, regulations, policies, procedures, and contracts.

2130.C1 – Internal auditors must incorporate knowledge of controls gained from

consulting engagements into evaluation of the organization’s control processes.
2200 – Engagement Planning
Internal auditors must develop and document a plan for each engagement, including
the engagement’s objectives, scope, timing, and resource allocations.
2201 – Planning Considerations
In planning the engagement, internal auditors must consider:
 The objectives of the activity being reviewed and the means by which the
activity controls its performance;
 The significant risks to the activity, its objectives, resources, and operations
and the means by which the potential impact of risk is kept to an acceptable
level;
 The adequacy and effectiveness of the activity’s governance, risk
management, and control processes compared to a relevant framework or
model; and
 The opportunities for making significant improvements to the activity’s
governance, risk management, and control processes.

2201.A1 – When planning an engagement for parties outside the organization, internal
auditors must establish a written understanding with them about objectives, scope,
respective responsibilities, and other expectations, including restrictions on distribution
of the results of the engagement and access to engagement records.

89 | P a g e
2201.C1 – Internal auditors must establish an understanding with consulting
engagement clients about objectives, scope, respective responsibilities, and other client
expectations. For significant engagements, this understanding must be documented.
2210 – Engagement Objectives
Objectives must be established for each engagement.
2210.A1 – Internal auditors must conduct a preliminary assessment of the risks relevant
to the activity under review. Engagement objectives must reflect the results of this
assessment.
2210.A2 – Internal auditors must consider the probability of significant errors, fraud,
noncompliance, and other exposures when developing the engagement objectives.
2210.A3 – Adequate criteria are needed to evaluate governance, risk management, and
controls. Internal auditors must ascertain the extent to which management and/or the
board has established adequate criteria to determine whether objectives and goals have
been accomplished. If adequate, internal auditors must use such criteria in their
evaluation. If inadequate, internal auditors must work with management and/or the
board to develop appropriate evaluation criteria.
2210.C1 – Consulting engagement objectives must address governance, risk
management, and control processes to the extent agreed upon with the client.
2210.C2 – Consulting engagement objectives must be consistent with the
organization's values, strategies, and objectives.
2220 – Engagement Scope
The established scope must be sufficient to achieve the objectives of the engagement.
2220.A1 – The scope of the engagement must include consideration of relevant
systems, records, personnel, and physical properties, including those under the control
of third parties.
2220.A2 – If significant consulting opportunities arise during an assurance
engagement, a specific written understanding as to the objectives, scope, respective
responsibilities, and other expectations should be reached and the results of the
consulting engagement communicated in accordance with consulting standards.
2220.C1 – In performing consulting engagements, internal auditors must ensure that
the scope of the engagement is sufficient to address the agreed-upon objectives. If

90 | P a g e
internal auditors develop reservations about the scope during the engagement, these
reservations must be discussed with the client to determine whether to continue with
the engagement.
2220.C2 – During consulting engagements, internal auditors must address controls
consistent with the engagement’s objectives and be alert to significant control issues.
2230 – Engagement Resource Allocation
Internal auditors must determine appropriate and sufficient resources to achieve
engagement objectives based on an evaluation of the nature and complexity of each
engagement, time constraints, and available resources.
2240 – Engagement Work Program
Internal auditors must develop and document work programs that achieve the
engagement objectives.
2240.A1 – Work programs must include the procedures for identifying, analyzing,
evaluating, and documenting information during the engagement. The work program
must be approved prior to its implementation, and any adjustments approved promptly.
2240.C1 – Work programs for consulting engagements may vary in form and content
depending upon the nature of the engagement.
2300 – Performing the Engagement
Internal auditors must identify, analyze, evaluate, and document sufficient information
to achieve the engagement’s objectives.
2310 – Identifying Information
Internal auditors must identify sufficient, reliable, relevant, and useful information to
achieve the engagement’s objectives.
2320 – Analysis and Evaluation
Internal auditors must base conclusions and engagement results on appropriate
analyses and evaluations.
2330 – Documenting Information
Internal auditors must document relevant information to support the conclusions and
engagement results.

