Professional Documents
Culture Documents
net/publication/277291577
CITATIONS READS
16 1,965
3 authors, including:
All content following this page was uploaded by Robyn Moroney on 18 February 2018.
Abstract
In recent years, the importance of good corporate governance has received signi-
ficant public and regulatory attention. A crucial part of an entity’s corporate
governance is its internal audit function. At the same time, there has been significant
public concern about the level of fraud within organizations. The purpose of this
study is to assess whether organizations with an internal audit function are more
likely to detect and self-report fraud than those without. In this study, we use a unique
self-reported measure of misappropriation of assets fraud for the first time. The
fraud data are from the 2004 KPMG Fraud Survey, which reported fraud from
491 organizations in the private and public sector across Australia and New
Zealand. The internal audit data are from a separate mail survey sent to the
respondents of the KPMG Fraud Survey. We find that organizations with an
internal audit function are more likely than those without such a function to detect
and self-report fraud. Furthermore, organizations that rely solely on outsourcing for
their internal audit function are less likely to detect and self-report fraud than
those that undertake at least part of their internal audit function themselves.
These findings suggest that internal audit adds value through improving the
control and monitoring environment within organizations to detect and self-report
fraud. These results also suggest that keeping the internal audit function within
the organization is more effective than completely outsourcing that function.
Key words: Internal audit; Corporate governance; Fraud, Misappropriation of assets
JEL classification: M42
doi: 10.1111/j.1467-629x.2007.00247.x
We thank Katherine Geddes for her invaluable research assistance on this project. Thanks also
to Jean Bédard, Allen Craswell, Jere Francis, Carl Hollingsworth, Nava Subramaniam, David
Wood, Gang Wu, and participants at the 2006 International Symposium on Audit Research Con-
ference, the 2007 American Accounting Association Auditing Mid-year Meeting, and the 2006
Accounting and Finance Association of Australia and New Zealand Conference. We are also grateful
for the financial support of the Faculty of Economics and Commerce at the University of Melbourne
and an Australian Research Council Linkage grant. Finally, and importantly, thanks to the
organizations who replied to our survey and to KPMG for providing access to its data on fraud.
Received 23 March 2007; accepted 8 November 2007 by Gary Monroe.
© The Authors
Journal compilation © 2008 AFAANZ
544 P. Coram et al. /Accounting and Finance 48 (2008) 543–559
1. Introduction
This study assesses the importance of the internal audit function in detecting
and self-reporting of fraud through misappropriation of assets within organizations.1
Furthermore, this study compares the detected and self-reported level of fraud
when internal audit is conducted in-house, outsourced or a combination of the two.
This study also contributes to the literature in this area as it uses a unique and rich
dataset, which is the self-reported fraud from the 2004 KPMG Fraud Survey.
This research examines two important issues in contemporary corporate
governance. By examining the association between both the existence and the
type (in-house versus outsourced) of internal audit function and the propensity
to detect and self-report fraud, we evaluate the importance of internal audit as
a control and monitoring mechanism within organizations. Both internal and
external auditors emphasize the importance of fraud assessment and detection
partly in response to calls by professional bodies, regulatory agencies and
governments. This data expands our understanding of the importance of the
internal audit function and its association with fraud detection.
The results show a significant positive relation between an organization having
an internal audit function and the number and value of self-reported frauds.
For those organizations with internal audit, reliance on a partial or full in-house
function increases the likelihood of detecting and self-reporting of fraud when
compared with organizations that outsource the entire function. This finding is
particularly interesting because it puts outsourcing in a different perspective
from prior studies, which found that financial statement users do not perceive a
difference between in-house internal audit and outsourcing (Lowe et al., 1999;
James, 2003) and companies that outsource believe that an external provider is
technically more competent (Carey et al., 2006).
In the next section, we provide a discussion of the background literature and
develop our hypothesis and research question. This is followed by an overview of
the methodology used. The results are then discussed, before conclusions are drawn.
2.1. Background
1
This study uses as its fraud measure fraud that was detected by organizations and then
confidentially reported to KPMG in the 2004 survey of fraud. Therefore, it is detected and
self-reported fraud. It is possible that some fraud could have been detected but not reported
to KPMG by respondents. However, because of the extensive data reported from the survey,
and the confidentiality of the survey, we believe it is unlikely that the amount of detected
and not reported frauds is very high.
