Post on 04-Feb-2023
0
Will the awareness of risk management importance affect
effectiveness of internal auditing?
Abstract
In the past three years the material loss cases in the Department of Defense in Taiwan, is
the second among all governmental departments, revealing that the risk of material loss in
National Armed Forces tends to high. The study with supervisors in all levels of accounting
department in the Armed Forces and internal auditors as testing participants, to explore the
correlation of background variable of personnel in the accounting department of Armed
Forces who actually perform internal audit, effectiveness of internal auditing and awareness
of risk management importance. Results of the study showed that: Significant difference
exists for different genders in“internal environment”; significant difference exists for
different service years in“internal environment”and“goal setting and issues
identification”; significant difference exists for different job positions in “control
activities”. Awareness of risk management importance has predictability in effectiveness
of internal auditing, meaning that the former has positive enhancing effect on effectiveness of
internal auditing.
Keywords: Risk management, Risk evaluation and risk response, Awareness, Internal auditing,
Analysis of variance.
1
1. Introduction
After experiencing multiple events of typhoon disaster and temporary household water
shortage, in September of 2004, the government of Taiwan, R.O.C. started to place
importance on risk management of implementing public policy (Chou and Chen, 2008). The
Executive Yuan established “Executive Agencies Risk Management Promotion Project” to
officially bring governmental departments into risk management domain in 2005, and issued
“Risk Management and Crisis Handling Operating Standards for all divisions of Executive
Yuan” (Executive Yuan, 2008) to assist every divisions establishing risk management
framework, thus from the perspective of entire organization, to continue on systematically
going through cycle of risk identification confirmation, risk evaluation, risk handling and
monitoring, and risk communication, bringing risk management into policy consideration and
achieving organizational goals. The Department of Defense issued “Risk Management and
Crisis Handling Outline Plan” (Department of Defense, 2008), requesting every military
services to establish “risk management promotion teams”. The teams are expected to
combine attributes of unit tasks, so when facing demand of internal and external environment
to make decisions, they can study and analyze possibility and extent of influence of events’
occurrence in advance, then actually identify risk and establish risk management mechanism
to largely reduce causes of public endangerment and strengthen function of prevention
beforehand.
2
The National Audit Office audited funds of the Department of Defense and found that in
past three years there were 55 cases of financial (material) loss in Armed Forces and total
number of people punished accumulated to 217 people, only second to the Ministry of
Economic Affairs, among all departments and divisions. It showed that the risk of financial
(material) loss in the Armed Forces is apparently higher than other divisions. The roles of
accounting personnel in the Armed Forces include assistants, professionals, and supervisors.
They should be more aware that risk management is a useful tool in promoting effectiveness
of internal auditing. Risk management would identify potential risk factors, further dig up
items of higher risk occurrence rate and more serious endangerment to examine at first, thus
enhance benefit and prevent unlawful act, increasing usage effectiveness of financial resource
and reduce ineffective expenses.
Because the relative research on relationship of risk management and internal audit
mostly focus on private enterprises and not much found on public departments. In present
under limited defense resources and uprising public opinion, people in Taiwan are getting
more concerned on risk management and control process of financial resources in national
defense. The study only pick personnel from accounting department of the Armed Forces
who actually work in internal audit as study objects to analyze and explore relationship
between risk management and internal audit, and the effect of incorporating financial risk
management and control by accounting department of the Armed Forces on present
3
effectiveness of internal auditing.
2. Literature review
2.1 Risk management
The development of risk management in Taiwan is accepting fruits from overseas, first
introduced in the academic arena, then realized in business application. In the business
sector, the “Risk Management Department” established under General Administrative Office
by EVA group in 1992 is the most classical representative of domestic enterprise.
2.2 Internal Audit
Internal audit is “supervising”, one of the five essential elements of internal control. It
is a system that both private business and governmental divisions have implemented to
strengthen internal control function. In recent years, as the scandals of hollowing out
company's assets of domestic and foreign business frequently occur, in response to public
concerns about businesses’ internal control and audit, the government in Taiwan established
“Criteria for Establishment of Internal Control Systems by Public Companies”, which clearly
regulates that companies must establish internal audit unit under the board of directors and
assign eligible and appropriate numbers of full-time internal audit personnel according to
company’s size, operating condition, managerial need and other relative laws and regulations.
Such criteria opened up internal audit business in Taiwan. On the other hand, governmental
agencies in Taiwan have not established divisions specializing in internal audit, only in
4
practice the executions of internal audit function are assigned to various units, such as
research, development and evaluation, personnel, government ethics, accounting, auditing, etc.
to perform internal audit related tasks.
Chen (2005) argued that internal audit is an independent evaluating mechanism designed
by organizations internally, used to examine and evaluate organizational activity. It is a
servicing function. Its goal it to assist organizational members effectively release their
responsibilities, using methods including analysis, evaluation, suggestion, inquiry and
reporting related to reexamination activity. Audit objectives also include the achievement of
effective control under reasonable cost. DeMarco (1980) proposed that internal audit
personnel should be mutually independent with audited activities and report directly to higher
level of management. Direct reporting can display independent position of internal audit
division to entire organization, allowing internal audit to process objective and fair judgment
and suggestion, and increase odds of suggestions being accepted. In addition, internal audit
personnel should maintain objective, professional and conscious, without being interrupted or
influenced by anything; should avoid conflict of interest to maintain objective professional
judgment.
