Mohamed Gaber,Samy Garas,Edward J. Lusk

DOI: https://doi.org/10.20525/ijrbs.v9i4.742

2020-07-04

Abstract:AS5[v.Dec:2017] issued by the Public Company Accounting Oversight Board [PCAOB] requires the use of Analytical Procedures [AP] at the Planning and Substantive Phases of Assurance Audits for firms traded on active exchanges. We argue that one aspect of AP, relative to risk-setting, should be vetting the information that is produced/published by the audit client pertaining to Regulation G [v.SEC:2003] called: Non-GAAP information. In our research, we intend to leverage the longstanding Reg[G] requirements to extend the Non-GAAP information to firm performance profiles reported for the Environment, Social, and Governance[ESG]Platform on BloombergÒ. There are two research foci: (1) Offer an AP-Model that uses GAAP & ESG variables to contribute audit evidence useful in making the decision to launch an AP-Extended Procedures examination of the firm’s Enterprise Resource Planning & Control [ERP&C] protocols, and (2) Profile a random accrual-set of firms indexed on Bloomberg so as to offer population parameter estimates for refining the AP-Model. The AP-Model is based upon correlational associations for the ESG- & GAAP-variables from the: Income, Balance Sheet & Cash Flow Statements. If there seems to be a disconnect between the nature of these associations for the ESG-variables and those of the GAAP-variables, the auditor may use this as audit evidence in making the decision to conduct an Extended Procedures Examination of the firm’s [ERP&C] protocols. As for the other focus, we found that for the accrual of firms tested there is no inferential evidence that the ERP&C-protocols are consistent drivers for both the ESG- and the GAAP variable sets.

Hugo Miguel Cipriano,R. Pereira,M. D. da Silva,Rafael Almeida

DOI: https://doi.org/10.4018/978-1-5225-7356-2.CH008

Abstract:Organizations face a challenge on the emerging technology-enabled businesses to prevent fraud and mitigate risks. Information technology (IT) advancements also provided the possibility of ongoing risk assessment and ongoing control assessment on the growing data volume in the digital age. Although organizations perceive the benefits of continuous auditing (CA) and continuous monitoring (CM), its adoption is low. Some barriers limit CA and CM adoption along with common challenges that organizations must face during implementation. This chapter provides a systematic literature review to promote CA and CM by presenting the main challenges in implementations and general guidance to overcome the identified challenges.

Computer Science,Business

Kishore Singh,Peter Best

DOI: https://doi.org/10.1108/par-07-2022-0103

2023-05-22

Pacific Accounting Review

Abstract:Purpose During a pandemic, with businesses implementing social distancing protocols and work-from-home strategies, the use of continuous controls monitoring (CCM) may add value to the internal audit function. This study aims to examine the use of CCM technologies and the impact on the internal audit function during a pandemic. Design/methodology/approach This study adopted a case study approach for this study because it focuses on questions of “how” and “what.” Case studies provided an opportunity for an in-depth analysis of the phenomena being investigated. Semi-structured interviews were used to collect data. This study did not use sampling. Instead, multiple case studies were used for data collection. Findings Based on the findings, this study makes several contributions to the literature, for example, in health-care evidence suggests the pandemic has caused internal audit to focus on risk areas. Other industries, such as retail, have invested in CCM. However, in all cases, education and preparedness (or the lack thereof) appeared to significantly influence uptake of CCM. Organizations that made prior investments in CCM technologies experienced greater acceptance in the face of changing demands. Training in emerging technologies is a key competency in supporting audit operations in changing environments. Research limitations/implications As the study was conducted with a small sample of cases, findings cannot be extrapolated nor generalized beyond the case study organizations. Practical implications This study found that several factors limit adoption, exploitation and further development of CCM technologies, such as lack of top management support, acceptance of CCM technologies and suitable education and training of internal audit staff. Originality/value This study addresses the issue of the value that CCM offers organizations and whether it is a silver bullet that the internal audit profession needs, particularly when physical access to organizations may be restricted. The COVID-19 pandemic placed considerable focus on digital access. Better IT systems and more data will allow organizations to better support employees, inform strategic and financial decisions and engage stakeholders. During the recovery phase, leveraging investments in CCM technologies will contribute to internal audits’ ability to help clients to manage organizational risk.