© The Authors
Journal compilation © 2008 AFAANZ
P. Coram et al. /Accounting and Finance 48 (2008) 543–559 545
© The Authors
Journal compilation © 2008 AFAANZ
546 P. Coram et al. /Accounting and Finance 48 (2008) 543–559
reporting means that there is a high likelihood that senior management have
been complicit in the activity. Therefore, it is not surprising that much of the prior
published literature has found linkages between poor corporate governance
practices and this type of fraud.
The present study focuses on misappropriation of assets, providing insights
into a very different type of fraud that has had very little examination in prior
literature. Our dataset is rich and provides insights into instances where the
fraud of misappropriation of assets is discovered by organizations. We theorize
that a better control environment within organizations will be associated with a
greater likelihood of detecting and self-reporting this type of fraud. In particular,
we hypothesize that the governance tool of internal audit will be associated
with organizations enjoying an increased propensity to detect and self-report
this type of fraud.
© The Authors
Journal compilation © 2008 AFAANZ
P. Coram et al. /Accounting and Finance 48 (2008) 543–559 547
are likely to enhance the role and importance of internal audit in the Australian
environment.
Despite the increasing focus on internal audit, there has been limited research
on the importance of this function. Gramling et al. (2004) perform a review of
the literature on the role of the internal audit function in corporate governance.
They report that the majority of the research on internal audit effectiveness has
been related to the perceptions of the external auditor and whether the external
auditor uses the internal auditor’s work.
In a recent study, internal auditors’ assessments of their own contribution to
the external audit are found to be related to audit committee independence,
competence and involvement in the internal audit function as well as internal
audit size, staff experience, availability and closeness to the external auditors
(Zain et al., 2006). Some prior research has used an agency cost framework to
illustrate the value relevance of the internal audit function. Carey et al. (2000)
find that the common variables of size, debt or agency were not associated with
the presence of an internal audit function in Australian family-owned companies;
however, internal and external audit are used as monitoring substitutes by these
companies, suggesting that value is placed on internal audit as a monitoring
function. Carcello et al. (2005) examine the size of internal audit budgets and
find that they were positively related to company size; leverage; financial, service,
or utility industries; inventory; operating flows; and audit committee review of
the internal audit budget. Results showed that internal audit budgets were
negatively related to the percentage of internal auditing that was outsourced.
The overall conclusion was that companies facing higher risk will increase their
organizational monitoring through internal audit, providing evidence of the
importance of the internal audit function.
Another way of evaluating the work of internal auditors is to examine how
well they detect errors within an organization, and there has been limited
research on this topic. The number and magnitude of errors requiring adjust-
ment by the external auditor have been found to be substantially lower for
entities that had an internal audit department compared to those that did not
have an internal audit department (Wallace and Kreutzfeldt, 1991). This finding
highlights the important role the internal auditor function plays in error
detection.
More recently, the role of auditors in detecting fraud as well as errors has
received greater attention. In Australia, additional requirements were imposed
on external auditors to consider the possibility of fraud when conducting an
audit under AUS 210 (Australian Accounting Research Foundation, 2004) and
more recently ASA 240 (Auditing and Assurance Standards Board, 2006). It is
reasonable to expect that this increased emphasis on fraud awareness and
detection affected the internal auditors’ duties as well. Even back in the late
1990s, there is evidence that this was occurring in Australia, as a survey found
that fraud detection was being included in internal audit work (Birkett et al.,
1999).
© The Authors
Journal compilation © 2008 AFAANZ
548 P. Coram et al. /Accounting and Finance 48 (2008) 543–559
Some studies have evaluated the ability of internal auditors to perform fraud-
related work. External and internal auditors achieved a high level of consensus
in their financial statement fraud risk ratings, suggesting that internal auditors
are as aware as external auditors of where fraud is likely to be detected (Apostolou
et al., 2001). When considering fraudulent financial reporting, internal auditors
think that fraud is the reason for an unexpected difference in income when
income is greater than expected and when debt covenants are restrictive condi-
tioned on income being greater than expected (Church et al., 2001). The focus
of these studies has been fraudulent financial reporting; however, the operational
level of internal audit would suggest that misappropriation of assets would be
the most likely fraud that they would uncover as part of their function within
the organization.
The outsourcing decision of the internal audit function is an important one.
