Introduction
Businesses are faced with different forms of risks originating from internal and external sources. For example, employees may be involved in fraudulent activities, hence affecting the organisation’s financial stability. Secondly, firms’ financial stability may be affected by economic changes such as the occurrence of financial crises (Anand 2007). Such issues may limit an organisation’s ability to achieve its profit and wealth maximisation objectives. In an effort to protect their interest, shareholders delegate the daily operation of their businesses to managers, hence leading to the creation of an agency-relationship between shareholders and managers.
In the course of executing their duties, managers have an obligation to ensure that they act in the best interest of the shareholders (Adeyemi & Olowu 2013). In a bid to attain this goal, managers have to take into account different issues that might affect their role in day-to-day running of an organisation. One of these issues includes the prevailing risks. Cohen and Sayag (2006) argue that managers have an obligation to ensure that such risks are avoided or eliminated where possible. Adopting an effective corporate governance system is one of the strategies that businesses can integrate in order to minimise and eliminate risks (Rand & Chambers 2011).
Adeyemi (2006, p. 52) defines corporate governance as ‘the structures, mechanisms and modalities through which firms goals and objectives are set with regard to the shareholders’ interests’. Subsequently, corporate governance aims at enhancing the shareholders’ value by promoting an organisation’s financial stability. The need to implement corporate governance arises from the existence of separation between managers and shareholders.
Arun and Turner (2009a) contend that managers may not act in the best interest of the shareholders, which necessitates the need for corporate governance. Effective corporate governance promotes a high level of accountability, transparency, integrity, and trust in an organisation.
Corporate governance is mainly perceived as the responsibility of legal compliance officers and boards of directors (Sanusi 2010). The function of the board of directors in advancing corporate governance is underscored by their role in developing and instituting effective internal control systems. An example of such system is the internal audit. Arun and Turner (2009b) assert that internal audit systems promote the effectiveness with which the board of directors executes its governance role. This paper evaluates the role of internal audit in corporate governance by providing objective assurance on control and risk management. The paper also assesses the various elements that are undertaken in the process of implementing internal auditing function.
Definition of internal audit
The definition of internal auditing has undergone a number of modifications over the past few years. According to Nagy and Cenker (2002, p.130), ‘the Institute of Internal Auditors [IIA] defines internal auditing as an independent, objective assurance and consulting activity designed to add value and to improve an organisation’s operation’.
Nagy and Cenker (2002) further contend that the objective of internal auditing is to add value and to enhance an organisation’s performance. Internal auditing enables organisations to integrate disciplined and systematic approaches of evaluating the effectiveness in promoting governance processes, control, and risk management. In summary, internal auditing revolves around control, governance, risk management, information and communication, and control environment.
Scope of internal audit and internal control framework
Schartmann (2007, p. 27) asserts that internal audit is ‘an assurance and consulting function with its systematic and disciplined approach’. Furthermore, internal audit is concerned with evaluating and improving the effectiveness with which organisations implement risk management. Internal audit also revolves around controlling and supervising different business processes by ensuring that the organisation’s operations adhere to the stipulated organisational governance and constitutional processes (Schartmann 2007).
Internal audit frameworks
Different internal control frameworks have been developed in an effort to illustrate the role of internal audit in promoting corporate governance. The COSO framework is one such example. The framework advocates for continuous and periodic reporting and accounting on an organisation’s financial results. According to Pickett (2013), the COSO framework plays a fundamental role in guiding organisations to be effective in executing their enterprise risk management, monitoring, and oversight roles. The COSO framework is comprised of a number of issues, which include internal environment, internal control systems, information and communication, and risk management.
The second internal control framework, which has been developed, is the Control Objectives for Information and related Technology (COBIT) (Moeller 2007). This framework was developed in an effort to address the gap on the COSO framework with regard information technology. Subsequently, the COBIT framework leans towards information technology. The COBIT framework focuses on a number of areas, which include risk management, resource management, and value delivery and performance measurement (Moeller 2007).