Alex Mahiva Simbiri,Maniagi Musiega,Jairus Simiyu Edwin

DOI: https://doi.org/10.51867/ajernet.4.2.54

2023-10-12

African Journal of Empirical Research

Abstract:To better monitor and control risks, businesses may use risk-based internal audit (RBIA) practices. It also increases transparency and honesty in the financial reporting process. The Western Region and Kenyan Deposit Taking Savings and Credit Cooperatives (DT-SACCOs) are the primary subjects of this research. Despite having an audit department in place, some DT-SACCOs encounter difficulties in auditing their operations, such as a lack of audit evidence (too weak or incorrect) that makes it difficult for the auditor to make the proper choice or generate accurate findings. An internal audit that takes risk into account may help a company prioritize its resources where they will have the most impact. This allows the SACCO to boost its financial performance and provide better reporting to its members. This research looked at how risk-based internal audits affected the profitability of DT-SACCOs in Kenya's Western Region. Based on three theories - the Positive Accounting Theory of internal auditing risk planning, the Contingency Theory of risk management, and the Agency Theory of internal audit capacity—this descriptive study was conducted. Fifteen DT-SACCOs in the Western Region of Kenya will be the focus of the study. Primary data was collected from DT-SACCO members, with a response rate of five per SACCO. The data on financial performance was verified using secondary sources of information. Regression analysis shows that risk-based audit planning had a statistically significant effect on the financial performance of DT-SACCOs in the Western area (t = 5.626, p<0.05). The study recommended that SACCO management practice risk-based auditing with adequate planning from all stakeholders to enhance transparency and accountability. Furthermore, the management should ensure there is timely action on audit queries.

Leif Christensen

DOI: https://doi.org/10.1111/ijau.12280

2022-05-13

International Journal of Auditing

Abstract:Traditionally, when companies needed assistance regarding internal controls, they turned to an external auditor (EA). However, now, due to an ongoing tightening of legal requirements and practices regarding the independence of EAs, this assistance has been restricted. As an alternative, companies are increasingly requesting internal audits to deliver this support. Even though internal audit function (IAF) are an important player in internal control, however, there is little academic knowledge about their impact. Based on a single‐case study in a large financial institution, this paper explores to what extent and how IAF affect internal controls. Furthermore, it assesses whether IAF add value to the company. The results suggest that the management letter process, including a step‐by‐step settlement of interactions, leads to a joint problem solving, an acceptance of all IAF's recommendations and a value‐adding outcome improving the level of internal controls.

Oluwatosin Ilori,Nelly Tochi Nwosu,Henry Nwapali Ndidi Naiho

DOI: https://doi.org/10.51594/farj.v6i6.1213

2024-06-13

Finance & Accounting Research Journal

Abstract:In the face of increasing complexity and rapid technological advancements, traditional internal audit methods are becoming inadequate for comprehensive risk assessment and effective fraud detection. Advanced data analytics offers a transformative approach that enhances the effectiveness of internal audits. This concept paper presents a framework for integrating advanced data analytics into internal audit processes, aiming to provide more robust risk management and improved fraud detection capabilities. Integrate diverse data sources, including financial, operational, and external data, to provide a holistic view of the organization's risk landscape. Implement rigorous data governance practices to ensure data accuracy, consistency, and reliability. Use machine learning algorithms and predictive analytics to identify patterns, predict future risks, and detect anomalies. Employ real-time data analytics for continuous monitoring, enabling the timely detection and response to emerging threats. Develop adaptive risk assessment models that can evolve with changing business environments and emerging risks. Utilize data-driven insights to prioritize risks based on their potential impact and likelihood. Deploy advanced algorithms to uncover complex fraud schemes that traditional methods might miss. Conduct scenario-based analysis to identify potential fraud patterns and strengthen preventive measures. Use analytics to focus audit efforts on high-risk areas, enhancing the efficiency and effectiveness of audits. Incorporate data-driven procedures into audit execution, reducing manual efforts and increasing precision. Advanced data analytics provides deeper insights, enabling more proactive and comprehensive risk management. Real-time and predictive analytics significantly enhance the ability to detect and prevent fraud, mitigating financial and reputational damage. Data-driven audit processes streamline activities, allowing auditors to focus on high-value tasks and reducing the overall audit cycle time. Analytics provide accurate and timely insights, supporting better decision-making in risk management and fraud prevention. Secure commitment from senior management to support the integration of advanced data analytics into internal audits. Establish a governance framework to oversee the implementation and alignment with organizational objectives. Invest in advanced analytics platforms and tools that support real-time data processing and analysis. Ensure robust data security measures to protect sensitive information. Train audit professionals in data analytics techniques and tools, fostering a culture of continuous learning and innovation. Implement pilot projects to test and refine the data analytics framework, using lessons learned to scale up across the organization. Integrating advanced data analytics into internal audits offers significant benefits, including enhanced risk management, improved fraud detection, and increased audit efficiency. By adopting this conceptual framework, organizations can better protect their assets, ensure compliance, and maintain stakeholder confidence in an increasingly complex and digital business environment. The future of internal auditing is data-driven, and organizations must embrace this transformation to remain competitive and secure. Keywords: Fraud Detection, Risk Assessment, Internal Audits, Advanced Data Analytics, Conceptual Frameworks.