Organizations may use their own staff (in-house), use an external firm (outsource)
or a combination of the two. Although outsourcing the internal audit function
does not significantly affect users’ perceptions of auditor independence or
financial statement reliability (Lowe et al., 1999) or their perception of protection
from financial statement fraud (James, 2003), companies that decide to outsource
perceive that external providers are technically more competent (Carey et al.,
2006). This finding reinforces the findings of Caplan and Kirschenheiter (2000),
who use a mathematical model to determine the incentives to outsource the
internal audit function and find that external providers are of better quality than
in-house providers.
Companies that outsource their internal audit function tend to have low asset
specificity, low environmental uncertainty, low behavioural uncertainty and an
infrequent need to use the internal audit function (Widener and Selto, 1999;
Speklé et al., 2007). The relative effectiveness of in-house versus outsourced
internal audit functions is an issue that warrants further research and is examined
by this study.
Another factor affecting the decision to outsource the internal audit function
is recent restrictions (such as the Sarbanes–Oxley Act in the USA) on outsourcing
to the external audit firm. These restrictions have been put in place to enhance
auditor independence. Prior to the Sarbanes–Oxley Act, Swanger and Chewning
(2001) find that financial analysts perceived that audit firm independence is
enhanced when a company does not outsource to their incumbent auditor.
Abbott et al. (2007) surveyed companies in 2000 and found that companies with
strong audit committee governance were less likely to outsource routine internal
audit functions to their external auditor. However, they did not find that out-
sourcing internal audit to an outside service provider was associated with the
effectiveness of the audit committee. Self-regulation is still seen to be important
in the USA post Sarbanes–Oxley Act, as private companies are not affected by
the Sarbanes–Oxley Act and some internal audit functions might still be out-
sourced to external auditors; for example, services unrelated to internal controls,
financial systems and financial statements (Caplan et al., 2007).
© The Authors
Journal compilation © 2008 AFAANZ
P. Coram et al. /Accounting and Finance 48 (2008) 543–559 549
The internal audit function is an important function that has been shown to
add value (Carey et al., 2000; Carcello et al., 2005) and to reduce detected errors
by external auditors (Wallace and Kreutzfeldt, 1991). It is considered an important
governance tool to protect corporations from internal criminal behaviour (Nestor,
2004). The professional literature suggests that internal audit is a vital tool in
fraud detection when assets are misappropriated by employees or outsiders
(Luehlfing et al., 2003; Marden and Edwards, 2005; Belloli, 2006). Therefore,
we expect that the ability to detect fraud is enhanced for organizations that have
an internal audit function compared to those that do not.
H1: Organizations that have an internal audit function are more likely to detect
and self-report misappropriation of asset fraud than organizations that do not
have an internal audit function.
The other research issue addressed by the present study is the relative effec-
tiveness of in-house compared to outsourcing the internal audit function. Most
of the prior research has focused on eliciting users’, analysts’ and company
officers’ perceptions about the relative value of the two approaches and has
generally found that outsourced internal audit is perceived to be of higher quality
(Lowe et al., 1999; James, 2003; Carey et al., 2006). Some researchers claim that
outsourced internal audit improves the expertise, flexibility and cost-effectiveness
of the service provided (Caplan and Kirschenheiter, 2000), whereas others have
touted the benefits of in-house providers due to their in-depth knowledge, loyalty
and role in handling crisis situations, such as those involving fraud (Chadwick,
2000; Speklé et al., 2007). However, there has been no research directly com-
paring the relative effectiveness of in-house versus outsourcing in the detection
of asset misappropriation fraud, and as such we frame our examination of this
issue in terms of a research question. We suggest that despite the research
findings showing that when the internal audit function is wholly outsourced it
is perceived to be of higher quality, this does not necessarily follow that it will
be also more effective in asset misappropriation detection. First, the finding of
higher perceived quality could be partially due to reputation effects. Second,
to be effective, time is important, and, ceteris paribus, much more time is spent
on internal auditing by in-house compared to outsourced internal auditors
(Chadwick, 2000; Speklé et al., 2007). It has been further suggested in the
professional literature that whistle-blowing and investigations by in-house
internal auditors are effective in fraud detection (Morgan, 2005). Our expectation
is that in-house internal auditors will be more likely to detect and self-report
fraud because of the greater time available to them and a superior knowledge
of the entity.