Internal auditing and risk management
All organisations regardless of their sector of operation or size encounter risks. Vives (2000) asserts that the capability of an organisation to identity and manage risks determines its ability to achieve long-term survival. Consequently, organisations are increasing their investment in risk management in an effort to promote corporate governance. This move has increased the need for effective identification for business risk.
Pickett (2013) contends that businesses experience challenges originating from different areas such as ethical, social, operational, financial, and environmental sources. Despite this aspect, business managers have an obligation to manage such risks to acceptable levels. Risk is a managerial activity and hence managers should deal with it in the best way possible. However, internal auditors have a role in promoting effective risk management in an organisation by evaluating strategic risks. Therefore, organisations should integrate an effective internal audit system (Waweru & Kalani 2009).
One of the adopted risk management strategies is the development of Enterprise-Wide Risk Management (ERM) frameworks. Pickett (2013) defines ERM as a consistent, continuous, and structured process, which is aimed at assisting organisations to identify, assess, and make decisions on threats and opportunities that might affect the attainment of the set objectives.
The enterprise risk-management concept is increasingly being used by different organisations. For example, Cisco, which is a renowned information technology firm, undertakes enterprise wide risk assessment in an effort to gain a broad view of the risks faced by different organisations. The firm also examines its progress in addressing twenty of the most significant risks (Karagiorgos, Drogalas, Gotzamanis, & Tampakoudis 2010).
Internal auditors are increasingly being involved in the development of ERM. Willekens, Sercu, and Desender (2005) further argue that auditors provide the needed assurance that the necessary risks will be managed optimally. The recent global financial crisis coupled by the numerous accounting scandals has necessitated the need for organisations to implement effective oversight strategies in order to identify risks at diverse levels of management (Vaitilingam 2009).
Effective implementation of the ERM framework is influenced by the prevailing internal audit systems. The board of directors assumes the responsibility of integrating effective risk management strategies. However, most boards delegate the risk management role to the management teams (Collier 2008).
Internal auditors have an obligation to add value to an organisation’s risk management process by providing the necessary assurance on the various risk exposures faced by an organisation. Giving such an understanding increases the effectiveness with which risks are managed (Vallabhaneni 2005). This paper outlines the internal auditors’ roles according to the ERM framework. Managers must be cognisant of the risks facing their organisations. Effective risk identification is critical in an organisation’s efforts to manage all risks that might affect business operations (Zwaan, Stewart & Subramaniam 2009).
In most cases, managers delegate the role of risk identification to internal auditors (Schartmann 2007). Subsequently, internal auditors are charged with the responsibility of evaluating various internal organisational activities in order to identify and assess relevant risk factors. Additionally, internal auditors also assess the external sources of risk such as changes in economic situations and business trends (Cascarino 2007; KPMG 2014). Such an analysis aids in effective identification of the underlying risks that might hinder firms in their effort to attain the set business objectives. Therefore, the risk identification process should be thorough and it should not ignore the diverse sources of risks.
According to Karagiorgos et al. (2010), risks are categorised into different classes, which include business risks, liquidity risks, operational risks, market risks, accounting risks, environmental risks, legal risks, systematic risks, operational risks, industry risks, and reputational risk. This classification increases the effectiveness with which the involved parties are in a position to integrate optimal control measures.
Internal auditors also evaluate on the probability of the identified risks materialising coupled with how they are likely to affect the current and future business operations. Such evaluation presents the auditors with the ability to anticipate future opportunities and threats in addition to identifying the prevailing issues (Karagiorgos et al. 2010).
Effective reporting is vital in internal auditors’ effort to promote effective integration of risk management. Therefore, a well-designed internal reporting system should be integrated in the internal auditing function (Pickett 2005). Internal auditors should assess the most effective reporting system in order to suit the organisation’s internal needs.
Pickett (2005) argues that organisations with mature risk management processes should issue assurance reports to support the internal audits conducted. Pickett (2005, p. 163) further asserts that for ‘organisations that are just developing their risk processes, internal auditing might play a more consultative role and issue consulting reports’. If an organisation has not integrated risk reporting in its operation, internal auditors should design a method of reporting in order to update the directors on the risks faced by the firm.
Furthermore, auditors should periodically inform the auditing committee on the organisation’s progress with regard to implementation of risk management strategies (Institute of Internal Auditor Research Foundation 2011). This aspect gives managers insight on how to deal with the faced risks. Kakakhel, Raheem, and Tariq (2010) posit that risk identification, evaluation, and reporting safeguards organisations against eventualities and crises, which might occur in the future.
Internal control
Human capital is a fundamental asset in organisations’ pursuit to enhance competitiveness. However, managers must ensure that a high level of ethics, integrity, and competence is integrated in their organisations’ operational processes. Subsequently, managers should focus on nurturing an effective control environment. The control environment refers to the system of values and the level of integrity adopted by organisations in an effort to aid the organisation in managing its operations (COSO 2013).
According to Karagiorgos, Drogalas, Eleftheriadis, and Christodoulou (2010), internal controls form an integral part of organisational business procedures, policies, and financials. Therefore, internal controls are aimed at protecting organisations’ resources against inefficiency, fraud, and waste. Additionally, internal controls contribute towards the improvement of the degree of reliability and accuracy of operating and accounting data. Pickett (2013, p. 45) argues that internal control ‘is at the very centre of the internal auditors’ world and an integral component of effective organisational governance’.
Control activities entail assessing a number of issues, which include the performance reviews, physical controls, segregation duties, and information processing. Firms’ management teams should establish effective policies and procedures, which should be followed in reviewing the organisations’ actual performance versus forecasts with reference to prior period performance and forecasts. Secondly, managers should undertake autonomous review on function performance (Institute of Internal Auditor Research Foundation 2011).
Auditing is one of the aspects that organisations integrate in their internal control efforts. However, auditing is relatively difficult as auditors deal with various quantitative issues (Schartmann 2007). Moeller (2007) emphasises that it is essential for organisations to implement effective internal control measures in order to enhance corporate governance. Zwaan, Stewart, and Subramaniam (2009) define internal control as the different methods implemented by an organisation to aid in the attainment of the intended objectives.
Internal controls play a critical role in organisations’ efforts to ensure that the various business units adhere to the set operational plans, procedures, policies, and organisational design. However, the internal control measures must be under close monitoring and reviewing in order to determine their effectiveness. The frequency of such reviews mainly depends on the type of organisation and the faced risks. However, an organisation may decide to undertake frequent reviews on the internal control environment (Pickett 2013).
Internal auditors have a responsibility to enhance the effectiveness of the internal control systems by providing an independent evaluation. The auditors assess the degree of collaboration between the various internal control mechanisms and the degree of the synergy created (D’Silva & Ridley 2007). Some of the internal control elements that auditors evaluate relate to documentation and record retention, monitoring operations, and personnel. The auditor carries the responsibility of reporting the findings to the management.
Subsequently, internal auditors aid in management teams’ efforts to promote corporate governance by identifying gaps in their internal control systems (Idolor 2010). For example, internal auditors may aid in the detection of fraudulent activities, hence giving the management insight on the most effective control strategies to fight such activities. According to Pickett (2005), the internal audit should be focused towards maintaining effective internal controls by evaluating the efficiency of the control measures. Therefore, internal audit promotes continuous improvement in organisations’ control processes (Pickett 2013)
According to Kirkpatrick (2009), internal audits promote corporate governance by integrating optimal information security measures. Steinbart, Raschke, Dilla, and Gal (2010) contend that information security makes financial and managerial reports more reliable. Steinbart et al. (2010, p. 4) assert that information ‘systems and internal audit functions are critical elements in enhancing information security’. The information systems function is concerned with designing and implementing an effective information program, while the internal audit function is concerned with providing an autonomous analysis and review on the various internal information security initiatives (Cascarino 2012).