2.3 Exploration on risk management and internal audit
Nguyen (2005) argues that risk management can strengthen function of internal audit,
stressing that internal audit works with risk as basis would allow internal audit personnel,
5
when performing their tasks, more able to recognize important points and then cut in,
including identification, risk response, and control activity related to specific business flows,
and whether to provide reasonable assurance on achieving business goals. In addition, upon
executing audit works internal audit personnel should evaluate according to eight composing
element of business risk management, consisting of internal environment, goal setting, event
recognition, risk evaluation, risk response, control activity, information and communication,
and supervision.
Lai (2004) stated that in 1992 COSO proposed “Integration Structure of Internal Control”
that lists risk evaluation as one of the five essential elements of internal control and demands
that every organization must first identify goals then evaluate risk, and lastly manage risk.
Such perception of introducing risk evaluation to internal control system has profound impact
on internal audit, too. Because conventional audit is “control lead audit” that mainly put
control system as audit direction, emphasizing more on flow control and compliance test and
not much on evaluation of risk management, thus the audit added value provided is more
limited, which is actually hard to satisfy demand of the highest management in continuously
seeking innovating and changing and increasing organizational value.
3. Research design
3.1 Research structure
The study based on aforesaid research motives, problems and objective, combining with
6
relative literature analysis and sorting, to propose study structure as shown in Figure 1.
According to “Executive Agencies Risk Management Promotion Manual” and the modified,
and promulgated “Risk Management and Crisis Handling Operating Standards for all
divisions of Executive Yuan” of Executive Yuan, and “Risk Management and Crisis Handling
Outline Plan” of Department of Defense, the study sorted out relative questions in recognizing
importance of risk management as foundation and proposed that individual background
variables can influence recognition in importance of risk management, which, in turn, would
affect effectiveness of internal audit. Structure of the study is shown in Figure 1, separately
explored the effect of individual background on recognizing the importance on risk
management and the relationship between awareness of the importance on risk management
and effectiveness of internal auditing.
[Figure 1 insert about here]
3.2 Study hypothesis
The aim of the study is to explore when internal auditors in accounting department of the
Armed Forces actually perform audit work, their awareness of the importance of risk
management, and the effect of such awareness on effectiveness of internal auditing. The
study based on literature review, study objective and structure, summarize study hypothesis in
the followings.
3.2.1 Individual background variable
Slovic (1984) argued that gender is related to difference in risk awareness and studies
7
found that women have higher risk awareness than men do. Klomna (1992) proposed that
people’s awareness of risk is also an important basis of risk evaluation. Risk awareness
reflects people’s recognition and feeling toward risk, thus affecting the extent of acceptable
risk level. Chung’s (2002) study pointed out that there is significant difference on risk
awareness between different years of service and different genders. The study proposed
hypothesis as follows:
H1: Internal auditors of different individual’s background variables are significant
different in their awareness of the importance on risk management.
H1-1: Internal auditors of different genders are significant different in their awareness of
importance on risk management.
H1-2: Internal auditors of different years of service are significant different in their
awareness of importance on risk management.
H1-3: Internal auditors of different job position are significant different in their awareness
of importance on risk management.
3.2.2 Awareness of importance on risk management and effectiveness of internal auditing
Williams, Smith & Young (1998) believed that risk management, other than preventing
and controlling unfavorable results generated by risk, should be more aggressively toward the
direction of favorable result to manage risk. Ko (2006) argued that internal auditors can
focus on items of high risk and value to assure largest value in executing internal audit.
8
Kenchecl (2007) stated that if concept of risk is included in internal control, financial
personnel can base on possibility of risk occurrence to evaluate and select risk with high
possibility of occurrence to modify. The study proposed hypothesis as follows:
H2: Awareness of importance on risk management has significant predictability in
effectiveness of internal auditing.
H2-1: Awareness of importance on internal environment has significant predictability in
effectiveness of internal auditing.
H2-2: Awareness of importance on goal setting and items recognition has significant
predictability in effectiveness of internal auditing.
H2-3: Awareness of importance on risk evaluation and risk response has significant
predictability in effectiveness of internal auditing.
H2-4: Awareness of importance on controlling activities has significant predictability in
effectiveness of internal auditing.
H2-5: Awareness of importance on information and communication has significant
predictability in effectiveness of internal auditing.
H2-6: Awareness of importance on supervision has significant predictability in
effectiveness of internal auditing.
3.3 Variable measurement
3.3.1 Individual background variables
9
The study explores difference in every dimension among auditors of different background
variables in their awareness of the importance on risk management. Individual background
variables are classified according to three categories: gender (men, women), years of service
(less than 6 years, 6-15 years, more than 15 years) and job position (supervisor,
non-supervisor).
3.3.2 Awareness of the importance on risk management
Measurement on awareness of the importance on risk management applied questionnaire
of risk management awareness proposed by Chen (2005), which was modified according to
sample characteristics of the study. The study takes awareness of the importance on risk
management as independent variable to explore its predictability in effectiveness of internal
auditing and was classified to six dimensions of internal environment, goal setting and items
recognition, risk evaluation and risk response, control activities, information and
communication, and supervision.
3.3.3 Effectiveness of internal auditing
Sears (1991) stressed that results of internal audit should be beneficial to the organization.