As there is limited research on this issue and the fact that the evidence is
mixed, we address this issue as a research question as follows:
© The Authors
Journal compilation © 2008 AFAANZ
550 P. Coram et al. /Accounting and Finance 48 (2008) 543–559
RQ1: Are organizations that use an in-house internal audit function more likely
to detect and self-report misappropriation of assets fraud than organizations
that completely outsource their internal audit function?
3. Research method
The unique measure of fraud used in the present study is from the 2004 KPMG
Fraud Survey. KPMG has been performing this biennial survey of fraud within
Australian and New Zealand organizations since the early 1990s. In the 2004
survey, KPMG sent its research instrument to 2164 of Australia’s and New
Zealand’s largest organizations. Usable responses were received from 491 organiza-
tions, 45 per cent of which had experienced fraud, which primarily related to
misappropriation of assets.
2
To check for non-response bias, the respondents from the first mail-out were compared to
the respondents to the second mail-out. No significant differences were found on their
likelihood of having an internal audit function (t = 0.85, p = 0.399) or the structure of their
internal audit function (t = 0.23, p = 0.821).
3
This represents 15 per cent of the initial population of organizations surveyed by KPMG.
© The Authors
Journal compilation © 2008 AFAANZ
P. Coram et al./Accounting and Finance 48 (2008) 543–559 551
Table 1
Descriptive statistics for sample
Size
Revenue
Mean $A646 702 784
Median $A180 000 000
Number of employees
Mean 2043
Median 545
Any dishonest activity involving the extraction of value from a business, directly or
indirectly, regardless of whether the perpetrator benefits personally from his or her
actions.
The amount of fraud reported in the KPMG Fraud Survey was for the 2 year
period before the survey was administered. The amount of fraud reported is
the amount of detected and self-reported fraud, but not necessarily total fraud
perpetrated against these organizations during the period. The total fraud is an
unknown quantity. However, this dataset is likely to be a more accurate indicator
of the underlying level of fraud as a result of misappropriation of assets within
© The Authors
Journal compilation © 2008 AFAANZ
552 P. Coram et al./Accounting and Finance 48 (2008) 543–559
organizations than data that have been reported in any other studies. For example,
Sharma (2004) attempted to find fraud in Australian companies from external
data sources. In a search from 1988 to 2000, only 19 cases were found where
there had been misappropriation of a company’s assets and only 12 related to
falsifying financial statements, giving a total of 31 fraud firms. The KPMG
study provides a far richer dataset of fraud for the 2 year period up until 2004;
from the 491 organizations who replied, 206 organizations reported an experience
of fraud.4 Furthermore, we are confident that the fraud reported by responding
organizations represents the majority of their detected fraud because the survey
is completed voluntarily and the data are kept confidential.
Of the 324 respondents to the internal audit survey, 44 per cent had experienced
fraud as reported in the 2004 KPMG Fraud Survey. This is consistent with the
fraud level of 45 per cent from KPMG’s total sample of 491 organizations. In
the present study, of the organizations that experienced fraud, the median
number of frauds reported was 2 and the median total value of frauds reported
was $A73 599.5
4
However, it is not a good data source for financial statement fraud as only 3 of the 206
cases of self-reported fraud in the KPMG study related to financial statement fraud.
5
The mean frauds reported was 56 and the mean total dollar value was $A931 758. These
figures are significantly larger than the medians because the data were significantly skewed
and there were a few outliers. Therefore, we believe that the median is a better representa-
tion of the actual levels of fraud reported across the sample.
© The Authors
Journal compilation © 2008 AFAANZ
P. Coram et al./Accounting and Finance 48 (2008) 543–559 553
Table 2
Comparison of no-fraud and fraud organizations
No-fraud Fraud
Mean [Median] Mean [Median]
(SD) Number (SD) Number z p
% % χ2 p
The sample consisted of 324 replies to the internal audit survey. Internal audit (whether the organization
had internal audit). SD, standard deviation.
© The Authors
Journal compilation © 2008 AFAANZ
554 P. Coram et al./Accounting and Finance 48 (2008) 543–559
Table 3
Comparison of internal audit and no internal audit organizations
The sample consisted of 324 replies to the internal audit survey. SD, standard deviation.
These tests also show that the size of the organization is significantly and
positively associated with the likelihood of reporting fraud and having an internal
audit function. Therefore, we performed further tests while controlling for size.
4. Results
6
Analyses were performed on the value of the self-reported level of fraud and they yielded
similar results. Therefore, we only report the results on the analyses of the number of
self-reported frauds.