Internal audit leads to the establishment of an effective feedback mechanism, hence improving the performance of an organisation’s information system (Steinbart et al. 2010). According to Pickett (2005), internal auditors enhance the reliability and integrity of an organisation’s operational and financial information by providing a review on the information and the method used to measure and assess such information.
Internal audits enable organisations to safeguard their assets. Manxi (2010) asserts that safeguarding assets is one of the core objectives of internal audits. In summary, internal auditors assess the effectiveness and efficiency of the various internal control mechanisms, hence providing the necessary assurance to auditors on whether the implemented measures are adequate to alleviate risks.
Compliance with regulations
Organisations are facing numerous opportunities and challenges arising from various macroeconomic changes, and thus they should strive to maximise on the opportunities, whilst minimising the challenges. For example, businesses are operating in an environment characterised by unprecedented regulatory requirements. Despite this aspect, Moran and Kral (2013) argue that compliance with the set rules and regulations such as organisation-specific procedures and policies is essential in promoting effective organisational performance.
Firms’ management teams have a duty to implement various organisational policies. Furthermore, managers should develop and maintain a high level of knowledge on various compliance requirements with regard to contracts, regulations, and laws (Institute of Internal Auditor Research Foundation 2011). Failure to comply with such requirements exposes organisations to numerous risks. Drogalas et al. (2008) assert that businesses in different economic sectors have become cognisant of the importance of complying with the changing business requirements and regulations.
Compliance with rules and regulations entails evaluating various compliance issues. For example, businesses organisations have an obligation to comply with labour and tax laws. Moran and Kral (2013) argue that complying with the regulatory requirement can be challenging. Organisations are increasingly considering the internal audit function as one of the avenues through which they can enhance compliance with regulations.
Internal audit plays a significant role in promoting compliance with internal and external rules and regulations by integrating comprehensive compliance programs. Moran and Kral (2013, p. 13) assert that compliance audits ‘provide for an independent assessment of departmental policies and procedures as well as a review of compliance with rules and regulations’. Additionally, internal auditors assess whether the objectives set by managers are aligned to the overall organisational goals, vision, and mission.
Most public organisations around the world have an obligation to disclose their financial reports to the public (Berry, Broadbent & Otley 2005). Organisations are responsible for the accuracy of the financial reports. Effective financial reporting is essential in promoting a high level of corporate governance. Internal auditors play a fundamental role in promoting the credibility and integrity of the financial report. Internal auditors ensure that financial accounting and reporting standards are adhered to in developing the financial reports. By ensuring compliance in their financial reporting process, internal auditors are in a position to provide a high level of assurance to organisational management teams.
Internal audits enable organisations to undertake effective compliance audits. This assertion arises from the view that compliance audits are risk-based. Internal audits provide the necessary risk assessments. Levine (2004) asserts that the internal audit function plays a fundamental role in enhancing the effectiveness with which firms’ management teams integrate ‘compliance consciousnesses’ in their organisational culture. The employees are in a position to comply with the set rules, procedures, policies, and regulations out of their own volition. Subsequently, compliance becomes a part of the employees’ operations rather than a being considered as a separate process.
Monitoring
Organisations have a responsibility to ensure that their internal control systems are effective. Therefore, continuous monitoring on the implemented internal control systems should be undertaken. The monitoring process aids in ascertaining the quality of the control system. Manxi (2010) asserts that the monitoring process entails undertaking frequent supervisory activities. The frequency with which such monitoring activities are undertaken is dependent on the implemented monitoring procedures.
Deficiencies on the internal control measures should be reported to the top management and the board of directors for action. According to the COSO framework, the monitoring process takes into account various aspects, which include the control activities, control environment, risk assessment and information, and communication as illustrated in Appendix 2. The COSO framework asserts that implementation of effective monitoring enhances the effectiveness of an organisation’s internal control mechanisms (Institute of Internal Auditor Research Foundation 2011).
OECD (2010) argues that organisation’s internal control systems are dynamic and hence they are subject to change. Therefore, the internal control measures previously adopted by organisations may become ineffective with time. The ineffectiveness may arise from various internal sources such as change in the organisations’ workforce composition. For example, the arrival of new personnel in an organisation may complicate implementation of the control measures.
Moreover, the situation, which might have necessitated the development of the previous internal control systems, might have changed. The occurrence such changes might hinder the effectiveness with which organisations’ management teams are in a position to undertake their corporate governance role. Therefore, it is essential for organisations’ management teams to assess the effectiveness and relevance of the prevailing internal control systems, which highlights the need for continuous monitoring of the internal control systems.
Internal auditors aid in assessing the internal controls, hence advising the top management and the board of directors on the need to consider redesigning their controls measures. This move ensures that the internal controls are aligned with the prevailing external changes. Therefore, one can argue that effective monitoring supports the firms’ board of directors and management teams in executing duties related to governance. For example, internal auditors provide organisational managers with insight on the necessary modifications in order to align with the prevailing changes.
Information and communication
According to Chepkemei, Biwott, Mwaura, and Watindi (2012), communication plays a fundamental role in enhancing the effectiveness and efficiency with which organisations execute their corporate governance roles. The right communication using the recommended channels can help in preventing lapses and gaps in the flow of information in an organisation. However, the contribution of communication to corporate governance is dependent on the extent to which ethics are observed in the communication process. Lack of integrity is one of the major factors that limit corporate governance through internal control.
Reaz and Arun (2006) argue that pertinent information must be communicated to the relevant parties in an efficient manner in order to improve the effectiveness with which responsibilities are undertaken. For example, the internal stakeholders must exchange information, which is critical in the organisation’s operation. In addition to the above roles and activities, internal auditors assess the effectiveness of the internal communication systems. Therefore, they are in a position to identify gaps in the communication systems. Subsequently, internal auditors provide managers with insight on how to adjust the information and communication processes.
Internal auditing role in promoting assurance and corporate governance
Internal auditors provide the organisations’ governing bodies and management teams with the assurance on the effectiveness of the set control measures coupled with whether the set policies are being followed (Ridley 2008). Additionally, Berry, Broadbent, and Otley (2005) posit that internal auditors provide assurance on whether organisations are operating in accordance with the management teams’ intentions. Internal auditors provide management teams with special insight on the risks, which might affect the organisations’ operations.
Subsequently, organisational managers are in a position to determine the most effective strategies, procedures, and processes that they can incorporate in their managerial practices. The assurance provided by internal auditors contributes towards improvement in the organisations’ revenue and profits. Internal auditors practice a high sense of objectivity, which separates the internal auditor from the organisation. Therefore, the internal auditors are in a position to provide an objective view.
The internal audit profession is characterised by professionals who possess rich experience and educational background. Ayvaz and Pehlivanli (2010, p. 1) assert that many ‘internal auditors come from operations, engineering, and information technology and they can serve in a variety of capacities’. Ayvaz and Pehlivanli (2010) define internal auditors as catalysts for solutions, risk control experts, and advocates of best management approaches. Therefore, internal auditors are the best source of assurance on the managerial issues, hence enhancing efficient corporate governance.
Conclusion
The implementation of effective corporate governance in organisations is critical due to the existence of separation of firms’ ownership and control. The separation leads to the creation of agency relationship between the two parties. In the course of executing their duties, managers might focus on their personal interests such as increasing their salaries rather than maximising the shareholders’ wealth. Such issues might hinder the organisations’ long-term performance.
In order to eliminate this shortcoming, it is imperative for shareholders to invest in effective corporate governance measures. An example of such measures includes integrating an effective organisational design with a clear description of roles and responsibilities of every individual in the organisation. Furthermore, firms’ management teams should focus on nurturing a culture of accountability, integrity, trust, and transparency.
Considering such issues might improve an organisation’s self-regulatory mechanism. In addition to the above aspects, it is important for firms’ management teams to integrate an effective internal control mechanism by incorporating internal auditing as one of the organisational functions. Currently, organisations are facing numerous challenges emanating from internal and external changes. Despite this aspect, organisations have an obligation to attain the set goals and objectives. This aspect underscores the importance of integrating effective corporate governance measures.
Internal audits play a remarkable role in promoting corporate governance. This paper illustrates the contribution of internal audits with regard to control mechanisms, risk management, ensuring compliance with regulations, monitoring and providing effective information, and communication, which are critical elements in corporate governance. Therefore, internal auditors assist organisations’ board of directors and management teams in executing their governance responsibilities.
First, internal audits promote the effectiveness with which organisations engage in objective evaluation on the effectiveness of their internal control and risk management frameworks. The function of internal auditors is progressively becoming a rudimentary aspect in firms’ effort to manage risks. Auditors undertake a comprehensive analysis of the internal and external business environments in order to identify possible risks, which might affect the firm’s operations and the likelihood of such risks materialising.
Organisations use numerous internal auditors that engage in a systematic analysis of the various business processes adopted by an organisation. This aspect provides sufficient insight on the contribution of the prevailing management practices in promoting corporate governance. Internal audits also enable organisational management teams to understand the degree of compliance to the set rules and regulations. Failure to comply with the set roles might a firm’s long-term competitiveness adversely. For example, failure to comply with the set laws might compel governments to interfere with the organisations’ operations.
This paper shows that internal auditors also play a fundamental role in the organisations’ efforts to implement effective internal control systems. Such systems are essential in promoting corporate governance. For example, the control systems aid in the detection of fraudulent activities. Internal audits are also fundamental in the organisations’ efforts to integrate optimal monitoring processes. However, the implementation of perfect internal control system in organisations is difficult due to various limitations. One such limitation relates to lack of sufficient staff members to assist organisations in undertaking effective segregation of duties. Therefore, the cost of implementing internal control systems may be prohibitive, hence limiting attainment of the associated benefits.
Reference List
Adeyemi, B 2006, Stemming the tide of poor corporate governance: The Nigerian banking sector experience, Ajayi Crowther University, Oyo, Nigeria.
Adeyemi, B & Olowu, A 2013, ‘Corporate governance: has the Nigerian banking sector any lesson learnt’, International Journal of Business and Social Research, vol. 3 no. 2, pp. 49-59.
Anand, S 2007, Essentials of corporate governance, John Wiley and Sons, New York.
Arun, T & Turner, J 2009a, Corporate governance of banks in developing economies: concepts and issues, IDPM, Manchester.
Arun, T & Turner, J 2009b, Corporate governance and development: reform, financial systems and legal frameworks, Edward Elgar Publishing, Chicago.
Ayvaz, E & Pehlivanli, D 2010, ‘Enterprise risk management based internal auditing and turkey practice’, Serbian Journal of Management, vol. 5 no. 1, pp. 1-20.
Berry, A, Broadbent, A & Otley, D 2005, Management control: theories, issues, and performance, 2nd edn, Palgrave, London.
Cascarino, S 2007, Auditors guide to information systems auditing, John Wiley, New Jersey.
Cascarino, S 2012, Auditors’ guide to IT auditing, Wiley, New Jersey.
Chepkemei, A, Biwott, C, Mwaura, J & Watindi, R 2012, ‘The role of integrity and communication ethics in corporate governance; a study of selected companies in Kenya’, Journal of Emerging Trends in Economics and Management Sciences, vol.3 no. 3, pp.233-237.
Cohen, A & Sayag, G 2010, ‘The effectiveness of internal auditing: an empirical examination of its determinants in Israeli organisations’, Australian Accounting Review, vol. 20 no. 54, pp. 296-307.
Collier, P 2008, Management accounting risk and control strategy, CIMA Learning, Oxford.
COSO: The 2013 COSO framework and SOX compliance 2013, COSO, Durham.
Drogalas, G, Pantelidis, P, Vouroutzidou, R & Kesisi, E 2008, Assessment of corporate governance through internal audit, Technological Educational Institute of Seres, Seres.
D’Silva, K & Ridley, J 2007, ‘Internal auditing‘s international contribution to governance’, International Journal of Business Governance and Ethics, vol. 3 no. 2, pp. 113-126.
Idolor, E.J 2010, ‘Bank frauds in Nigeria: underlying causes, effects and possible Remedies’, African Journal of Accounting, Economics, Finance and Banking Research, vol.6 no.6, pp. 1-19.
Institute of Internal Auditor Research Foundation: Internal auditing role in risk management 2011, Web.
Kakakhel, S, Raheem, F & Tariq, M 2010, ‘A study of performance comparison between conventional and Islamic banking in Pakistan’, Abasyn Journal of Social Sciences, vol. 6 no. 2, pp. 91-105.
Karagiorgos, T, Drogalas, G, Gotzamanis, E & Tampakoudis, I 2010, ‘Internal audit as an effective tool for corporate governance’, Journal of Business Management, vol. 2 no. 1, pp. 73-87.
Karagiorgos, T, Drogalas, G, Eleftheriadis, I & Christodoulou, P 2010, ‘Internal audit contribution to efficient risk management’, Journal of Business Management, vol. 1 no. 2, pp. 111-126.
Kirkpatrick, G 2009, The corporate governance lessons from the financial crisis, OECD, New York.
KPMG: Internal audit’s role in modern corporate governance 2012, viewed 4 March 2014,
Levine, R 2004, The corporate governance of banks: a concise discussion of concepts and evidence, University of Minnesota, Minnesota.
Manxi, R 2010, Auditing and cost accounting, Pearson Education, India.
Moeller, R 2007, COSO enterprise risk management; establishing effective overnance, risk, and compliance processes, Wiley, Hoboken.
Moran, S & Kral, R 2013, The board of directors and audit committee guide to iduciary, American Management Association, New York.
Nagy, A & Cenker, W 2002, ‘An assessment of the newly defined internal audit function’, Managerial Auditing Journal, vol. 17 no. 3, pp. 130-137.
OECD: Policy brief on corporate governance of banks: building blocks 2010, Web.
Pickett, K 2005, The essential handbook of internal auditing, Wiley, Chichester.
Pickett, K 2013, The internal auditing handbook, Wiley, Hoboken.
Rand, G & Chambers, A 2011, The operational auditing handbook; audits business and IT processes, John Wiley & Sons, Hoboken.
Reaz, M & Arun, T 2006, ‘Corporate governance in developing economies: perspective from the banking sector in Bangladesh’, Journal of Banking Regulation, vol. 7 no. 3, pp. 94-105.
Ridley, J 2008, Cutting edge internal auditing, Wiley, New Jersey.
Sanusi, L 2010, Corporate governance in the banking sector, Web.
Schartmann, B 2007, The role of internal audit in corporate governance in European: current status, necessary improvement, future improvements, future tasks, Erich Schmidt, Berlin.
Steinbart, P, Raschke, R, Dilla, W & Gal, G 2010, Relationship between internal audit and information security; an exploratory investigation, Arizona State University, Arizona.
Vaitilingam, R 2009, Recession Britain: News ESRC report on the impact of recession on people’s jobs, business and daily lives, Economic and Social Research Council, London.
Vallabhaneni, S 2005, Wiley CIA exam review, Wiley, Hoboken.
Vives, X 2000, Corporate governance: does it matter, Cambridge University Press, Cambridge.
Waweru, N & Kalani, V 2009, ‘Commercial banking crises in Kenya: causes and Remedies’, African Journal of Accounting, economics, Finance and Banking Research, vol. 4 no. 4, pp. 1-22.
Willekens, M, Sercu, P & Desender, K 2005, Corporate governance at the crossroads; a report, Distribution for North America, Antwerpen.
Zwaan, L, Stewart, J & Subramaniam, N 2009, Internal audit involvement in Enterprise Risk Management, Griffin Business School, New York.
Appendix