In this study measurement of effectiveness of internal auditing applies measuring questions
used by Sears in evaluating internal audit and modified according to sample characteristic of
the study. The study takes effectiveness of internal auditing as dependent variable to explore
the predicable condition of it and independent variable.
10
4. Empirical results and analysis
4.1 Analysis on pretest questionnaires collected
Because the attributes of present subjects are the same as subjects of formal
questionnaire, subjects pretested are accounting personnel who actually perform internal audit
and pretested questionnaires were tested for validity and reliability analysis, with effective
answering ratio of 93.75%. In construct validity, the study applied varimax axle turning
method of factor analysis to extract factor with Eigenvalue larger than 1 and takes questions
of every dimensions with absolute value of factor loading larger than 0.5 as composing factor
of its dimension to extract composing factor of each dimension to confirm construct validity.
To assure that this study is suitable for factor analysis, the study at first processed KMO and
Barlett spherical surface test and result of analysis showed that data is suitable for factor
analysis (as shown in Table 1).
[Table 1 insert about here]
In this study through factor analysis, after deleting Question No.28 and 29 with factor
loading smaller than 0.5 to leave eigenvalue larger than 1, there are six factor dimensions with
varying loading larger than 0.5. Based on content of questions in every factor dimension,
the first factor was renamed information and communication, the second factor being control
activities, the third factor being risk evaluation and risk response, the fourth factor being goal
setting and item recognition, the fifth element being supervision, and the sixth factor being
11
internal environment. The accumulated explanatory variation of six dimensions is 73.992%.
The factor dimensions extracted through factor analysis is almost the same as the theory in
literature, and is consistent with the original structure designed by this study, revealing that
surveying questionnaire of this study has certain extent of structural validity (as shown in
Table 2).
[Table 2 insert about here]
4.2 Reliability analysis
Reliability represents consistency and stability of measurement result. Stability means
the relativity or consistency between results of two measurement result, while consistency
points to the internal consistency among items of questionnaire. (Chung, 2006) The
Cronbach’s α in determining reliability analysis of this study, according to α reliability
coefficient proposed by Cronback (1951), is the mostly used reliability index in research
nowadays and is used to examine reliability of questions in questionnaire in order to illustrate
consistency in content of questionnaires. Questions that have Cronbach’s α smaller than 0.35
should be discarded. Cronbach’s α between 0.35 and 0.7 represents medium reliability
while α larger than 0.7 means high reliability. Results of analysis in this study show that (as
shown in Table 3) Cronbach’s α of every variables are all larger than 0.6, so that every
measured variables are in compliance with internal consistency.
[Table 3 insert about here]
12
4.3 Analysis of accounting personnels’ awareness of importance on risk management
This study used descriptive statistics to examine variance of participants’ average
answers in each dimensions of questionnaire and analyzed according to distribution of and
ratio of five point scale, which consists of very unimportant, rather unimportant, average,
rather important, and very important, in order to understand participants’ awareness of the
importance on risk management. Among the participants accounting personnels’
recognition reached 81.58% on “information and communication”, 82.63% on “controlled
activities”, 81.2% on “risk evaluation and risk response”, 88.33% on “goal setting and items
identification”, 83.7% on “supervision”, and 79.10% on “internal environment”. The
scoring condition of each dimension is known from “average score of each question” in items
of awareness of the importance on risk management, among which “goals setting and items
identification” scores the highest (4.42) while “internal environment” scores the lowest (3.96).
The order of scores are: “goals setting and items identification” > ”supervision”
>”controlled activities”>”information and communication”>”risk evaluation and risk
response”>”internal environment”.
4.4 Variance analysis on accounting personnels’ background variables
To understand personnel who actually perform internal audit in every levels of
accounting offices in the Armed Forces regarding their background variables on awareness of
the importance on risk management and variation condition in each dimensions on variables
13
of gender, year of service and job position, etc., one way ANOVA is applied to examine each
dimensions. If the results reach significant level, Scheffe post hoc test is further processed
to test which group’s variation condition reaching significant level and then compare and
analyze variation among groups.
4.4.1 Gender type
For internal auditors of different gender variables, their awareness of the importance of
five dimensions, consisting of supervision, goals setting and items identifications, risk
evaluation and risk response, controlled activities and information and communication, etc.,
on risk management, all did not reach significant level(p≧0.05), only dimension of internal
environment, with p=0.012(p≦0.05)reaching significant level. Thus, study analysis reveals
that there is no significant variance in internal auditors of different gender in their awareness
of the importance of five dimensions, supervision, goals setting and items identifications, risk
evaluation and risk response, controlled activities and information and communication, etc.,
but significant variance exists in awareness of the importance on internal environmental
dimension (as shown in Table 4).
[Table 4 insert about here]
4.4.2 Years of service
For internal auditors with different years of service, their awareness of the importance of
four dimensions, consisting of supervision, risk evaluation and risk response, controlled
14
activities and information and communication, etc., on risk management, all did not reach
significant level(p 0.05≧ ), revealing that there is no significant variance in internal auditors
with different years of service in their awareness of the importance of four dimensions,
supervision, risk evaluation and risk response, controlled activities and information and
communication, etc. (as shown in Table 5).
[Table 5 insert about here]
Different years of service in the awareness of the importance of two dimensions, internal
environment and goals setting and items identifications, both reach significant level(p 0.05≦ ).
The study analyzes that for internal auditors with different years of service, there is significant
variance exist in their awareness of the importance on internal environment and goals setting
and items identifications, which were further analysis via Scheffe post hoc test (as shown in
Table 6).
[Table 6 insert about here]
1. In internal environmental dimension, for groups of 6-15 years and more than 15 years,
there are significant variance, via Scheffe test, with average difference of -0.39 and 0.39,
respectively, showing that internal auditors with equal or more than 15 years of service
have higher awareness of the importance on internal environmental dimension than those
with 6-15 years of service.
2. In goals setting and items identifications dimension, for groups of less than 6 years and
15
6-15 years, there are significant variance, via Scheffe test, with average difference of -0.91
and 0.91, respectively, showing that internal auditors with 6-15 years of service have higher
awareness of the importance on goals setting and items identifications dimension than
those with less than 6 years of service.
3. In goal settings and items identification dimension, for groups of less than 6 years and
more than 15 years, there are significant variance, via Scheffe test, with average difference
of -1.08 and 1.08, respectively, showing that internal auditors with more than 15 years of
service have higher awareness of the importance on goals setting and items identifications
dimension than those with less than 6 years of service.
4.4.3 Job positions
For internal auditors with different job positions, their awareness of the importance of
five dimensions, consisting of internal environment, supervision, goals setting and items
identifications, risk evaluation and risk response and information and communication, etc., on
risk management, all did not reach significant level(p 0.05≧ ), only dimension of controlled
activities dimension, with p=0.017(p 0.05≦ )reaching significant level. Thus, study analysis
reveals that there is no significant variance in internal auditors with different job positions in
their awareness of the importance of five dimensions, internal environment, supervision, goals
setting and items identifications, risk evaluation and risk response and information and
communication, etc., but significant variance exists in awareness of the importance of
16
controlled activities dimension (as shown in Table 7).
[Table 7 insert about here]
4.5 Relative analysis
The study first applied Pearson correlational analysis to examine correlational strength
among each dimensions, then used simple regression analysis to explore predictability of each
dimensions of awareness of the importance on risk management to effectiveness of internal
auditing. Table 8 shows correlation between effectiveness of internal auditing and each
dimension. There are significantly positive correlations between effectiveness of internal
auditing and each dimension consists of internal environment, supervision, goals setting and
items identifications, risk evaluation and risk response, controlled activities, and information
and communication, etc. It represents that for accounting personnel that perform internal
audit, there is positive correlation in their awareness of the importance of each dimension.
Though there is significant correlation in every dimensions of this study, the correlational
coefficients all did not reach 0.8, the problem of multicollinearity among dimensions can be
eliminated preliminarily.
[Table 8 insert about here]
Pearson correlatoinal analysis shows that there is significantly positive correlation
among dimensions of awareness of the importance on risk management. According to
simple regression analysis of Table 9, the combined explanatory power of six dimensions of
17
awareness of the importance on risk management to effectiveness of internal auditing achieve
41.9%, meaning predictability of 41.9%, among which “information and communication”
possesses most explanatory power, which sole explanatory quantity of 10.2%. From the
standardized coefficient β value, the order of predictability of awareness of the importance on
risk management to effectiveness of internal auditing is “information and communication
(β=0.319), “controlled activities (β=0.312), “supervision” (β=0.293), “risk evaluation and risk
response” (β=0.266), “internal environment” (β=0.219), and “goals setting and items
identifications” (β=0.12). The β-values of the aforesaid dimensions are all positive,
revealing that the awareness of the importance on risk management has promotion effect to
effectiveness of internal auditing.
[Table 9 insert about here]
5. Conclusions and suggestions
5.1 Conclusions
The study used accounting office of the Armed Forces as example to explore the
relationship between awareness of the importance on risk management and effectiveness of
internal auditing for personnel in accounting office of the Armed Forces that actually perform
internal audit. Two hypotheses are examined in this study and the result of empirical
information confirms existence of the following relationships (as shown in Table 10):
1. The study found that different genders in the five dimensions of “information and
18
communication”, “controlled activities”, “supervision”, “risk evaluation and risk
response” and “goals setting and items identifications” has no significant variance, but
has significant variance in “internal environment”. In addition, average number of
male sample is higher than the one of female sample, showing that men has higher
awareness in pursuing achievement of organization’s overall mission or goals and
understanding organization’s mission.
2. The study found that different years of service has no significant variance in the four
dimensions of “information and communication”, “controlled activities”, “supervision”
and “risk evaluation and risk response”, but has significant variance in “internal
environment” and “goal setting and items identifications”. Further Scheffe post hoc
test showed: As years of service get higher, the awareness of the importance in
organization’s mission, prospects, and ethical demand on internal auditors is also higher.
3. The study found that different job positions has no significant variance in “information
and communication”, “internal environment”, “supervision”, “risk evaluation and risk
response”, and “goals setting and items identifications”, but has significant variance in
“controlled activities”. In addition, the sample average of supervisor position is higher
than the one of non-supervisors, showing that supervisor position in awareness of the
importance of laws compliance, segregation of duties and educational training is higher
than the one of non-supervisors.
19
4. In the predictability of awareness of the importance on risk management to effectiveness
of internal auditing, the study found that all six dimensions of “information and
communication”, “controlled activities”, “supervision”, “risk evaluation and risk
response”, “internal environment” and “goals setting and items identifications”, etc.
possess predictability on effectiveness of internal auditing, meaning the promotion effect,
with dimension of “information and communication” as the highest. It reveals that
internal auditors should timely and effectively identify, collect and transmit
organizational information to provide vertical and horizontal communicating channel to
let relative personnel understand the role they play in risk management and the
responsibility they assume, and assist every operations to promote smoothly, thus
enhancing added value of internal audit mechanism.
[Table 10 insert about here]
5.2 Managerial meaning
To effectively utilizing national defense resource, there must be a set of rigid mechanism
to achieve. Finance department of the Armed Forces can base on risk management oriented
internal audit mechanism, as result of annual administrative plan and organizational risk
management policy, to consider how to elaborate largest benefit under limited resources.
Establish risk management mechanism, enhance added value of internal audit. In the
process of internal audit, one can base on risk evaluation and management to identify
20
potential risk factors, disclose crucial point of problems, and propose suggesting and
improving comments on reduction in uneconomical expense and promoting effectiveness of
national defense resource utilization, thus enhancing added value of internal audit mechanism.
Risk management is the foundation of internal audit. Risk management can assist
organizations in handling uncertain risk, so as to expand managing and controlling range of
internal audit and move managing and controlling time ahead of actions, thus being able to
find and reduce risk earlier.
5.3 Suggestions to actual practice
Traditional internal audit functions are all subsequent audit. In present audit function
has been changed from passive audit to active audit. Internal auditors should strength
internal audit in their function within organization so in the process of executing objectives
they can find risk earlier and provide improving proposals on timely basis, thus transform
non-value added audit behavior in the past to high value added audit of “igniting a bright
lamp”, assisting organizations in finding and solving problems in order to strengthen internal
audit functions.
Whether risk management can be promoted and realized wholly relies on whether
personnel inside organizations can get a complete educational training. Testing results of the
study point out those accounting personnel that perform internal audit believe that risk
management is helpful in enhancing organization’s effectiveness of internal auditing.
21
Therefore, how to strengthen educational training on risk management and enhance overall
risk management perspectives to cope with rapid changing inside and outside environment
appears to be more important.
To effectively manage risk, one should first study the present laws and regulations,
internal control and internal audit mechanism and procedures thoroughly and, to cope with
changing internal and external environment, propose suggestions and improving proposals on
the defective parts in order to promote quality and effectiveness of risk management.
Reference
Chang, G.F. (2005) ‘Grasp opportunities: The era of elaborating internal audit’, Internal Audit
Quarterly, Vol.51, pp.8-12.
Chang, H.C. (2008) Study on effect of governmental internal control and risk management
mechanism on governmental governing performance. Unpublished master thesis,
National Changhua University of Education, Taiwan.
Chen, C.T. (2005) Study on the establishment of internal audit system of administrative
authorities in Taiwan. Unpublished master thesis, National Taiwan University, Taiwan.
Chen, S.M. (2008) Study on examination of internal control implementation in public
administrative authorities: Example of Taipei City District Office, self-report of Taipei
City Governmental, Taiwan.
Chou, Y.R., Chen, C.K. (2009) ‘Talk about risk oriented defense fund auditing’,
22
Governmental Audit Quarterly, Vol.28 No.4, pp.90-107.
Chou, L.J. (2006) Study on relationship among internal auditors’ personal characteristics,
work characteristics and work satisfaction: Using achievement motive as mediating
variable. Unpublished master thesis, National Sun Yat-Sen University, Taiwan.
Chung, H.C. (2002) Study on relationship of hospital staffs’ awareness of risk of medical
waste: Example of Chaiyi regional hospitals. Unpublished master thesis, Nanhua
University, Taiwan.
Chung, J.H. (2006) Study on effect of business risk management on internal audit mechanism.
Unpublished master thesis, National Taipei University, Taiwan.
DeMarco, V.F. (1980) ‘Recruiting and developing internal auditors’, The Internal Auditor,
Vol.37 No.1, pp.53-57.
Executive Yuan (2008) Risk management and crisis handling operating standards for all
divisions, No.0972360811, promulgated in December 8.
Executive Yuan (2009) Handbook of risk management and crisis handling procedures
[online]. http://www.rdec.gov.tw/ct.asp?xItem=3854955&CtNode=10887&mp
=180. (19 March 2009).
Feng, R.C. and Chang, Y.F. (2008) ‘Guide of internal control standards in public departments:
Supplement to risk management’, Governmental Audit Quarterly, Vol.28 No.4, pp.54-67.
Hair, J.F., Anderson, R.E., Black, W.C. (1998) Multivariate data analysis, Prentice Hall, New
23
Jersey.
Hood, C., Jones, D.K.C. (1996) Accident and design: Contemporary debates on risk
management, M & I Books Inc.
Huang, S.Y. (2006) ‘Exploration on sound governmental internal audit system’, B.A.S.
Monthly, Vol.610, pp.55-58.
Kenchel, W.R. (2007) ‘The business risk audit: Origins, obstacles and opportunities’,
Accounting, Organizations and Society, Vol.32, pp.383-408.
Keng, C. (1989) ‘The road to pursue professional spirit of internal audit’, Enterprise Internal
Audit Newsletter, Vol.1, pp.2-6.
Kloman, H.F. (1992) ‘Rethinking risk management’, The Geneva Paper on Risk and
Insurance, Vol.17 No.3, pp.299-313.
Ko, H.T. (2006) ‘Audit and risk management’, Internal Audit Quarterly, Vol.54, pp.61-68.
Kuo, Z.L., Lai, J.Y. (2005) ‘Critical role of internal audit in sound risk management’, Internal
Audit Quarterly, Vol.50, pp.52-58.
Lai, S.B. (2003) ‘Risk management and internal audit of governmental departments’, Internal
Audit Quarterly, Vol.44, pp.28-34.
Lai, S.B. (2004) ‘Risk oriented audit’, Internal Audit Quarterly, Vol.48, pp.17-24.
Lai, S.B. (2008) ‘Risk management of local governmental finance’, Governmental Audit
Quarterly, Vol.28 No.4, pp.68-83.
24
Lin, B.T. (1997) ‘Evaluation of operation risk and examination of internal control’,
Accounting Research Monthly, Vol.143, pp.75-81.
Lin, B.T. (2002) ‘Risk management and roles played by internal auditors’, Auditing Quarterly,
Vol.22 No.3, pp.67-76.
Lin, B.T. (2003) Internal audit theory and practice, 5th ed., Internal Auditing Association,
Taiwan.
Lu, C.H. (2005) Multivariate statistical analysis, Tsang Hai Books Publishing Co.
Ma, S.R. (2005) ‘An extension of internal control-risk management’, Accounting Research
Monthly, Vol.238, pp.30-47.
Ma, S.R. (2008) ‘Risk management and degree of risk tolerance: Governmental agencies’,
Governmental Audit Quarterly, Vol.28 No.4, pp.3-16.
Ma, S.R., Peng, H.S. (2001) Exploration on governmental agencies implementing internal
control and internal audit, Research Report Assigned by Directorate-General of Budget,
Accounting and Statistics, Executive Yuan, Taiwan.
National Audit Office (2009) 2008 Annual Governmental Audit Report. Taipei, Taiwan.
Ngyang, C.C. (2005) ‘Internal audit based on risk management’, Accounting Research
Monthly, Vol.238, pp.60-65.
Novick, M., Lewis, G. (1967) ‘Coefficient alpha and the reliability of composite measure’,
Psychometrika, Vol.32, pp.1-13.
25
Nunnally, J.C. (1978) Psychometric theory, 2rd ed., N.Y.: McGraw-Hill.
Sears, B.P. (1991) ‘How effective are your audits’, Internal Auditor, Feb, pp.30-31.
Slovic, P. (1984) ‘Perception and acceptability of risk from energy systems’, in W.
Freduenburg and E. Rosa (eds.), public reactions to nuclear power: Are these critial
massess? Boulder, Co: Westview Press.115-135.
Song, Z.M. (2000) Risk management, Wu-Nan Books.
Subhash, S. (1996) Applied multivariate techniques, John Wiley & Sons, Inc., 90-143.
Teng, S.F. (2007) Key success factors on the implementation of risk management in
governmental departments. Unpublished master thesis, National Chung Cheng
University, Taiwan.
Wang, M.R. (2004) Study on role played by internal auditors in risk management.
Unpublished master thesis, Chung Yuan Christian University, Taiwan.
Williams, C. A., Smith, M. L., Young, P. C. (1998) Risk Management and Insurance, 8th ed.,
N.Y.: McGraw-Hill.
Wu, H.R. (2004) ‘Internal audit that creates added value’, Internal Autid Quarterly, Vol.43,
pp.31-34.
Yang, C.H., Wang, J.G. (2008) ‘Present and prospect of risk management in environmental
policy’, Governmental Audit Quarterly, Vol.28 No.4, pp.24-39.
26
Table 1: KMO and Bartlett Test Kaiser-Meyer-Olkin Sampling Appropriateness 0.858
Bartlett spherical test Approximate Chi Sq. distribution 1632.730
Degree of freedom 465 Significance 0.000
Table 2: Table of factor structural analysis Factor
(Dimensions) Content of questions Factor loading Variance Cumulative
variance
Information and communication
1. Managerial philosophy and style of unit in-charge (supervisor) 0.630
22.211% 22.211%
4. Reasonableness of organizational structure and independent of auditors 0.719
6. Relative extent in segregation of duties and responsibilities 0.653
7. System of training, evaluation and promotion 0.505
9. Efficiency and effectiveness of unit resources usage 0.569
12. Managerial level should be able to identify internal factor that can possibly affect goal achieving, such as software and hardware equipment.
0.719
13. Managerial level should be able to identify external factor that can possibly affect goal achieving, such as politics, and society, etc. 0.692
14. Ability of accounting personnel in identifying odds and extent of internal and external risk occurrence 0.511
19. Proper authorization within unit and segregation of duties 0.718
23. Ability, experience or qualification of accounting personnel in executing internal audit. 0.570
26. Appropriateness of auditor’s report pursuing action 0.621
30. Extent of nonaccounting personnel in the understanding of accounting personnel’ ethical standard. 0.703
31. Timeliness and appropriateness of pursing action after every unit received outside information (press exposure, etc.) 0.532
Control activities
5. Ability of accounting personnel in appropriately perform tasks 0.638
14.708% 36.919%
18. Financial receipts and payments of unit and custody of finance, actualizing segregation of duties 0.569
20. Execute every policy or plane, establish clear system law or operating manual and then execute according to unit goal 0.760
21. Results of plan execution must be audited by either independently internal or external auditors. 0.648
22. Unit in-charge (supervisors) let unit personnel understand effectiveness of internal audit through training curriculum, meeting, or other methods
0.655
27.Achieving that internal and external information needed to achieve unit goal can be provided to unit in-charge (supervisor) 0.487
27
Risk evaluation and risk response
15. Management carefully analyzes recognized risk, and evaluates possibility of occurrence of “existing risk” “remaining risk” and managerial ability of consequences.
0.798
13.210% 50.129%16. Accounting personnel’ responsive ability toward changes in internal and external environment. 0.764
17. Management should select methods of risk response (avoiding, taking responsibility, reducing or sharing), and effectively take relative action.
0.694
Goal setting and items recognition
3. Accounting personnel’ integrity and value perspectives. 0.719
10.144% 60.273%10. Reliability of unit financial and nonfinancial information report 0.595
11. with relative laws and regulations. 0.727
Supervision
24. When accounting personnel execute internal audit, they all obey relative laws and regulations. 0.837
6.927% 67.200%25. Extent of unit in-charge (supervisor) concern about internal audit
work and their attitude toward suggestions made on screen. 0.500
Internal environment
2. The extent of variation accepted by unit in pursuing achieving entire mission or prospects 0.636
6.791% 73.992%8. Accounting personnel’s’ understanding toward unit mission and
prospects 0.678
Table 3: Cronbach’s α of each dimensions
Named of dimensions No. of sample Items of question Cronbach’s α
Information and communication 30 13 0.937
Control activities 30 6 0.870
Risk evaluation and risk reponse 30 3 0.925
Goals setting and items identification 30 3 0.756
Supervision 30 2 0.690
Internal environment 30 2 0.664
28
Table 4: Variance analysis of internal auditors with different gender
Dimensions No. of sample Average Std.
Dev. Source of variance
ANOVA
Sum of square
Degree of
freedom
Average sum of square
F test Significance
Internal environment
Male 202 7.96 0.96 Intergroup 6.03 1 6.03 6.41 0.012*
Female 25 7.44 1.04 Within group 211.84 225 0.94
Total 227 7.90 0.98 Total 217.87 226
Supervision
Male 202 8.38 1.11 Intergroup 0.10 1 0.10 0.08 0.782
Female 25 8.32 1.28 Within group 285.32 225 1.27
Total 227 8.38 1.12 Total 285.42 226
Goals setting and items
identifications
Male 202 13.30 1.32 Intergroup 3.16 1 3.16 1.80 0.181
Female 25 12.92 1.38 Within group 396.02 225 1.76
Total 227 13.26 1.33 Total 399.18 226
Risk evaluation and risk response
Male 202 12.22 1.51 Intergroup 4.66 1 4.66 2.11 0.148
Female 25 11.76 1.30 Within group 496.98 225 2.21
Total 227 12.17 1.49 Total 501.64 226
Controlled activities
Male 202 24.83 2.51 Intergroup 3.41 1 3.41 0.53 0.468
Female 25 24.44 2.79 Within group
1450.44 225 6.45
Total 227 24.79 2.54 Total 1453.85 226
Information and communication
Male 202 53.18 5.24 Intergroup 40.14 1 40.14 1.48 0.225
Female 25 51.84 4.90 Within group
6089.58 225 27.07
Total 227 53.04 5.21 Total 6129.72 226
*p≦.05; **p≦.01; ***p≦.001; n=227
29
Table 5: Variance analysis of internal auditors with different years of service
Dimensions No. of sample
Average
Std. Dev.
Source of variance
ANOVA
Sum of square
Degree of
freedom
Average sum of square
F test Significance
Internal environment
less than 6 years 16 7.63 1.02 Intergroup 7.11 2 3.56 3.79 0.024*
6-15 years 163 7.83 1.01 Within group 210.76 224 0.94
more than 15 years 48 8.23 0.81 Total 217.87 226
Total 227 7.90 0.98
Supervision
less than 6 years 16 8.00 1.46 Intergroup 2.81 2 1.42 1.13 0.330
6-15 years 163 8.43 1.08 Within group 282.61 224 1.26
more than 15 years 48 8.33 1.14 Total 285.42 226
Total 227 8.38 1.12
Goals setting and
items identificatio
ns
less than 6 years 16 12.38 1.63 Intergroup 14.50 2 7.25 4.22 0.016*
6-15 years 163 13.28 1.38 Within group 384.69 224 1.72
more than 15 years 48 13.46 0.90 Total 399.19 226
Total 227 13.26 1.33
Risk evaluation and risk response
less than 6 years 16 11.81 1.97 Intergroup 2.18 2 1.09 0.49 0.614
6-15 years 163 12.19 1.48 Within group 499.46 224 2.23
more than 15 years 48 12.21 1.34 Total 501.64 226
Total 227 12.17 1.49
Controlled activities
less than 6 years 16 24.13 2.96 Intergroup 10.69 2 5.34 0.83 0.438
6-15 years 163 24.78 2.45 Within group 1443.2 224 6.44
more than 15 years 48 25.06 2.70 Total 1453.8 226
Total 227 24.79 2.54
Information and
communication
less than 6 years 16 51.00 6.60 Intergroup 125.67 2 62.84 2.34 0.098
6-15 years 163 52.91 5.20 Within group 6004.1 224 26.80
more than 15 years 48 54.13 4.56 Total 6129.7 226
Total 227 53.04 5.21
*p≦.05; **p≦.01; ***p≦.001; n=227
30
Table 6: Post hoc test analyses of different years of service on “dimensions of internal environment” and “goals setting and items identifications”
Dependent variable (I) Years of service (J) Years of service Average difference (I-J)
Standard error
Significance
Internal environment
less than 6 years 6-15 years -0.21 0.25 0.713
more than 15 years -0.60 0.28 0.100
6-15 years less than 6 years 0.21 0.25 0.713
more than 15 years -0.39 (*) 0.16 0.048
more than 15 years less than 6 years 0.60 0.28 0.100
6-15 years 0.39 (*) 0.16 0.048
Goals setting and items identifications
less than 6 years 6-15 years -0.91(*) 0.34 0.032
more than 15 years -1.08 (*) 0.38 0.018
6-15 years less than 6 years 0.91(*) 0.34 0.032
more than 15 years -0.18 0.22 0.716
more than 15 years less than 6 years 1.08 (*) 0.38 0.018
6-15 years 0.18 0.22 0.716
*Significant of 0.05 level in average difference. (using Scheffe method)
Table 7: Variance analysis of internal auditors with different job positions
Dimensions No. of sample
Aver-age
Std. Dev.
Source of variance
ANOVA
Sum of square
Degree of freedom
Average sum of square
F test Signifi-cance
Internal environment
Supervisor 21 7.76 1.10 Intergroup 0.46 1 0.46 0.47 0.490Non-super-
visor 206 7.92 0.97 Within group 217.41 225 0.97
Total 227 7.90 0.98 Total 217.87 226
Supervision
Supervisor 21 8.57 0.93 Intergroup 0.86 1 0.86 0.68 0.411Non-super-
visor 206 8.36 1.14 Within group 284.56 225 1.26
Total 227 8.38 1.12 Total 285.42 226
Goals setting and items identifications
Supervisor 21 13.48 0.98 Intergroup 1.13 1 1.13 0.64 0.426Non-su-pervisor 206 13.23 1.36 Within
group 398.05 225 1.77
Total 227 13.26 1.33 Total 399.18 226
Risk evaluation and risk response
Supervisor 21 12.05 1.24 Intergroup 0.33 1 0.33 0.15 0.700Non-su-pervisor 206 12.18 1.51 Within
group 501.31 225 2.23
Total 227 12.17 1.49 Total 501.64 226
Controlled activities
Supervisor 21 26.05 2.06 Intergroup 36.68 1 36.68 5.82 0.017*Non-su-pervisor 206 24.66 2.55 Within
group 1417.2 225 6.30
Total 227 24.79 2.54 Total 1453.9 226
Information and communication
Supervisor 21 52.95 3.68 Intergroup 0.16 1 0.13 0.01 0.939Non-su-pervisor 206 53.04 5.35 Within
group 6129.6 225 27.24
Total 227 53.04 5.21 Total 6129.7 226
*p≦.05; **p≦.01; ***p≦.001; n=227
31
Table 8: Pearson correlational coefficients of each dimensions
Classification Internal environment Supervision
Goals setting and items
identifications
Risk evaluations
and risk responses
Controlled activities
Information and communication
Effectiveness of internal auditing
Internal environment 1
Supervision .218** 1
Goals setting and items identifications .365** .524** 1
Risk evaluations and risk responses .577** .557** .564** 1
Controlled activities .475** .735** .638** .755** 1
Information and communication .535** .552** .657** .757** .748** 1
Effectiveness of internal auditing .219** .293** .120* .266** .312** .319** 1
*p≦.05; **p≦.01; ***p≦.001; n=227
Table 9: Simple regression analysis of each dimension
Dimensions R R2 Unstandardized coefficient Standardized
coefficient t-value Significance
Estimated value of β
Standard error
β distribution
Internal environment .219 .048 79.635 6.874 11.586 .000**
2.908 .863 .219 3.37 .001**
Supervision .293 .086 74.187 6.248 11.874 .000**
3.394 .739 .293 4.592 .000**
Goals setting and items identifications .12 .014
87.081 8.644 10.074 .000**
1.172 .649 .12 1.807 .036*
Risk evaluation and risk response .266 .071
74.281 6.888 10.784 .000**
2.329 .562 .266 4.145 .000**
Controlled activities .312 .098 62.846 8.106 7.753 .000**
1.605 .325 .312 4.932 .000**
Information and communication .319 .102
60.269 8.423 7.156 .000**
.799 .158 .319 5.052 .000**
*p≦.05; **p≦.01; ***p≦.001; n=227
32
Table 10: Summary of research hypothesis and results of examination
Hypothesis Information and communication
Controlled activities Supervision
Risk evaluation and risk response
Internal environment
Goals setting and items
identificationsH1: Internal
auditors of different individual’s background variables are significant different in their awareness of the importance on risk management.
Gender - - - - Y -
Years of service - - - - Y Y
Job positions - Y - - - -
H2: Awareness of the importance on risk management has significant predictability on effectiveness of internal auditing.
Y Y Y Y Y Y
Figure 1: Research structure
H2 H1
Individual backgrounad
variable
1. Gender 2. Years of service 3. Job Position
Effectiveness of
internal auditing
Awareness of the importance on risk management
1. Internal environment 2. Goal setting and items
identifications 3. Risk evaluation and risk
response 4. Control activities 5. Information and communication 6. Supervision