7
The number of employees was used rather than revenue because of the number of govern-
ment organizations in the sample.
© The Authors
Journal compilation © 2008 AFAANZ
P. Coram et al./Accounting and Finance 48 (2008) 543–559 555
Table 4
Analysis of covariance: internal audit and number of reported frauds
Main effect
Internal audit 31 464.65 1 31 464.65 5.64 0.018
Covariance
Number of employees (ranked) 313 298.32 1 313 298.32 56.14 <0.001
Error 1 791 513.16 321 5 581.04
The sample consisted of 324 replies to the internal audit survey. Analysis of covariance was performed
to assess whether there was a significant association between organizations with an internal audit
function and the number of their self-reported level of fraud. The number of employees and number
of frauds were converted into ranked data for the analysis. d.f., degree of freedom; MS, mean square;
SS, sum of squares.
with whether the organization has an internal audit function, after controlling
for size, which was highly significant as expected. Relating these results to
Hypothesis 1, they show that there is a positive relation between the existence
of an internal audit function and the propensity to detect and self-report fraud.
Table 5 reports the strength of the association between the type of internal
audit function and the number of reported frauds.
The ranked number of the reported frauds are significantly different (F = 4.04,
p = 0.019) dependent on the type of internal audit function, after controlling
for size. Research question 1 relates to whether in-house compared to outsourced
internal auditors are more likely to detect and self-report fraud. To specifically
address this question, simple effects tests were performed. In comparing in-
house only to outsourced only, the difference was found to be significant for the
number (117.49 compared to 84.34; t = 3.63, p < 0.001) of reported frauds. In
comparing a combination of in-house and outsourced to outsourced only, the
difference was also found to be significant for the number (123.67 compared to
84.34, t = 3.71, p < 0.001) of reported frauds. There was no significant difference
between in-house only and a combination of in-house and outsourced for the
number (t = 0.62, p = 0.538) of reported frauds. Relating these results to research
question 1, they show that any involvement of in-house internal auditors is associated
© The Authors
Journal compilation © 2008 AFAANZ
556 P. Coram et al./Accounting and Finance 48 (2008) 543–559
Table 5
Analysis of covariance: type of internal audit and number of reported frauds
Main effect
Internal audit 23 815.32 2 11 907.66 4.04 0.019
Covariance
Number of employees (ranked) 84 201.58 1 84 201.58 28.56 <0.001
Error 630 860.15 214 2947.95
The sample consisted of 324 replies to the internal audit survey. Analysis of covariance was performed
to assess whether there was a significant association between the type of internal audit function and the
number of reported frauds. The number of employees and number of frauds were converted into ranked
data for the analysis. d.f., degree of freedom; MS, mean square; SS, sum of squares.
Two other factors associated with the sample might have affected the results.
The first is whether the organization was in the private or public sector. All of
the public sector organizations (83 of the 324) had an internal audit function.
However, including another variable in the analysis of covariance (ancova) for
the public sector was not found to be significant for the examination of internal
audit and the number (Z = 2.13, p = 0.146) of reported frauds or the type of
internal audit for the number (Z = 1.14, p = 0.288) of reported frauds.
Second, the focus of the internal auditors’ work might have also affected the
results. It might be expected that if the internal audit function was more
focused on internal controls, then perhaps they would be more likely to pick up
a fraud. We asked a question in the internal audit questionnaire on the percentage
of the internal auditors’ time spent on the areas of risk management, control,
governance and other. We performed the ancova including the organizations
answer to the time spent on ‘control’ as a covariance. This was not found to be
significant for the number (F = 0.00, p = 0.982) of reported frauds.
© The Authors
Journal compilation © 2008 AFAANZ
P. Coram et al./Accounting and Finance 48 (2008) 543–559 557
Our results show that organizations with an internal audit function are more
likely to detect and self-report fraud through misappropriation of assets than
those that do not. The results also show that having some in-house internal audit
function is more effective in detecting and self-reporting fraud than completely
outsourcing the internal audit function. These results are important for many
groups, such as investors, regulators and corporate managers, because they provide
evidence on the value of the internal audit function, and this evidence of
‘importance’ is also in the very topical area of fraud detection.