91 | P a g e
2330.A1 – The chief audit executive must control access to engagement records. The
chief audit executive must obtain the approval of senior management and/or legal
counsel prior to releasing such records to external parties, as appropriate.
2330.A2 – The chief audit executive must develop retention requirements for
engagement records, regardless of the medium in which each record is stored. These
retention requirements must be consistent with the organization’s guidelines and any
pertinent regulatory or other requirements.
2330.C1 – The chief audit executive must develop policies governing the custody and
retention of consulting engagement records, as well as their release to internal and
external parties. These policies must be consistent with the organization’s guidelines
and any pertinent regulatory or other requirements.
2340 – Engagement Supervision
Engagements must be properly supervised to ensure objectives are achieved, quality is
assured, and staff is developed.
2400 – Communicating Results
Internal auditors must communicate the results of engagements.
2410 – Criteria for Communicating
Communications must include the engagement’s objectives and scope as well as
applicable conclusions, recommendations, and action plans.
2410.A1 - Final communication of engagement results must, where appropriate,
contain the internal auditors’ opinion and/or conclusions. When issued, an opinion or
conclusion must take account of the expectations of senior management, the board, and
other stakeholders and must be supported by sufficient, reliable, relevant, and useful
information.
2410.A2 – Internal auditors are encouraged to acknowledge satisfactory performance
in engagement communications.
2410.A3 – When releasing engagement results to parties outside the organization, the
communication must include limitations on distribution and use of the results.
2410.C1 – Communication of the progress and results of consulting engagements will
vary in form and content depending upon the nature of the engagement and the needs
of the client.

92 | P a g e
2420 – Quality of Communications
Communications must be accurate, objective, clear, concise, constructive, complete,
and timely.
2421 – Errors and Omissions
If a final communication contains a significant error or omission, the chief audit
executive must communicate corrected information to all parties who received the
original communication.
2430 – Use of “Conducted in Conformance with the International Standards for
the Professional Practice of Internal Auditing”
Internal auditors may report that their engagements are “conducted in conformance
with the International Standards for the Professional Practice of Internal Auditing”,
only if the results of the quality assurance and improvement program support the
statement.
2431 – Engagement Disclosure of Nonconformance
When nonconformance with the Definition of Internal Auditing, the Code of Ethics or
the Standards impacts a specific engagement, communication of the results must
disclose the:
 Principle or rule of conduct of the Code of Ethics or Standard(s) with which
full conformance was not achieved;
 Reason(s) for nonconformance; and
 Impact of nonconformance on the engagement and the communicated
engagement results.

2440 – Disseminating Results

The chief audit executive must communicate results to the appropriate parties.
2440.A1 – The chief audit executive is responsible for communicating the final results
to parties who can ensure that the results are given due consideration.
2440.A2 – If not otherwise mandated by legal, statutory, or regulatory requirements,
prior to releasing results to parties outside the organization the chief audit executive
must:
 Assess the potential risk to the organization;

93 | P a g e
  Consult with senior management and/or legal counsel as appropriate; and
 Control dissemination by restricting the use of the results.

2440.C1 – The chief audit executive is responsible for communicating the final results
of consulting engagements to clients.
2440.C2 – During consulting engagements, governance, risk management, and control
issues may be identified. Whenever these issues are significant to the organization, they
must be communicated to senior management and the board.
2450 – Overall Opinions
When an overall opinion is issued, it must take into account the expectations of senior
management, the board, and other stakeholders and must be supported by sufficient,
reliable, relevant, and useful information.

The reasons for an unfavorable overall opinion must be stated.

2500 – Monitoring Progress
The chief audit executive must establish and maintain a system to monitor the
disposition of results communicated to management.
2500.A1 – The chief audit executive must establish a follow-up process to monitor and
ensure that management actions have been effectively implemented or that senior
management has accepted the risk of not taking action.
2500.C1 – The internal audit activity must monitor the disposition of results of
consulting engagements to the extent agreed upon with the client.
2600 – Communicating the Acceptance of Risks
When the chief audit executive concludes that management has accepted a level of risk
that may be unacceptable to the organization, the chief audit executive must discuss
the matter with senior management. If the chief audit executive determines that the
matter has not been resolved, the chief audit executive must communicate the matter
to the board.

94 | P a g e
95 | P a g e