INTERNAL AUDITING AS A MAIN TOOL FOR EFFICIENT RISK ASSESSMENT

Similar documents
Effect of Financial Crisis in the Internal Audit Profession in Greece

impact of Internal Control

Evaluation of the Effectiveness of Internal Audit in Greek Hotel Business

INTERNAL AUDIT AND MERGERS AND ACQUISITIONS

Ioanna A. Siouziou. Open University of Cyprus, Nicosia, Cyprus. Kanellos S. Toudas, Marios Menexiadis. Hellenic Open University, Patras, Greece

HB Delivering assurance based on AS/NZS 4360:2004 Risk Management

CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a. AUDITING THEORY Risk Assessment and Response to Assessed Risks

Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8 th Edition

CHAPTER II THEORETICAL FOUNDATION. ensure the effectiveness and efficiency of a company s operation. Operational audit is

Feature. Adopting Continuous Auditing/Continuous Monitoring in Internal Audit

STATISTICAL SAMPLING METHOD, USED IN THE AUDIT - views, recommendations, findings

Audrey A. Gramling Kennesaw State University. Larry E. Rittenberg. University of Wisconsin Madison. Karla M. Johnstone

Prerequisite(s): ACCT 1020 or permission of the Business & Technology Department Chair

A Discussion About Internal Controls February 2016

Discussions on Qualitative Assessment or Risk Quantification in Adopting Decisions Concerning Risk in Financial Auditing

The Impact of an Organization s Governance Maturity on Its Internal Audit Activity INTRODUCTION AND INSTRUCTIONS

Summary findings inspection quality of statutory audits Big 4 firms

Chapter 06. Audit Planning, Understanding the Client, Assessing Risks, and Responding. McGraw-Hill/Irwin

Professional scepticism: its implications on audits of financial statements

Audit Risk. Exposure Draft. IFAC International Auditing and Assurance Standards Board. October Response Due Date March 31, 2003

PART 6 - INTERNAL CONTROL

Internal Audit Best Practices for Community Banks. A CSH White Paper

COSO 2013: Updated internal control framework

CHAPTER 2 THEORITICAL FOUNDATION. Auditing is the accumulation and evaluation of evidence about information to

Chapter 2. Literature review. areas of risk based auditing and the internal auditor s adoption of the risk based

Chapter 4. Risk Assessment. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin

IAASB Main Agenda (September 2004) Page Agenda Item PROPOSED REVISED INTERNATIONAL STANDARD ON AUDITING 540

AUDITING AND ASSURANCE SERVICES IN AUSTRALIA. AUTHORS: GAY & SIMNETT

20 Years in the Making. Meet the New ICIF: Revisions to COSO s Internal Control Integrated Framework. Dr. Sandra Richtermeyer COSO Board Member

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

INTERNAL AUDIT NEW DEVELOPMENTS & CHALLENGES BEFORE THE PROFESSION

Proposed International Standard on Auditing 315 (Revised)

Practical Approach to Internal Controls for Pre & Post IPOs in Hong Kong & China

The Auditor s Consideration of the Internal Audit Function in an Audit of Financial Statements

IMPACT AND IMPORTANCE OF INTERNAL AUDIT IN SUCCESSFUL MANAGEMENT OF THE ENTERPRISE

AUDITING. Auditing PAGE 1

Chapter 8. Planning and Testing Operating Effectiveness of Internal Control over Financial Reporting. Prepared by Richard J.

A Research Note on the Relationship between the Control Environment and the Size of the Internal Audit Function in Belgium Gerrit Sarens

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)

Standards for Internal Control in New York State Government 2016 Update

What We Will Cover Today

The risk of issuing the wrong audit opinion (typically, stating that the. financial statements are true and fair, when in fact they are not).

International Standards for the Professional Practice of Internal Auditing (Standards)

Business Course Descriptions

9/17/2017. An Overview of COSO s New Framework and Implementation Guidance SPEAKER. Laura Harden, CPA History

Strengthening Control and integrity: A Checklist for government Managers

IAASB CAG Public Session (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1

Recent Researches in Applied Economics and Management - Volume I

An Overview of the 2013 COSO Framework. August 2013

PROMOTING A COLLABORATIVE ENVIRONMENT AMONG RISK MANAGEMENT, INTERNAL AUDIT, AND COMPLIANCE DEPARTMENTS. ANDREW SIMPSON, CISA COO CaseWare RCM Inc.