The measure of fraud used in the present study is unique. Most prior studies have
operationalized fraud using externally reported financial statement fraud. This
has not surprisingly been associated with poor corporate governance because
the occurrence of a fraud within an entity reaching the public domain would
suggest a breakdown of the governance and/or controls within an entity. This
study uses self-reported fraud from the 2004 KPMG Fraud Survey, which is a
very rich data source and primarily relates to fraud associated with misappropria-
tion of assets by employees or management. The fact that this information is
self-reported is a key difference from prior studies that have used financial
statement fraud reported in the public domain. This is because organizations
with good controls are more likely to pick up frauds through misappropriation
than those with poor controls. However, the overriding benefit from using this
unique dataset is that it provides some insights on factors associated with the
ability to detect and self-report misappropriation of assets, fraud that is economically
significant for many organizations and the economy and has had very little
examination in the academic literature to date.
A limitation in the present study is that having internal audit might be associated
with organizations with good governance and internal controls, i.e. it is there-
fore these other factors that increase the propensity to detect and self-report the
fraud rather than internal audit per se. This is a difficult issue to disentangle and
is one that warrants further research. A couple of further limitations are related
to our measure of fraud. First, we do not know the ‘actual’ amount of fraud.
Second, we are relying on ‘self-reported detected fraud’, which might not be all
detected fraud. Both of these limitations are very difficult, if not impossible, to
overcome. We argue that the extent of our reported data gives us some comfort
that our measure of fraud is a good reflection on all detected fraud and a reasonable
proxy for all fraud. In addition, given that the survey is completed voluntarily
and the data are kept confidential, we are confident that responders are reporting
what they believe to be all the detected fraud in their organization.
Another potential limitation relates to the interpretation of the self-reported
fraud data. We argue that better controls (and internal audit) will be associated
with a greater propensity to detect and self-report fraud; however, it is possible
that better controls will be associated with a greater propensity to prevent
fraud, leading to less overall detected and self-reported fraud. This is a difficult
© The Authors
Journal compilation © 2008 AFAANZ
558 P. Coram et al./Accounting and Finance 48 (2008) 543–559
References
Abbott, L. J., S. Parker, and Y. Park, 2000, The effects of audit committee activity and
independence on corporate fraud, Managerial Finance 26, 55 – 67.
Abbott, L. J., S. Parker, G. F. Peters, and D. V. Rama, 2007, Corporate governance, audit
quality and the Sarbanes–Oxley Act: evidence from internal audit outsourcing, Accounting
Review 82, 803–835.
Apostolou, B. A., J. M. Hassell, S. A. Webber, and G. E. Sumners, 2001, The relative
importance of management fraud risk factors, Behavioral Research in Accounting 13, 1–24.
Auditing and Assurance Standards Board, 2006, ASA 240: The Auditor’s Responsibility to
Consider Fraud in an Audit of a Financial Report (AUASB, Melbourne, Vic.).
Australian Accounting Research Foundation, 2004, AUS 210: The Auditor’s Responsibility
to Consider Fraud in an Audit of a Financial Report (AARF, Melbourne, Vic.).
Bailey, A. D., A. A. Gramling, and S. Ramamoorti, eds. 2003, Research Opportunities in
Internal Auditing (Institute of Internal Auditors’ Research Foundation, Altamonte Springs, FL).
Beasley, M. S., 1996, An empirical analysis of the relation between the board of director
composition and financial statement fraud, Accounting Review 71, 443–465.
Beasley, M. S., J. V. Carcello, D. R. Hermanson, and P. D. Lapides, 2000, Fraudulent financial
reporting: consideration of industry traits and corporate governance mechanisms,
Accounting Horizons 14, 441– 454.
Belloli, P., 2006, Fraudulent overtime, International Auditor 63, 91–93.
Belson, K., 2005, WorldCom head is given 25 years for huge fraud, New York Times
14 July, A1.
Birkett, W. P., M. Barbera, B. Leithhead, M. Lower, and P. Roebuck, 1999, Internal auditing:
the global landscape, in: Competency Framework for International Auditing (Institute of
Internal Auditors’ Research Foundation, Altamonte Springs, FL).
Caplan, D. H., D. Janvrin, and J. Kurtenbach, 2007, Internal audit outsourcing: an analysis
of self-regulation by the accounting profession, working paper (Oregon State University,
Corvallis, OR).
Caplan, D. H., and M. Kirschenheiter, 2000, Outsourcing and audit risk for internal audit
services, Contemporary Accounting Research 17, 387–428.
Carcello, J. V., D. R. Hermanson, and K. Raghunandan, 2005, Factors associated with
U.S. public companies’ investment in internal auditing, Accounting Horizons 19, 69 – 84.