Romina Rakipi,Giuseppe D'Onza

DOI: https://doi.org/10.1111/ijau.12341

2023-12-17

International Journal of Auditing

Abstract:We conducted 31 interviews with audit committee (AC) members, chief executive officers (CEOs), and chief audit executives (CAEs) to investigate the role of the internal audit function (IAF) in environmental, social, and governance (ESG) processes and related risks. We find that multiple possible combinations of the maturity of companies' ESG practices and CAE's perception of the IAF stakeholders' salience drive the type of IAF's involvement in ESG. In ESG‐mature companies with more salient ACs, the IAF provides assurance over ESG practices, ESG reporting, and reputation risks related to ESG, and it focuses on the governance dimension of ESG. When the CEO is perceived as more salient, the type of IAF's involvement includes both assurance over ESG controls in the supply chain and consulting on ESG activities. In contrast, in low ESG maturity companies with more salient AC, the IAF's role is limited to providing assurance over internal controls established to comply with environmental, health, and safety legal requirements, and prevent managers' unethical behavior. Finally, we discuss the implications for the IAF's ability to add value to the organization. We contribute to the underexplored research area of IAF's involvement in ESG practices and related risk.

business, finance

Rainer Lenz,Gerrit Sarens,Kim Klarskov Jeppesen

DOI: https://doi.org/10.1080/07366981.2018.1511324

2018-08-03

EDPACS

Abstract:Internal auditing (IA) effectiveness is still viewed, to large extent, as a “black box” in academic research. In this article, relevant empirical studies based on self-assessments of internal auditors and on other stakeholders’ perspectives are reviewed through an “effectiveness lens.” Major patterns are identified in the existing literature. This article reviews the empirical literature on IA effectiveness that has been published since the latest revision of the IA definition in 1999, using the perspectives of new institutional theory and institutional entrepreneurship as a framework, thereby recognizing the tension between institutional forces and the role of agency. In cases where isomorphic forces are in conflict with other organizational demands, chief auditing executives’ (CAE) agency can be a solution that enables local adaptation (institutional entrepreneurship). The ability to exploit fully the potential of agency is an opportunity for the CAE to tailor and advance the role of IA in its specific organizational context.

Jagdish Pathak

DOI: https://doi.org/10.1108/02686900410530556

2004-05-01

Managerial Auditing Journal

Abstract:Auditors provide high assurance to executives amidst information and database risk. A framework is provided for auditors within cyber entities. The categories of e‐commerce, business‐to‐business, business‐to‐customers and mobile commerce use different core technologies. The common factor remains unchanged from the auditors' perception, i.e. risk and its potential to harm the integrity and accuracy of the data and decisions based thereon. E‐commerce requires audit to identify risks and show their impact on the information system. The American Institute of CPAs and Canadian Institute of Chartered Accountants jointly offer seals of assurance at Web and system levels. The limitations of these certifications are important for an auditor since they are set by these accounting bodies. The role and functions of an auditor are beyond those of the assurance approval auditors. Organizational decision‐making processes depend on segments of information bases, whereas these assurance providers audit a limited amount related to their interest.