Measuring the Performance of Internal Audit Function in Saudi Listed Companies: An Empirical Study

CHAPTER 2 THEORETICAL FOUNDATIONS. organization which responsible to record and employs physical resources and other

McGraw-Hill/Irwin. Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

REPORT 2016/033 INTERNAL AUDIT DIVISION

Coachcraft-KTA Global Partners USA copyright 2016

Concordia University College of Alberta. Master of Information Systems Security Management (MISSM) Program Ada Boulevard, Edmonton, AB

RISK ASSESSMENT OF INTERNAL AUDIT OF PUBLIC ENTITY

Chapter 18. Integrated Audits of Public Companies. McGraw-Hill/Irwin. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Audit Practice Introduced by HKSA (HKSA 315 and 330) 1 February 2008

Report on Inspection of Deloitte LLP (Headquartered in Toronto, Canada) Public Company Accounting Oversight Board

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Internal Audit Policy and Procedures Internal Audit Charter

INSTITUTE OF DIRECTORS

IAASB Main Agenda (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC

Policy and Procedures Date: November 5, 2017

International Journal of Social Sciences and Entrepreneurship Vol.1, Issue 11, 2014

[RELEASE NOS ; ; FR-77; File No. S ]

JOB ROTATION YOHAN J ATLAN INTERNAL AUDITING THE IIA NY CHAPTER SCHOLARSHIP OPPORTUNITY LONG ISLAND UNIVERSITY 11/18/2013

AUSTRALIAN ENGINEERING COMPETENCY STANDARDS STAGE 2 - EXPERIENCED PROFESSIONAL ENGINEER

Lya Villasuso OECD Corporate Affairs Division Response ed to: RE: Corporate Governance and the Financial Crises

Assistance Options to New Applicants and Sponsors in connection with Internal Controls over Financial Reporting

Mapping Document AU Section 322 to Clarified Statement on Auditing Standards Using the Work of Internal Auditors

International Standards for the Professional Practice of Internal Auditing (Standards)

IAASB Main Agenda (December 2008) Page Agenda Item

FDICIA Reporting for Financial Institutions. Reporting Changes Under Part 363 and SAS 130

AUDIT RESPONSIBILITIES AND OBJECTIVES

Auditing: A Profession in Transition

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

Audits of Grant or Contribution programs May 2001

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

Course Curriculums Detailed Course Descriptions Core Courses MBA Specialization Courses - Finance... 9

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

Control Environment Toolkit: Internal Audit Function

Significance of Identifying Internal and External Public Financial Auditing Limitations and Objectives in Improving Public Finance Management

Mapping of Original ISA 315 to New ISA 315 s Standards and Application Material (AM) Agenda Item 2-C

AUSTRALIAN ENGINEERING COMPETENCY STANDARDS STAGE 2 - EXPERIENCED PROFESSIONAL ENGINEER IN LEADERSHIP AND MANAGEMENT

Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)

2-2 The major characteristics of CPA firms that permit them to fulfill their social function competently and independently are:

FACTORS CONTRIBUTING TO POOR PERFORMANCE OF INTERNAL AUDITING IN PUBLIC SECTOR: A CASE STUDY OF ZANZIBAR ELECTRICITY CORPORATION (ZECO)

Audit Quality Assurance workshop Audit Planning by: CPA Steve Obock Associate Director- KPMG Kenya March 2017

9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in

INTERNAL AUDIT CHARTER SECURE TRUST BANK PLC

Government Auditing Standards

CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a AUDITING THEORY AUDIT PLANNING

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued a

Chapter 2. The CPA Profession

Transcription:

INTERNAL AUDITING AS A MAIN TOOL FOR EFFICIENT RISK ASSESSMENT Theofanis Karagiorgos, George Drogalas 1, Michail Pazarskis, Petros Christodoulou Department of Business Administration University of Macedonia Abstract The audit function has been performed at least since the fifteenth century. However internal auditing has developed most rapidly throughout the twentieth century as a core tool of risk assessment. Within the framework of extremely fluid business environment, the paper aims at examining the relation between the effectiveness of the management depends and the efficient risk assessment. In this paper, at first, we examine the conceptual approach of risk. Then, the three main components of audit risk are analysed. After that we examine the use and importance of an audit risk model. Concerning this, we investigate the relation between the risk assessment and the materiality. Finally we deal with some basic limitations, we analyse the outcomes of the literature review and we suggest areas for further research. The results indicate that internal audit is an essential factor in the efficient risk management and consecutively in the business survival and success. Keywords: Internal Audit, Risk assessment, Audit risk, Risk management, Inherent Risk, Control risk, Business success. 1 Corresponding author: George Drogalas, Ph.D. Candidate, Dpt. of Business Administration, University of Macedonia e-mail: drogalas@uom.gr MIBES 2007 722