Carey, P., N. Subramaniam, and K. C. W. Ching, 2006, Internal audit outsourcing in
Australia, Accounting and Finance 46, 11–30.
© The Authors
Journal compilation © 2008 AFAANZ
P. Coram et al./Accounting and Finance 48 (2008) 543–559 559
Carey, P., G. Tanewski, and R. Simnett, 2000, Voluntary demand for internal and external
auditing by family businesses, Auditing: A Journal of Practice and Theory 19, 37–51.
Chadwick, W. E., 2000, Keeping internal auditing in-house, International Auditor 57, 88.
Church, B. K., J. J. McMillan, and A. Schneider, 2001, Factors affecting internal auditors’
consideration of fraudulent financial reporting during analytical procedures, Auditing: A
Journal of Practice and Theory 20, 65–80.
Dechow, P. M., R. G. Sloan, and A. P. Sweeney, 1996, Causes and consequences of earnings
manipulations: an analysis of firms subject to enforcement actions by the SEC, Con-
temporary Accounting Research 13, 1–36.
Gramling, A. A., M. J. Maletta, A. Schneider, and B. K. Church, 2004, The role of the
internal audit function in corporate governance: a synthesis of the extant internal auditing
literature and directions for future research, Journal of Accounting Literature 23, 194–244.
Holtfreter, K., 2004, Fraud in US organisations: an examination of control mechanisms,
Journal of Financial Crime 12, 88–95.
Institute of Internal Auditors, 1999, Definition of Internal Auditing (IIA, Altamonte Springs, FL).
Institute of Internal Auditors, 2004, Practice Advisory 2130 –1: Role of the Internal Audit
Activity and Internal Auditor in the Ethical Culture of an Organization (IIA, Altamonte
Springs, FL).
James, K. L., 2003, The effects of internal audit structure on perceived financial statement
fraud prevention, Accounting Horizons 17, 315 –327.
Kachelmeier, S. J., and W. F. Messier, 1990, An investigation of the influence of a non-
statistical decision aid on auditor sample size decisions, Accounting Review 65, 209 –226.
KPMG, 2004, Fraud Survey 2004 (KPMG, Brisbane, Qld).
Lowe, D. J., M. A. Geiger, and K. Pany, 1999, The effects of internal audit outsourcing on
perceived external auditor independence, Auditing: A Journal of Practice and Theory 18,
7–26.
Luehlfing, M. S., C. M. Daily, T. J. Phillips Jr, and L. M. Smith, 2003, Cyber crimes, intrusion
detection and computer forensics, International Auditing 18, 9 –13.
Marden, R., and R., Edwards, 2005, Employee fraud in the casino and gaming industry,
International Auditing 20, 21–30.
McMullen, D. A., 1996, Audit committee performance: an investigation of the conse-
quences associated with audit committees, Auditing: A Journal of Practice and Theory
15, 87–103.
Morgan, B., 2005, Drying out fraud, International Auditor 64, 111–115.
Nestor, S., 2004, The impact of changing corporate governance norms on economic crime,
Journal of Financial Crime 11, 347–352.
Sharma, V. D., 2004, Board of director characteristics, institutional ownership, and fraud:
evidence from Australia, Auditing: A Journal of Practice and Theory 23, 105 –117.
Speklé, R. F., H. J. van Elten, and A. Kruis, 2007, Sourcing of internal auditing: an empirical
study, Management Accounting Research 18, 102–124.
Swanger, S. L., and E. G. Chewning Jr, 2001, The effect of internal audit outsourcing on
financial analysts’ perceptions of external auditor independence, Auditing: A Journal of
Practice and Theory 20, 115 –129.
Wallace, W., and R. Kreutzfeldt, 1991, Distinctive characteristics of entities with an internal
audit department and the association of the quality of such departments with errors,
Contemporary Accounting Research 7, 485 –512.
Widener, S. K., and F. H. Selto, 1999, Management control systems and boundaries of the
firm: why do firms outsource internal auditing activities, Journal of Management
Accounting Research 11, 45–73.
Zain, M. M., N. Subramaniam, and J. Stewart, 2006, Internal auditors’ assessment of their
contribution to financial statement audits: the relation with audit committee and internal
audit function characteristics, International Journal of Auditing 10, 1–18.
© The Authors
Journal compilation © 2008 AFAANZ