management,business, finance

Petros Lois,George Drogalas,Alkiviadis Karagiorgos,Kostantinos Tsikalakis

DOI: https://doi.org/10.1108/emjb-07-2019-0097

2020-03-18

EuroMed Journal of Business

Abstract:Purpose The aim of this study is to examine continuous auditing in the digital age from the perspective of audit firm employees. It also investigates contemporary factors affecting continuous auditing, as well as the techniques that could be utilised for its implementation. Design/methodology/approach Internal audit departments of private companies were contacted via email and given a questionnaire developed based on the extant literature. The sample consisted of 105 individuals employed in the largest audit institutions in Greece. Data were analysed using multiple regression. Findings As expected, technological advances are indispensable for the establishment of an effective digital auditing system. The impact of data protection measures against cyber-attacks as well as employees' skills and training were found to be significant. Particular attention should be given to the preparation and building of virtual auditing teams. Research limitations/implications The fact that the digital era is still nascent with its final outcomes not yet visible makes it difficult to produce accurate predictions and draw conclusions. Further, there is a need to survey salient stakeholders in other country contexts beyond Greece pursuant of producing generalisable results. Practical implications The actions taken by companies to ensure cyber security and the formation of virtual teams were found to be highly significant for the implementation of a real-time auditing process. Traditionally, factors such as cost and time play an important role in optimising internal continuous auditing. Technological advancements combined with careful, strategic and case-specific implementation have the potential to enhance the efficacy of older methods. Social implications The positive propensity of staff to adopt technology and modern techniques illustrates how implementation difficulties can be overcome through the redefinition and scheduling of an organisation's objectives and training of its personnel. Originality/value Audit firm employees highlighted the protection of personal data, the avoidance of cyber-attacks and training as major continuous internal auditing goals. The results indicate acceptance towards technology and modern techniques, provided companies ensure adequate preparation and staff training conditions.

Xiong Wang,Fernando A. F. Ferreira,Pengyu Yan

DOI: https://doi.org/10.1007/s10479-023-05228-2

IF: 4.82

2023-02-14

Annals of Operations Research

Abstract:Abstract Annual audit planning is a multi-criteria decision-making problem faced by internal audit departments of all organizations. Due to the constrained audit resources, the planning process primarily involves the analysis and evaluation of complex factors for selecting auditable units that maximize the full potential of internal audit. Previous research on internal audit planning only focused on the goal of risk minimization and applied ranking methods to prioritize alternatives. In order to enable internal audit activities to add more value to the organization, the integrated risk-based internal audit planning is proposed to assist audit department in achieving multiple objectives in addition to risk management. Meanwhile, a multi-stage framework is proposed to support the development of such value-added internal audit plan. The new framework integrates the risk assessment of auditable units with the selection of audit activities and resource allocation through a combined analytic hierarchy process (AHP), fuzzy comprehensive evaluation (FCE) and weighted multi-choice goal programming (WMCGP) approach. The model considers both qualitative and quantitative decision criteria. A real-life case study of the development of an integrated risk-based annual audit plan is presented, and sensitivity analysis is performed to illustrate the validity of the proposed approach. The results indicate that the proposed framework is a useful tool for internal audit planning and the implications of the study can be extended to various selection and allocation problems.

operations research & management science

Salem M. AL Fayi

DOI: https://doi.org/10.1108/jmb-11-2021-0053

2022-02-17

Journal of Money and Business

Abstract:Purpose The work of internal auditors is relevant to their host entities' reporting processes; however, few researchers have examined how internal auditors’ competency and objectivity affect their resistance to pressure from host entities regarding their reports. Thus, the main objective of this study is to examine the influence of internal audit functions' (IAF) quality factors on chief audit executives' (CAEs) ability not to modify internal audit report. Design/methodology/approach This study uses data from the Global Internal Audit Common Body of Knowledge to investigate the relationship between IAF quality and auditor resistance to pressure related to changes in internal audit reports. IAF quality is calculated using a composite measure comprising four IAF quality components. Auditors' resistance is measured using the extent to which internal auditors experienced a situation wherein they were directed to modify a valid audit finding in a report. Findings The analyses provide evidence that CAEs experience, certification, training and objectivity were all significantly associated with resistance to pressure. In other words, a greater quality of IAF leads to a greater ability to resist pressure to change their reports. Research limitations/implications Despite the statistically significant results that confirm the impact of IAF competence and objectivity on the resistance of CAEs to pressure, some other factors should be considered simultaneously in future research. In addition, the study sample contains 2,193 CAEs from different regions, environments, sectors and business areas. Focussing on a particular environment, sector or organisation size may generate different results. Practical implications The following practical implications are proposed: First, internal audit regulators will find this study helpful in formulating strategies for creating balanced relationships between CAEs and other authorities and users. Second, CAEs can be encouraged to undergo constant training and complete professional development (as required by the Institute of Internal Auditors [IIA] standard). Finally, it would be interesting to apply this study to a particular environment, sector and size. Originality/value This study builds on the limited research that investigates the relationship between IAFs’ quality and the resistance of CAEs to pressure. It extends Calven’s (2021) study that investigates the impact of adherence to the IIA's Core Principles on the likelihood of IAFs modifying valid audit findings. This study examines the influence of IAF quality factors on CAEs' ability not to modify internal audit report.