1. Introduction Rapid changes in information technology and managerial practices in many organizations were forcing efficient risk management as a tool for reducing the total risk. Management uses risk assessment as part of the process of ensuring the success of the entity. In this process, internal audit will be a key player by using modern auditing techniques and specialized audit risk models. Through an extended literature review, there will be an attempt to approach theoretically internal audit s catalytic contribution to the efficient risk management. The purpose of this paper is to highlight the resulting bunch of benefits of internal control in the modern business environment. 2. Methodology The motivations for this article reflect a desire to investigate and enrich the importance of internal control in the effective risk management. Until now, no similar research on the role of internal auditing in risk management has been conducted within a Greek context. In this study we elaborate in more detail the internal control concept, by mentioning the more important definitions that has been attributed to him. In these frames, this article attempts to approach theoretically the catalytic contribution of internal auditing in the efficient risk assessment. Moreover it became effort to define the significance of risk and the development of risk management system up to today. This paper is structure as follows. The first section outlines the necessary theoretical background on the concept of internal audit. Then we deal with the concepts of risk and risk assessment, by mentioning the most important definitions diachronically. In the third section we attempt to approach the connection between risk management and internal audit. To be more in practise, an audit risk model is presented by analysing in detail the components of this model. Via this model, we attempt focus on the usefulness of internal control as tool of effective management. The final section formulates conclusions, outlines some major limitations of this study and suggests further areas for research. 3. Conceptual framework of internal audit It is very important to give the definition of the internal audit in order to approach its great contribution to the modern business environment. Indicative of its great importance is the large amount of definitions that are given by many researchers. According to the Institute of Internal Auditors, (IIA, 1991; Taylor and Glezen, 1991; Konrath, 1996) internal auditing is an independent appraisal function, established within an organization to examine and evaluate its activities as a service to the organization. By MIBES 2007 723

measuring and evaluating the effectiveness of organizational controls, internal auditing, itself, is an important managerial control device (Carmichael etc., 1996), which is directly linked to the organizational structure and the general rules of the business (Cai, 1997). Internal audit has developed gradually on the basis of social and economic development and the inherent needs of enterprise management (Wang, 1997). Recent years have witnessed an explosion in the academic literature of auditing history throughout the world. Internal control has been defined in many international studies and these definitions show great similarities. We summarize the most important aspects based on the COSO Framework (1992) and The Turnbull Report (1999). The system of internal control comprises those elements of an organization that support people in the achievement of the organization's objectives. They facilitate the effective and efficient operation of companies by enabling them to respond appropriately to significant business, operational, financial, compliance and other risks. This includes safeguarding assets from inappropriate use or from loss and fraud, and ensuring that liabilities are identified and managed. Furthermore, internal controls help ensure the quality of internal and external reporting, which also includes procedures for reporting immediately to appropriate levels of management any significant control failings or weaknesses that are identified together with details of corrective action. Finally, internal controls help to ensure the compliance with applicable laws and regulations (Sarens and Beelde, 2006). In the meantime the Canadian Institute of Chartered Accountants has provided a definition for control (Canadian Institute of Chartered Accountants, 1995) which reflects a much broader approach to control and risk, directly related to organizational objectives. More recently, Papas (1999) argue that internal audit, being an independent department, is an important means for an enterprise to strengthen operational management. Furthermore, internal control system is a significant part of the modern enterprise system, and also an important way that enterprises emphasize management and enhance economic benefit, substantially embodying the self-restraint system of enterprises (Jou, 1997) In June 1999, the Institute of Internal Auditors (IIA) officially adopted a new definition of the internal auditing function, which defines the internal audit function as: an independent, objective assurance and consulting activity designed to add value and improve an organization s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes (IIA, 2000). The new definition shifts the focus of the internal audit function from one of assurance to that of value added and attempts to move the profession toward a standards-driven approach with a heightened identity (Bou-Raad, 2000; Krogstad et al., 1999; Nagy and Cenker, 2002; Karagiorgos Th, 2006). MIBES 2007 724

From the above definitions, it is clear that the internal audit is considered to be the security belt of the business for avoiding either the involuntary or the intentional release of information concerning any form of useful first hand stock as well as the avoidance of loss of income from misuse or from any errors in operation (Papastathis, 2003). It is important to note that a sound system of internal control provides reasonable, but not absolute, assurance that a company will not be hindered in achieving its business objectives by circumstances which may reasonably be foreseen (Sarens and Beelde, 2006). 4. Theoretical background of Risk Risk has many concepts and is inherent in the activities of most organisations. Risks come from current activity, from changing external environments, and from the related decisions of the management. According to Selim and McNamee (1999b) define risk as a concept used to express uncertainty about events and/or their outcomes that could have a material effect on the goals and objectives of the organization. In the modern enterprise with the extremely fluid international environment new risks are created. (Sarens and De Beelde, 2006). More recently, Bekiaris (2003) considered risk as the report of an entity in uncertain changes. The key activity with respect to risk is to manage it. Selim and McNamee (1999a) that this starts with a risk assessment where the organization attempts to estimate the probable consequences of threats and opportunities (risk identification, measurement and prioritization), followed by risk management, where decisions need to be made about how to manage the perceived consequences of that risk. As we said business risk assessment is the first stage which is designed to give a top-down, business-risk orientation to audit work (Bell et al., 1997). Risk assessment is an ongoing and integral responsibility of management, because management can not establish objectives and simply assume that they will be achieved and all the time new risks deviate from the internal and external business environment (Sawyer s, 2003). The new approach is intended to provide valuable insights and information to management (Crawford and Stein, 2002). According to Williams (1995) risk identification is the most important stage in the assessment. Risk management which is the second stage, is a newer field. The term was first pop up in the 1950s by large American corporations seeking alternatives to costly or inadequate insurance cover. Risk management covers the identification and mitigation of risks which may prevent an organisation from achieving its objectives. Risks can be managed to acceptable levels by: transferring them to other parties (such as suppliers, investors) controlling them by applying appropriate internal control policies and procedures; MIBES 2007 725

avoiding them. 5. Internal auditing - Risk For more than a decade, risk management in general, and internal control more specifically, have been considered as fundamental elements of organizational governance. However the relation between risk management and internal auditing remains confused. The COSO framework consider risk assessment as one of the five components of internal control. In COSO report (Coso, 1992), risk assessment was first considered as constitutive element of internal control (Rezaee and Zabihollah, 1995) that help in the harmonious adoption and efficient operation of internal auditing. More analytically the five basic elements of internal auditing was considered (Messier, 1997): Control environment Risk assessment Control activities Information and Communication Monitoring It is worth noting at this point that previous control frameworks issued in the US and Canada included risk assessment and risk management activities as part of internal controls Later the Canadian Institute of Chartered Accountants (1995, p.9) perceived control as encompassing risk (Spira and Page, 2003) The Turnbull report is the first public document, relating to UK, to emphasize the relation internal control and business risk. On the contrary Cadbury did not explicitly link the two concepts. In the meantime Coso report identified risk assessment as one of the five components of internal control. An important step was the new definition of Internal auditing issued by the IIA in June 1999, which clearly states that the internal auditing activity should evaluate and contribute to the improvement of risk management, control and governance (IIA, 1999). To verify the above events, Chambers (2000) observed the increasing references to risk (management) over the last five years in professional journals related to internal audit. Moreover, over 60 percent of the respondents of a KPMG survey (2002) in eight European countries believed that their systems of risk management and internal control add value to their organization. More recently, the Leung et al. (2003) large-scale study within Australian companies revealed that a large majority of internal auditors regarded risk management (74 percent) and internal control (91 percent) as important internal audit objectives MIBES 2007 726