Hu Tao,Zhu Bin

2007-01-01

Abstract:Rapid business development and the all-round strategic change of management method have greatly expanded the scope and targets of internal auditing.However,due to limited auditing resources,an extensively rolled-out auditing plan doesn't yield satisfactory results,therefore internal auditing departments of insurers must rejuvenate their concepts,innovate their auditing methods,concentrate their resources on major risks and business units with a weaker risk management func- tion,and strengthen their risk management advisory function apart from risk supervision and appraisal.The new auditing concept centered on risk prevention,a work style emphasizing"up-front supervision and risk prevention",and the auditing order of"risk-control-target"will prompt the internal auditing function to improve its appraisal and services regarding im- provement of risk management,control and remedy,while correctly directing its attention to the operating units and business areas most in need of auditing.

Joe Christopher

DOI: https://doi.org/10.1177/1056492618774852

2018-05-21

Journal of Management Inquiry

Abstract:Within the management and organization field, the internal audit function (IAF) plays an important role in enhancing good governance. Given the spate of corporate collapses over the last 20 years, this article draws on a multitheoretical approach to governance and a critical review of the published literature to identify where IAFs have failed, and to provide a new focus to strengthen their role. Common themes regarding monitoring gaps by IAFs were identified as occurring across three governance levels. A contributory cause for these gaps is the poor structural and functional arrangements of the IAF, arising from the considerable flexibility afforded in its setup and delivery of services. A negative consequence of this flexibility is the ability of the board and management to manipulate the role of the IAF to the extent that it is not aligned with the intention of its setup as encapsulated in its definition.

management

Carol Callaway Dee,Bing Luo,Jing Zhang

DOI: https://doi.org/10.2139/ssrn.3882399

2021-01-01

SSRN Electronic Journal

Abstract:We examine whether the 2019 introduction of critical audit matter (CAM) reporting in audit reports in the United States is associated with improvements in issuers’ internal controls over financial reporting. We propose that increased scrutiny by auditors on CAM-related matters may lead to early identification and client remediation of material weaknesses in internal control (ICMW). Analyses show that compared to control companies, treatment companies (those with CAM reporting) experience a statistically significant decrease in both the likelihood of having an ICMW and the number of ICMWs after the CAM is reported. This result is driven primarily by account-level ICMWs rather than entity-level ICMWs. We also find that issuers with revenue-recognition CAMs have significantly fewer revenue-related ICMWs compared to other issuers, consistent with the notion that ICMWs related to revenue recognition are identified and remediated through the auditor’s CAM evaluation process. Results show that the positive association between CAM disclosure and internal control quality—that is, the negative association between CAMs and ICMWs—is more pronounced when more auditor effort is involved in CAM reporting. We conclude that by focusing auditor attention on areas of potential concern, CAM reporting leads to improvements in the quality of internal control over financial reporting.

I. Kassim,Mohd Rasid Hussin,N. Manab

Abstract:This paper examines the internal audit roles and functions in Enterprise-Wide Risk Management (EWRM ) practices of Public Listed Co mpanies (PLCs) in service sector. A triangulation approach was adopted to obtain an enriched data collection and analysis for the study. From a survey analysis , the findings showed that 85.7 percent of EW RM programs in financial co mpanies were under the direct supervision of a risk management department as compared to only 34.1 percent in non-financial co mpanies. Th is result was quite surprising, as more than half (51.3 percent) of the EWRM programs in non-financial co mpanies were actually under the supervision of an internal audit depart ment. Ho wever, only 47.2 percent of the companies were found to have their own internal audit, while 52.6 percent reported that they outsourced their audit activities. Quite interestingly, the overall result fro m a case study analysis found that the internal auditor plays a dual function, as an internal auditor and also as a risk manager.

Business

Jayanthi Krishnan

DOI: https://doi.org/10.2308/accr.2005.80.2.649

2005-04-01

The Accounting Review

Abstract:I examine the association between audit committee quality and the quality of corporate internal control. While information on the quality of internal control is not generally available, companies changing auditors are required to disclose any internal control problems that were pointed out by their predecessor auditors. The empirical results are based on a comparison of companies disclosing such internal control problems with a control sample of companies changing auditors but not disclosing internal control problems. Audit committee quality is measured in three dimensions: its size, its independence, and its expertise. The internal control problems are observed at two levels of increasing seriousness: reportable conditions and material weaknesses. The sample time period precedes the effective dates of recent policy changes regarding audit committees. The results indicate that independent audit committees and audit committees with financial expertise are significantly less likely to be associated with the incidence of internal control problems. This is true for both levels of internal control problems. The results are consistent with recent policy emphasis on audit committee independence and expertise.

business, finance

Melissa Reville,Rani Hoitash,Udi Hoitash

DOI: https://doi.org/10.2139/ssrn.3229966

2018-01-01

SSRN Electronic Journal

Abstract:Limited data availability on the internal audit function (IAF) has constrained research on the topic. This study uses unique, manually collected data from LinkedIn on internal audit personnel that overcomes certain limitations of previous survey-based data. Using this longitudinal data, we test whether IAF competency is associated with financial reporting failures and whether IAF competency improves after financial reporting failures. We find that IAF competency is inversely related to the propensity for material weakness disclosures and restatements. We also find a significant increase in IAF competency in the year following material weakness and restatement disclosures. Importantly, we document that the increase in competency is not uniform across firms and is greater in firms with higher audit committee commitment toward the IAF, lower audit committee accounting expertise, and when the CFO lacks accounting expertise. These findings suggest that while there is no regulatory oversight governing the IAF, certain audit committees and executives recognize its value. Regulators that have focused on improving financial reporting quality by enhancing oversight over external auditors and audit committees should also consider focusing on the IAF.

Ed O'Donnell,Vicky Arnold,Steve G. Sutton

DOI: https://doi.org/10.2308/jis.2000.14.s-1.97

2000-01-01

Journal of Information Systems

Abstract:Both the evolution toward online continuous auditing and new assurance services for information systems reliability have helped fuel changes in the audit/attest process. These changes have already been of concern in dealing with large organizations using complex information systems to process their accounting and business information. As a result, these changes have necessitated a change in focus from traditional accounting control processes to increasingly complex information-systems-based control processes for advanced technology applications. With the resulting increased complexity in the internal control assessment process, the move toward group decision making in the major accountancy firms is expected to accelerate—particularly for the control-assessment process. The research documented in this paper focuses on the impact of group decision making on decision quality within the internal control-assessment process for information systems environments. The results indicate that improved decision quality does result from group decision making and that these improvements arise even if much of the initial assessment work is done individually by group members before the group convenes for face-to-face discussions. The use of preliminary individual assessments does, however, appear to result in a common information-sampling bias. This is the phenomenon whereby group decisions become focused on information known by most or all group members, and information known by only one group member has a higher probability of not being introduced and recognized by the group.

business, finance

Yusun Jung,Moon-Kyung Cho

DOI: https://doi.org/10.1108/maj-10-2020-2862

2022-03-18

Managerial Auditing Journal

Abstract:Purpose This paper aims to examine the extent to which two commonly recommended information sharing and communication interventions, direct reporting lines between the internal audit function (IAF) and the audit committee (AC) and their joint reviews of internal audit standards and procedures, improve the internal audit in the continuous audit control and monitoring efforts. Design/methodology/approach This study uses data from the Audit Intelligence Suite-Benchmarking (AIS) Report for the years 2007 to 2016 published by the Institute of Internal Auditors. The authors test the research hypotheses using the ordinary least squares regression method. Findings Functional reporting lines from the IAF to the AC positively impact the internal audit, but administrative lines have a negative impact. Reviews conducted jointly between the IAF and the AC positively influence the internal audit. The impacts of reporting lines and joint reviews are also associated with accounting complexity within a given industry, organizational control structure, organizational scope and the level of IAF’s responsibilities over internal control environment to comply with Sarbanes–Oxley (SOX) Act of 2002. Research limitations/implications Because the study uses AIS data, operationalization of variables is constrained to items in the given data set. Future studies, including field studies, may identify other variables and measures using diverse data sources. This study expands the knowledge of effective means of information sharing and communication to enhance interactions between the IAF and the AC. Practical implications The results suggest that the use of reporting lines should correspond to accounting complexity, organizational control structure, organizational scope, and reliance on the IAF in handling SOX responsibilities. They also highlight the importance of joint reviews between the IAF and AC in ensuring a high-quality internal audit. Originality/value The authors envisioned reporting lines and joint reviews as an excellent tool to balance the relationship between the IAF and the AC for continuous internal auditing beyond generating internal audit reports according to the US Committee of Sponsoring Organizations of the Treadway Commission framework Principle 14.

management,business, finance