Finally, the Institute of Internal Auditors, IIA (2004), by stating that the internal audit activity should evaluate and contribute to the improvement of risk management, control and governance, recognizes the assurance and consulting role of internal auditing in corporate governance and simultaneously in risk assessment. 6. Audit risk model 6.1 General From the above, it is clear internal auditing is critical factor to efficient risk assessment. The following model of audit risk is useful in planning an audit: AR = IR CR CE DR where AR = audit risk IR = inherent risk CR = control risk DR = detection risk 6.2 Inherent risk Inherent risk is the risk of non-compliance with rules and regulations (compliance audit), instances of inefficient and/or ineffective operations (operational audit), or material misstatements entering the system (financial audit). The auditor assesses inherent risk without taking into account the control structure (Gill et al., 2001; Gray and Manson, 2000; Taylor and Glezen, 1991)). This means that inherent risk is assessed without taking into account controls which may be in place to prevent noncompliance, inefficient and ineffective operations or material misstatements (Colbert and Alderman, 1995). Inherent risk is a risk that is intrinsic to the business. The risk of such misstatement is of such misstatements is greater for some assertions and balances than for others (Sawyer s, 2003). The auditor uses his professional judgment and takes into account many factors when assessing inherent risk (Colbert and Alderman, 1995). The auditor is able to assess some of the inherent risk by considering the organization as a whole, because some risks are created by the entity s culture and management style. Every organization is subject to its own inherent risks and the internal auditor should catalog them for use in risk assessment. When the auditor assesses the inherent risk, he must establish the obstacles that will prevent from the bad implications resulting from those risks. This consideration deals with the control risk. 6.3 Control Risk Control risk is the risk that non-compliance, inefficient or ineffective operations, are not prevented or detected by an entity s internal control structure, procedures or policies (Sawyer s, 2003). The internal auditor first deal with the control structure and then MIBES 2007 727

control risk is assessed. Some control risk will always exist due to inherent limitations of any internal control structure. In other words, since there is no way, risk to be zero, there will be some risk even after the best controls are installed. That degree of risk is control risk. If the auditor assesses control risk at its maximum level tests of controls need not be performed. However, if control risk is assessed at a level below the maximum, the auditor identifies policies and procedures that are relevant to the engagement. Then the internal auditor performs tests of controls to support the lower level of control risk (Colbert and Alderman, 1995). 6.4 Detection Risk Detection risk is the risk that the internal auditor does not detect material misstatements, instances of non-compliance, or inefficient or ineffective operations. That is, assuming non-compliance occurs, operations are inefficient or ineffective, or a misstatement enters the system, and the control structure does not prevent or locate the situation, there is a risk that the problem may remain because the auditor does not detect the problem (Colbert and Alderman, 1995). When audit risk has been established and inherent risk and control risk have been assessed, the internal auditor solves the audit-risk equation for detection risk. Therefore the equation becomes: DR = AR/IR CR. An auditor would select those audit procedures that in his crisis would reduce detection risk below the planned detection risk. This emphasizes the concept that inherent and control risk exist independent of the audit. Based on the planned level of detection risk, the auditor adjusts the nature, timing, and extent of substantive testing. On the one hand, if planned detection risk is low - thus, the internal auditor must plan substantive tests to achieve high confidence - the internal auditor adjusts the nature, timing, and extent of substantive procedures in response to the planned level of detection risk. The auditor may plan substantive tests which provide more reliable evidence or test more items. On the other hand, as planned detection risk rises, which means that the internal auditor receive the required confidence from substantive procedures, he has the ability to reduce these. To best understand the procedures, we have the ability to observe Table 1 and Table 2, which contain information about total audit risk, its components and the amount of evidence that are required. Table 1: Different levels of risk Cycle Α. e.g Sales Β. e.g. Production C. e.g. Human D. e.g. Order MIBES 2007 728

Auditor assessment for the probability to have misstatements without considering the internal control system We expect many misstatements Cycle Resources Cycle We expect few misstatements. We expect many misstatemen ts We expect few misstatements (inherent risk) Auditor assessment for the efficiency of internal control system to prevent the misstatements (High) High efficiency of internal control system High efficiency of internal control system (High) Low efficiency of internal control system Medium efficiency of internal control system (control risk) Auditor s will to permit misstatements after the completion of internal audit Low will Low will (High) Low will (Medium) Low will (audit risk) Quantity of evidence that the auditor aims to collect Medium Low Many Medium (detection risk) (Medium) (High) (Medium) Table 2: Amount of evidence that are required regarding risk Cases Audit Risk Inheren t Risk Contro l Risk Detecti on Risk 1 High Low Low High Low 3 Low High High Low High 4 High Low Medium Medium Medium Amount of evidence that are required From the above two Tables main outputs are: Inherent and Control risk exist independent of the audit MIBES 2007 729

For a particular level of planned audit risk, inherent risk and control risk are inversely related to detection risk detection risk is inversely related to the evidence that must be accumulated When material misstatements exist the auditor must perform some substantive tests 7. Conclusions All auditing information is established as an essential mean for the exact management of any business economic resources. Historically, internal auditing has consisted primary of the audit of compliance with internal financial procedures; nowadays, it extends to the appraisal of efficiency and effectiveness in non-financial as well as financial matters. In today s highly competitive business environment, internal audit plays a catalytic role (Papadatou, 2005). As Power (2004, p. 20) states: internal control is an unshakeable part of the moral economy of organizations. Finally, it is a fact that, internal audit has experienced a very hard period but made great progress. During the twenty-first century, internal audit will see its great improvement in many business fields such as risk assessment. History will witness that we will be able to grasp the current favourable opportunity, overcome all difficulties and make new achievements in internal auditing. Internal audit will surely have bright future prospects. MIBES 2007 730

References Bekiaris, M., 2003, Internal Audit, University of Aegean, Chios. Bell, T., Marrs, F., Solomon, I., and Thomas, H., 1997, Auditing organisations through a strategic-systems lens - The KPMG business measurement process, KPMG Peat Marwick LLP. Bou-Raad, G., 2000, "Internal auditors and a value-added approach: the new business regime," Managerial Auditing Journal, 15(4), 182-6. Cai, C., 1997, On the functions and objectives of internal audit and their underlying conditions, Managerial Auditing Journal, 12(4), 247-250. Canadian Institute of Chartered Accountants (CICA), 1995, Gidance on Control, CICA, Toronto. Carmichael, D.R., Willingham, J.J., and Schaller C.A., 1996, Auditing concepts and methods. A Guide to current theory and practice, 6th edition, McGraw-Hill ed., pp.25. Chambers, A.D., 2000, "Internal audit and risk management: impact on internal audit development or revolution?," Internal Control, (32), 3-7. Crawford Margaret and William Stein, 2002, Auditing Risk Management: Fine in Theory but who can do it in Practice?, International Journal of Auditing, ISSN 1090 6738, 6, 119-131. Colbert L. Janet, C. Wayne Alderman, 1995, A risk-driven approach to the internal audit, Managerial Auditing Journal, ISSN 0268-6902, 10(2), 38-44. Committee of the Sponsoring Organizations of the Treadway Commission 1992, Internal Control Integrated Framework (COSO Report), AICPA, New York, NY. Gill Guardarshan S, Cosserat Graham, Leung Philomena and Coram Paul, 2001, Modern Auditing & Assurance Services, 6th edition, John Wiley and Sons Australia Ltd, 173-178. Gray, I. and Manson, S., 2000, The Audit Process. Principles, Practice and Cases, 2nd edition, Thomson Learning, U.S, 119. MIBES 2007 731

Jou, J.W., 1997, The present situation and developing trends of Chinese internal auditing, Managerial Auditing Journal, 12(4), 235-242. Karagiorgos Th., G. Drogalas, M. Pazarskis, and P. Christodoulou, 2006, Conceptual framework, development trends and future prospects of internal audit: Theoretical approach, 5th Annual Conference of the Hellenic Finance and Accounting Association (H.F.A.A.) Konrath, Larry F., 1996, Auditing concepts and applications, 3rd edition, West Publishing Company, United States of America, 730. KPMG, 2002, "Corporate governance in Europe: survey 2001/2002", available at: www.kpmg.com. Krogstad, J., Ridley, A., and Rittenberg, L., 1999, "Where we re going," Internal Auditor, 27-33. Leung, P., Cooper, B.J., and Robertson, P., 2003, The Role of Internal Audit in Corporate Governance, The Institute of Internal Auditors Research Foundation, RMIT University, Australia. Messier William F., 1997, Auditing. A Systematic Approach, McGraw- Hill editions, 202. Nagy L. Albert and William J. Cenker, 2002, An assessment of the newly defined internal audit function, Managerial Auditing Journal, ISSN 0268-6902, 17(3), 130-137. Papadatou, Th., 2005, Internal and external control of Joint Stock Companies, Sakoulas ed., Greece. Papas, A., 1999, Introduction in Auditing, Benos ed., Athens, 109-110. Papastathis, P., 2003, The Modern Internal Control in Businesses and its applications in them, Greece. Power, M., 2004, "The nature of risk: the risk management of everything," Balance Sheet, 12(5), 19-28. Rezaee, Zabihollah., 1995, What the COSO report means for internal auditors, Managerial Auditing Journal, 10(6), 5-9. Sarens, Gerrit and Ignace De Beelde, 2006, Internal auditors' perception about their role in risk management. A comparison between US and Belgian companies, Managerial Auditing Journal, Emerald Group Publishing Limited ISSN 0268-6902, 21(1), 63-80. Sawyer B. Lawrence, 2003, Sawyer s Internal Auditing. The practise of Modern Internal Auditing, The Institute of Internal Auditors, 5 th edition, ISBN 0-89413-509-0, 120-121. Selim, G., and McNamee, D., 1999a, Risk Management and Internal Auditing: what are the Essential Building Blocks for a Successful Paradigm Change, International Journal of Auditing, 3(2), 147-155. Selim, G., and McNamee, D., 1999b, Risk Management and Internal Auditing relationship: Developing and Validating a model, International Journal of Auditing, 3(3), 159-174. Spira F. Laura, and Michael Page, 2003, Risk management: The reinvention of internal control and the changing role of internal audit, Accounting, Auditing & Accountability Journal, ISSN 0951-3574 Volume 16(4), 640-661. Taylor, D.H. and Glezen, W.G., 1991, Auditing: Integrated Concepts and Procedures, 5th edition, John Wiley & Sons Inc, U.S., 5, 29. The Institute of Chartered Accountants in England and Wales, 1999, "Internal control: guidance for directors on the combined code (The Turnbull Report), available at: www.frc.org.uk/corporate/internalcontrol.cfm. MIBES 2007 732

The Institute of Internal Auditors-UK, 1991, Standards and Guidelines for the Professional Practice of Internal Auditing, IIA-UK ed. (statement of responsibilities). The Institute of Internal Auditors (IIA), 1999, Definition of Internal Auditing, The Institute of Internal Auditors, Altamonte Springs, FL. The Institute of Internal Auditors (IIA), 2000, Internal Auditing: Adding Value across the Board, IIA, Corporate Brochure. The Institute of Internal Auditors, 2004, "International standards for the professional practice of internal auditing," available at: www.theiia.org/?doc_id=1499. Wang Xiangdong, 1997, Development trends and future prospects of internal audit, Managerial Auditing Journal, ISSN 0268-6902, 12(4/5), 200-204. Williams, P., 1995, A Regulation Evaluation System: a Decision Support System for the Building Code of Australia,, Construction Management and Economics, 13, 197-208. Author s CV MIBES 2007 733

Theofanis Karagiorgos was born in Thessaloniki, Greece. He holds a Doctorate in Accounting from the University of Macedonia (Thessaloniki, Greece), and a Bachelor Degree in Business Administration as well as from the University of Macedonia in 1994 and 1976 respectively (Thessaloniki, Greece). He is now Associate Professor at the Department of Business Administration, University of Macedonia. E-mail: karagth@uom.gr George S. Drogalas was born in Serres, Greece. He received a Bachelor Degree from the Department of Business Administration, University of Macedonia (Thessaloniki, Greece) and a Master of Business Administration in Accounting and Auditing from the Department of Business Administration, University of the Aegean (Chios, Greece), He is currently a Ph.D. Candidate at the Department of Business Administration, University of Macedonia and Adjunct Professor at TEI of Serres. E-mail: drogalas@uom.gr Michail D. Pazarskis was born in Serres, Greece. He received a Bachelor Degree from the Department of Business Administration, University of Macedonia (Thessaloniki, Greece) and a Master of Business Administration in Finance from the same university, in 2000 and 2003, respectively. He is currently a Ph.D. Candidate at the Department of Business Administration, University of Macedonia. E-mail: pazarski@otenet.gr Petros T. Christodoulou was born in Thessaloniki, Greece. He holds a Doctorate in Business Administration from the University of Macedonia (Thessaloniki, Greece), a Master of Science in Statistics from the Brunel University (U.K), a Postgraduate Diploma in Operations Research from the Thames Polytechnic (U.K.) and a Bachelor Degree in Mathematics from the Aristotle University (Thessaloniki, Greece). He is now Associate Professor at the Department of Business Administration, University of Macedonia. MIBES 2007 734

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback