IJRAM risk management and internal auditing

0

Will the awareness of risk management importance affect

effectiveness of internal auditing?

Abstract

In the past three years the material loss cases in the Department of Defense in Taiwan, is

the second among all governmental departments, revealing that the risk of material loss in

National Armed Forces tends to high. The study with supervisors in all levels of accounting

department in the Armed Forces and internal auditors as testing participants, to explore the

correlation of background variable of personnel in the accounting department of Armed

Forces who actually perform internal audit, effectiveness of internal auditing and awareness

of risk management importance. Results of the study showed that: Significant difference

exists for different genders in“internal environment”; significant difference exists for

different service years in“internal environment”and“goal setting and issues

identification”; significant difference exists for different job positions in “control

activities”. Awareness of risk management importance has predictability in effectiveness

of internal auditing, meaning that the former has positive enhancing effect on effectiveness of

internal auditing.

Keywords: Risk management, Risk evaluation and risk response, Awareness, Internal auditing,

Analysis of variance.

1

1. Introduction

After experiencing multiple events of typhoon disaster and temporary household water

shortage, in September of 2004, the government of Taiwan, R.O.C. started to place

importance on risk management of implementing public policy (Chou and Chen, 2008). The

Executive Yuan established “Executive Agencies Risk Management Promotion Project” to

officially bring governmental departments into risk management domain in 2005, and issued

“Risk Management and Crisis Handling Operating Standards for all divisions of Executive

Yuan” (Executive Yuan, 2008) to assist every divisions establishing risk management

framework, thus from the perspective of entire organization, to continue on systematically

going through cycle of risk identification confirmation, risk evaluation, risk handling and

monitoring, and risk communication, bringing risk management into policy consideration and

achieving organizational goals. The Department of Defense issued “Risk Management and

Crisis Handling Outline Plan” (Department of Defense, 2008), requesting every military

services to establish “risk management promotion teams”. The teams are expected to

combine attributes of unit tasks, so when facing demand of internal and external environment

to make decisions, they can study and analyze possibility and extent of influence of events’

occurrence in advance, then actually identify risk and establish risk management mechanism

to largely reduce causes of public endangerment and strengthen function of prevention

beforehand.

2

The National Audit Office audited funds of the Department of Defense and found that in

past three years there were 55 cases of financial (material) loss in Armed Forces and total

number of people punished accumulated to 217 people, only second to the Ministry of

Economic Affairs, among all departments and divisions. It showed that the risk of financial

(material) loss in the Armed Forces is apparently higher than other divisions. The roles of

accounting personnel in the Armed Forces include assistants, professionals, and supervisors.

They should be more aware that risk management is a useful tool in promoting effectiveness

of internal auditing. Risk management would identify potential risk factors, further dig up

items of higher risk occurrence rate and more serious endangerment to examine at first, thus

enhance benefit and prevent unlawful act, increasing usage effectiveness of financial resource

and reduce ineffective expenses.

Because the relative research on relationship of risk management and internal audit

mostly focus on private enterprises and not much found on public departments. In present

under limited defense resources and uprising public opinion, people in Taiwan are getting

more concerned on risk management and control process of financial resources in national

defense. The study only pick personnel from accounting department of the Armed Forces

who actually work in internal audit as study objects to analyze and explore relationship

between risk management and internal audit, and the effect of incorporating financial risk

management and control by accounting department of the Armed Forces on present

3

effectiveness of internal auditing.

2. Literature review

2.1 Risk management

The development of risk management in Taiwan is accepting fruits from overseas, first

introduced in the academic arena, then realized in business application. In the business

sector, the “Risk Management Department” established under General Administrative Office

by EVA group in 1992 is the most classical representative of domestic enterprise.

2.2 Internal Audit

Internal audit is “supervising”, one of the five essential elements of internal control. It

is a system that both private business and governmental divisions have implemented to

strengthen internal control function. In recent years, as the scandals of hollowing out

company's assets of domestic and foreign business frequently occur, in response to public

concerns about businesses’ internal control and audit, the government in Taiwan established

“Criteria for Establishment of Internal Control Systems by Public Companies”, which clearly

regulates that companies must establish internal audit unit under the board of directors and

assign eligible and appropriate numbers of full-time internal audit personnel according to

company’s size, operating condition, managerial need and other relative laws and regulations.

Such criteria opened up internal audit business in Taiwan. On the other hand, governmental

agencies in Taiwan have not established divisions specializing in internal audit, only in

4

practice the executions of internal audit function are assigned to various units, such as

research, development and evaluation, personnel, government ethics, accounting, auditing, etc.

to perform internal audit related tasks.

Chen (2005) argued that internal audit is an independent evaluating mechanism designed

by organizations internally, used to examine and evaluate organizational activity. It is a

servicing function. Its goal it to assist organizational members effectively release their

responsibilities, using methods including analysis, evaluation, suggestion, inquiry and

reporting related to reexamination activity. Audit objectives also include the achievement of

effective control under reasonable cost. DeMarco (1980) proposed that internal audit

personnel should be mutually independent with audited activities and report directly to higher

level of management. Direct reporting can display independent position of internal audit

division to entire organization, allowing internal audit to process objective and fair judgment

and suggestion, and increase odds of suggestions being accepted. In addition, internal audit

personnel should maintain objective, professional and conscious, without being interrupted or

influenced by anything; should avoid conflict of interest to maintain objective professional

judgment.

2.3 Exploration on risk management and internal audit

Nguyen (2005) argues that risk management can strengthen function of internal audit,

stressing that internal audit works with risk as basis would allow internal audit personnel,

5

when performing their tasks, more able to recognize important points and then cut in,

including identification, risk response, and control activity related to specific business flows,

and whether to provide reasonable assurance on achieving business goals. In addition, upon

executing audit works internal audit personnel should evaluate according to eight composing

element of business risk management, consisting of internal environment, goal setting, event

recognition, risk evaluation, risk response, control activity, information and communication,

and supervision.

Lai (2004) stated that in 1992 COSO proposed “Integration Structure of Internal Control”

that lists risk evaluation as one of the five essential elements of internal control and demands

that every organization must first identify goals then evaluate risk, and lastly manage risk.

Such perception of introducing risk evaluation to internal control system has profound impact

on internal audit, too. Because conventional audit is “control lead audit” that mainly put

control system as audit direction, emphasizing more on flow control and compliance test and

not much on evaluation of risk management, thus the audit added value provided is more

limited, which is actually hard to satisfy demand of the highest management in continuously

seeking innovating and changing and increasing organizational value.

3. Research design

3.1 Research structure

The study based on aforesaid research motives, problems and objective, combining with

6

relative literature analysis and sorting, to propose study structure as shown in Figure 1.

According to “Executive Agencies Risk Management Promotion Manual” and the modified,

and promulgated “Risk Management and Crisis Handling Operating Standards for all

divisions of Executive Yuan” of Executive Yuan, and “Risk Management and Crisis Handling

Outline Plan” of Department of Defense, the study sorted out relative questions in recognizing

importance of risk management as foundation and proposed that individual background

variables can influence recognition in importance of risk management, which, in turn, would

affect effectiveness of internal audit. Structure of the study is shown in Figure 1, separately

explored the effect of individual background on recognizing the importance on risk

management and the relationship between awareness of the importance on risk management

and effectiveness of internal auditing.

[Figure 1 insert about here]

3.2 Study hypothesis

The aim of the study is to explore when internal auditors in accounting department of the

Armed Forces actually perform audit work, their awareness of the importance of risk

management, and the effect of such awareness on effectiveness of internal auditing. The

study based on literature review, study objective and structure, summarize study hypothesis in

the followings.

3.2.1 Individual background variable

Slovic (1984) argued that gender is related to difference in risk awareness and studies

7

found that women have higher risk awareness than men do. Klomna (1992) proposed that

people’s awareness of risk is also an important basis of risk evaluation. Risk awareness

reflects people’s recognition and feeling toward risk, thus affecting the extent of acceptable

risk level. Chung’s (2002) study pointed out that there is significant difference on risk

awareness between different years of service and different genders. The study proposed

hypothesis as follows:

H1: Internal auditors of different individual’s background variables are significant

different in their awareness of the importance on risk management.

H1-1: Internal auditors of different genders are significant different in their awareness of

importance on risk management.

H1-2: Internal auditors of different years of service are significant different in their

awareness of importance on risk management.

H1-3: Internal auditors of different job position are significant different in their awareness

of importance on risk management.

3.2.2 Awareness of importance on risk management and effectiveness of internal auditing

Williams, Smith & Young (1998) believed that risk management, other than preventing

and controlling unfavorable results generated by risk, should be more aggressively toward the

direction of favorable result to manage risk. Ko (2006) argued that internal auditors can

focus on items of high risk and value to assure largest value in executing internal audit.

8

Kenchecl (2007) stated that if concept of risk is included in internal control, financial

personnel can base on possibility of risk occurrence to evaluate and select risk with high

possibility of occurrence to modify. The study proposed hypothesis as follows:

H2: Awareness of importance on risk management has significant predictability in


H2-1: Awareness of importance on internal environment has significant predictability in


H2-2: Awareness of importance on goal setting and items recognition has significant

predictability in effectiveness of internal auditing.

H2-3: Awareness of importance on risk evaluation and risk response has significant


H2-4: Awareness of importance on controlling activities has significant predictability in


H2-5: Awareness of importance on information and communication has significant


H2-6: Awareness of importance on supervision has significant predictability in


3.3 Variable measurement

3.3.1 Individual background variables

9

The study explores difference in every dimension among auditors of different background

variables in their awareness of the importance on risk management. Individual background

variables are classified according to three categories: gender (men, women), years of service

(less than 6 years, 6-15 years, more than 15 years) and job position (supervisor,

non-supervisor).

3.3.2 Awareness of the importance on risk management

Measurement on awareness of the importance on risk management applied questionnaire

of risk management awareness proposed by Chen (2005), which was modified according to

sample characteristics of the study. The study takes awareness of the importance on risk

management as independent variable to explore its predictability in effectiveness of internal

auditing and was classified to six dimensions of internal environment, goal setting and items

recognition, risk evaluation and risk response, control activities, information and

communication, and supervision.

3.3.3 Effectiveness of internal auditing

Sears (1991) stressed that results of internal audit should be beneficial to the organization.

In this study measurement of effectiveness of internal auditing applies measuring questions

used by Sears in evaluating internal audit and modified according to sample characteristic of

the study. The study takes effectiveness of internal auditing as dependent variable to explore

the predicable condition of it and independent variable.

10

4. Empirical results and analysis

4.1 Analysis on pretest questionnaires collected

Because the attributes of present subjects are the same as subjects of formal

questionnaire, subjects pretested are accounting personnel who actually perform internal audit

and pretested questionnaires were tested for validity and reliability analysis, with effective

answering ratio of 93.75%. In construct validity, the study applied varimax axle turning

method of factor analysis to extract factor with Eigenvalue larger than 1 and takes questions

of every dimensions with absolute value of factor loading larger than 0.5 as composing factor

of its dimension to extract composing factor of each dimension to confirm construct validity.

To assure that this study is suitable for factor analysis, the study at first processed KMO and

Barlett spherical surface test and result of analysis showed that data is suitable for factor

analysis (as shown in Table 1).

[Table 1 insert about here]

In this study through factor analysis, after deleting Question No.28 and 29 with factor

loading smaller than 0.5 to leave eigenvalue larger than 1, there are six factor dimensions with

varying loading larger than 0.5. Based on content of questions in every factor dimension,

the first factor was renamed information and communication, the second factor being control

activities, the third factor being risk evaluation and risk response, the fourth factor being goal

setting and item recognition, the fifth element being supervision, and the sixth factor being

11

internal environment. The accumulated explanatory variation of six dimensions is 73.992%.

The factor dimensions extracted through factor analysis is almost the same as the theory in

literature, and is consistent with the original structure designed by this study, revealing that

surveying questionnaire of this study has certain extent of structural validity (as shown in

Table 2).


4.2 Reliability analysis

Reliability represents consistency and stability of measurement result. Stability means

the relativity or consistency between results of two measurement result, while consistency

points to the internal consistency among items of questionnaire. (Chung, 2006) The

Cronbach’s α in determining reliability analysis of this study, according to α reliability

coefficient proposed by Cronback (1951), is the mostly used reliability index in research

nowadays and is used to examine reliability of questions in questionnaire in order to illustrate

consistency in content of questionnaires. Questions that have Cronbach’s α smaller than 0.35

should be discarded. Cronbach’s α between 0.35 and 0.7 represents medium reliability

while α larger than 0.7 means high reliability. Results of analysis in this study show that (as

shown in Table 3) Cronbach’s α of every variables are all larger than 0.6, so that every

measured variables are in compliance with internal consistency.


12

4.3 Analysis of accounting personnels’ awareness of importance on risk management

This study used descriptive statistics to examine variance of participants’ average

answers in each dimensions of questionnaire and analyzed according to distribution of and

ratio of five point scale, which consists of very unimportant, rather unimportant, average,

rather important, and very important, in order to understand participants’ awareness of the

importance on risk management. Among the participants accounting personnels’

recognition reached 81.58% on “information and communication”, 82.63% on “controlled

activities”, 81.2% on “risk evaluation and risk response”, 88.33% on “goal setting and items

identification”, 83.7% on “supervision”, and 79.10% on “internal environment”. The

scoring condition of each dimension is known from “average score of each question” in items

of awareness of the importance on risk management, among which “goals setting and items

identification” scores the highest (4.42) while “internal environment” scores the lowest (3.96).

The order of scores are: “goals setting and items identification” ＞ ”supervision”

＞”controlled activities”＞”information and communication”＞”risk evaluation and risk

response”＞”internal environment”.

4.4 Variance analysis on accounting personnels’ background variables

To understand personnel who actually perform internal audit in every levels of

accounting offices in the Armed Forces regarding their background variables on awareness of

the importance on risk management and variation condition in each dimensions on variables

13

of gender, year of service and job position, etc., one way ANOVA is applied to examine each

dimensions. If the results reach significant level, Scheffe post hoc test is further processed

to test which group’s variation condition reaching significant level and then compare and

analyze variation among groups.

4.4.1 Gender type

For internal auditors of different gender variables, their awareness of the importance of

five dimensions, consisting of supervision, goals setting and items identifications, risk

evaluation and risk response, controlled activities and information and communication, etc.,

on risk management, all did not reach significant level（p≧0.05）, only dimension of internal

environment, with p=0.012（p≦0.05）reaching significant level. Thus, study analysis reveals

that there is no significant variance in internal auditors of different gender in their awareness

of the importance of five dimensions, supervision, goals setting and items identifications, risk

evaluation and risk response, controlled activities and information and communication, etc.,

but significant variance exists in awareness of the importance on internal environmental

dimension (as shown in Table 4).


4.4.2 Years of service

For internal auditors with different years of service, their awareness of the importance of

four dimensions, consisting of supervision, risk evaluation and risk response, controlled

14

activities and information and communication, etc., on risk management, all did not reach

significant level（p 0.05≧ ）, revealing that there is no significant variance in internal auditors

with different years of service in their awareness of the importance of four dimensions,

supervision, risk evaluation and risk response, controlled activities and information and

communication, etc. (as shown in Table 5).


Different years of service in the awareness of the importance of two dimensions, internal

environment and goals setting and items identifications, both reach significant level（p 0.05≦ ）.

The study analyzes that for internal auditors with different years of service, there is significant

variance exist in their awareness of the importance on internal environment and goals setting

and items identifications, which were further analysis via Scheffe post hoc test (as shown in

Table 6).


1. In internal environmental dimension, for groups of 6-15 years and more than 15 years,

there are significant variance, via Scheffe test, with average difference of -0.39 and 0.39,

respectively, showing that internal auditors with equal or more than 15 years of service

have higher awareness of the importance on internal environmental dimension than those

with 6-15 years of service.

2. In goals setting and items identifications dimension, for groups of less than 6 years and

15

6-15 years, there are significant variance, via Scheffe test, with average difference of -0.91

and 0.91, respectively, showing that internal auditors with 6-15 years of service have higher

awareness of the importance on goals setting and items identifications dimension than

those with less than 6 years of service.

3. In goal settings and items identification dimension, for groups of less than 6 years and

more than 15 years, there are significant variance, via Scheffe test, with average difference

of -1.08 and 1.08, respectively, showing that internal auditors with more than 15 years of

service have higher awareness of the importance on goals setting and items identifications

dimension than those with less than 6 years of service.

4.4.3 Job positions

For internal auditors with different job positions, their awareness of the importance of

five dimensions, consisting of internal environment, supervision, goals setting and items

identifications, risk evaluation and risk response and information and communication, etc., on

risk management, all did not reach significant level（p 0.05≧ ）, only dimension of controlled

activities dimension, with p=0.017（p 0.05≦ ）reaching significant level. Thus, study analysis

reveals that there is no significant variance in internal auditors with different job positions in

their awareness of the importance of five dimensions, internal environment, supervision, goals

setting and items identifications, risk evaluation and risk response and information and

communication, etc., but significant variance exists in awareness of the importance of

16

controlled activities dimension (as shown in Table 7).


4.5 Relative analysis

The study first applied Pearson correlational analysis to examine correlational strength

among each dimensions, then used simple regression analysis to explore predictability of each

dimensions of awareness of the importance on risk management to effectiveness of internal

auditing. Table 8 shows correlation between effectiveness of internal auditing and each

dimension. There are significantly positive correlations between effectiveness of internal

auditing and each dimension consists of internal environment, supervision, goals setting and

items identifications, risk evaluation and risk response, controlled activities, and information

and communication, etc. It represents that for accounting personnel that perform internal

audit, there is positive correlation in their awareness of the importance of each dimension.

Though there is significant correlation in every dimensions of this study, the correlational

coefficients all did not reach 0.8, the problem of multicollinearity among dimensions can be

eliminated preliminarily.


Pearson correlatoinal analysis shows that there is significantly positive correlation

among dimensions of awareness of the importance on risk management. According to

simple regression analysis of Table 9, the combined explanatory power of six dimensions of

17

awareness of the importance on risk management to effectiveness of internal auditing achieve

41.9%, meaning predictability of 41.9%, among which “information and communication”

possesses most explanatory power, which sole explanatory quantity of 10.2%. From the

standardized coefficient β value, the order of predictability of awareness of the importance on

risk management to effectiveness of internal auditing is “information and communication

(β=0.319), “controlled activities (β=0.312), “supervision” (β=0.293), “risk evaluation and risk

response” (β=0.266), “internal environment” (β=0.219), and “goals setting and items

identifications” (β=0.12). The β-values of the aforesaid dimensions are all positive,

revealing that the awareness of the importance on risk management has promotion effect to



5. Conclusions and suggestions

5.1 Conclusions

The study used accounting office of the Armed Forces as example to explore the

relationship between awareness of the importance on risk management and effectiveness of

internal auditing for personnel in accounting office of the Armed Forces that actually perform

internal audit. Two hypotheses are examined in this study and the result of empirical

information confirms existence of the following relationships (as shown in Table 10):

1. The study found that different genders in the five dimensions of “information and

18

communication”, “controlled activities”, “supervision”, “risk evaluation and risk

response” and “goals setting and items identifications” has no significant variance, but

has significant variance in “internal environment”. In addition, average number of

male sample is higher than the one of female sample, showing that men has higher

awareness in pursuing achievement of organization’s overall mission or goals and

understanding organization’s mission.

2. The study found that different years of service has no significant variance in the four

dimensions of “information and communication”, “controlled activities”, “supervision”

and “risk evaluation and risk response”, but has significant variance in “internal

environment” and “goal setting and items identifications”. Further Scheffe post hoc

test showed: As years of service get higher, the awareness of the importance in

organization’s mission, prospects, and ethical demand on internal auditors is also higher.

3. The study found that different job positions has no significant variance in “information

and communication”, “internal environment”, “supervision”, “risk evaluation and risk

response”, and “goals setting and items identifications”, but has significant variance in

“controlled activities”. In addition, the sample average of supervisor position is higher

than the one of non-supervisors, showing that supervisor position in awareness of the

importance of laws compliance, segregation of duties and educational training is higher

than the one of non-supervisors.

19

4. In the predictability of awareness of the importance on risk management to effectiveness

of internal auditing, the study found that all six dimensions of “information and

communication”, “controlled activities”, “supervision”, “risk evaluation and risk

response”, “internal environment” and “goals setting and items identifications”, etc.

possess predictability on effectiveness of internal auditing, meaning the promotion effect,

with dimension of “information and communication” as the highest. It reveals that

internal auditors should timely and effectively identify, collect and transmit

organizational information to provide vertical and horizontal communicating channel to

let relative personnel understand the role they play in risk management and the

responsibility they assume, and assist every operations to promote smoothly, thus

enhancing added value of internal audit mechanism.


5.2 Managerial meaning

To effectively utilizing national defense resource, there must be a set of rigid mechanism

to achieve. Finance department of the Armed Forces can base on risk management oriented

internal audit mechanism, as result of annual administrative plan and organizational risk

management policy, to consider how to elaborate largest benefit under limited resources.

Establish risk management mechanism, enhance added value of internal audit. In the

process of internal audit, one can base on risk evaluation and management to identify

20

potential risk factors, disclose crucial point of problems, and propose suggesting and

improving comments on reduction in uneconomical expense and promoting effectiveness of

national defense resource utilization, thus enhancing added value of internal audit mechanism.

Risk management is the foundation of internal audit. Risk management can assist

organizations in handling uncertain risk, so as to expand managing and controlling range of

internal audit and move managing and controlling time ahead of actions, thus being able to

find and reduce risk earlier.

5.3 Suggestions to actual practice

Traditional internal audit functions are all subsequent audit. In present audit function

has been changed from passive audit to active audit. Internal auditors should strength

internal audit in their function within organization so in the process of executing objectives

they can find risk earlier and provide improving proposals on timely basis, thus transform

non-value added audit behavior in the past to high value added audit of “igniting a bright

lamp”, assisting organizations in finding and solving problems in order to strengthen internal

audit functions.

Whether risk management can be promoted and realized wholly relies on whether

personnel inside organizations can get a complete educational training. Testing results of the

study point out those accounting personnel that perform internal audit believe that risk

management is helpful in enhancing organization’s effectiveness of internal auditing.

21

Therefore, how to strengthen educational training on risk management and enhance overall

risk management perspectives to cope with rapid changing inside and outside environment

appears to be more important.

To effectively manage risk, one should first study the present laws and regulations,

internal control and internal audit mechanism and procedures thoroughly and, to cope with

changing internal and external environment, propose suggestions and improving proposals on

the defective parts in order to promote quality and effectiveness of risk management.

Reference

Chang, G.F. (2005) ‘Grasp opportunities: The era of elaborating internal audit’, Internal Audit

Quarterly, Vol.51, pp.8-12.

Chang, H.C. (2008) Study on effect of governmental internal control and risk management

mechanism on governmental governing performance. Unpublished master thesis,

National Changhua University of Education, Taiwan.

Chen, C.T. (2005) Study on the establishment of internal audit system of administrative

authorities in Taiwan. Unpublished master thesis, National Taiwan University, Taiwan.

Chen, S.M. (2008) Study on examination of internal control implementation in public

administrative authorities: Example of Taipei City District Office, self-report of Taipei

City Governmental, Taiwan.

Chou, Y.R., Chen, C.K. (2009) ‘Talk about risk oriented defense fund auditing’,

22

Governmental Audit Quarterly, Vol.28 No.4, pp.90-107.

Chou, L.J. (2006) Study on relationship among internal auditors’ personal characteristics,

work characteristics and work satisfaction: Using achievement motive as mediating

variable. Unpublished master thesis, National Sun Yat-Sen University, Taiwan.

Chung, H.C. (2002) Study on relationship of hospital staffs’ awareness of risk of medical

waste: Example of Chaiyi regional hospitals. Unpublished master thesis, Nanhua

University, Taiwan.

Chung, J.H. (2006) Study on effect of business risk management on internal audit mechanism.

Unpublished master thesis, National Taipei University, Taiwan.

DeMarco, V.F. (1980) ‘Recruiting and developing internal auditors’, The Internal Auditor,

Vol.37 No.1, pp.53-57.

Executive Yuan (2008) Risk management and crisis handling operating standards for all

divisions, No.0972360811, promulgated in December 8.

Executive Yuan (2009) Handbook of risk management and crisis handling procedures

[online]. http://www.rdec.gov.tw/ct.asp?xItem=3854955&CtNode=10887&mp

=180. (19 March 2009).

Feng, R.C. and Chang, Y.F. (2008) ‘Guide of internal control standards in public departments:

Supplement to risk management’, Governmental Audit Quarterly, Vol.28 No.4, pp.54-67.

Hair, J.F., Anderson, R.E., Black, W.C. (1998) Multivariate data analysis, Prentice Hall, New

23

Jersey.

Hood, C., Jones, D.K.C. (1996) Accident and design: Contemporary debates on risk

management, M & I Books Inc.

Huang, S.Y. (2006) ‘Exploration on sound governmental internal audit system’, B.A.S.

Monthly, Vol.610, pp.55-58.

Kenchel, W.R. (2007) ‘The business risk audit: Origins, obstacles and opportunities’,

Accounting, Organizations and Society, Vol.32, pp.383-408.

Keng, C. (1989) ‘The road to pursue professional spirit of internal audit’, Enterprise Internal

Audit Newsletter, Vol.1, pp.2-6.

Kloman, H.F. (1992) ‘Rethinking risk management’, The Geneva Paper on Risk and

Insurance, Vol.17 No.3, pp.299-313.

Ko, H.T. (2006) ‘Audit and risk management’, Internal Audit Quarterly, Vol.54, pp.61-68.

Kuo, Z.L., Lai, J.Y. (2005) ‘Critical role of internal audit in sound risk management’, Internal

Audit Quarterly, Vol.50, pp.52-58.

Lai, S.B. (2003) ‘Risk management and internal audit of governmental departments’, Internal

Audit Quarterly, Vol.44, pp.28-34.

Lai, S.B. (2004) ‘Risk oriented audit’, Internal Audit Quarterly, Vol.48, pp.17-24.

Lai, S.B. (2008) ‘Risk management of local governmental finance’, Governmental Audit

Quarterly, Vol.28 No.4, pp.68-83.

24

Lin, B.T. (1997) ‘Evaluation of operation risk and examination of internal control’,

Accounting Research Monthly, Vol.143, pp.75-81.

Lin, B.T. (2002) ‘Risk management and roles played by internal auditors’, Auditing Quarterly,

Vol.22 No.3, pp.67-76.

Lin, B.T. (2003) Internal audit theory and practice, 5th ed., Internal Auditing Association,

Taiwan.

Lu, C.H. (2005) Multivariate statistical analysis, Tsang Hai Books Publishing Co.

Ma, S.R. (2005) ‘An extension of internal control-risk management’, Accounting Research


Ma, S.R. (2008) ‘Risk management and degree of risk tolerance: Governmental agencies’,

Governmental Audit Quarterly, Vol.28 No.4, pp.3-16.

Ma, S.R., Peng, H.S. (2001) Exploration on governmental agencies implementing internal

control and internal audit, Research Report Assigned by Directorate-General of Budget,

Accounting and Statistics, Executive Yuan, Taiwan.

National Audit Office (2009) 2008 Annual Governmental Audit Report. Taipei, Taiwan.

Ngyang, C.C. (2005) ‘Internal audit based on risk management’, Accounting Research


Novick, M., Lewis, G. (1967) ‘Coefficient alpha and the reliability of composite measure’,

Psychometrika, Vol.32, pp.1-13.

25

Nunnally, J.C. (1978) Psychometric theory, 2rd ed., N.Y.: McGraw-Hill.

Sears, B.P. (1991) ‘How effective are your audits’, Internal Auditor, Feb, pp.30-31.

Slovic, P. (1984) ‘Perception and acceptability of risk from energy systems’, in W.

Freduenburg and E. Rosa (eds.), public reactions to nuclear power: Are these critial

massess? Boulder, Co: Westview Press.115-135.

Song, Z.M. (2000) Risk management, Wu-Nan Books.

Subhash, S. (1996) Applied multivariate techniques, John Wiley & Sons, Inc., 90-143.

Teng, S.F. (2007) Key success factors on the implementation of risk management in

governmental departments. Unpublished master thesis, National Chung Cheng

University, Taiwan.

Wang, M.R. (2004) Study on role played by internal auditors in risk management.

Unpublished master thesis, Chung Yuan Christian University, Taiwan.

Williams, C. A., Smith, M. L., Young, P. C. (1998) Risk Management and Insurance, 8th ed.,

N.Y.: McGraw-Hill.

Wu, H.R. (2004) ‘Internal audit that creates added value’, Internal Autid Quarterly, Vol.43,

pp.31-34.

Yang, C.H., Wang, J.G. (2008) ‘Present and prospect of risk management in environmental

policy’, Governmental Audit Quarterly, Vol.28 No.4, pp.24-39.

26

Table 1: KMO and Bartlett Test Kaiser-Meyer-Olkin Sampling Appropriateness 0.858

Bartlett spherical test Approximate Chi Sq. distribution 1632.730

Degree of freedom 465 Significance 0.000

Table 2: Table of factor structural analysis Factor

(Dimensions) Content of questions Factor loading Variance Cumulative

variance

Information and communication

1. Managerial philosophy and style of unit in-charge (supervisor) 0.630

22.211% 22.211%

4. Reasonableness of organizational structure and independent of auditors 0.719

6. Relative extent in segregation of duties and responsibilities 0.653

7. System of training, evaluation and promotion 0.505

9. Efficiency and effectiveness of unit resources usage 0.569

12. Managerial level should be able to identify internal factor that can possibly affect goal achieving, such as software and hardware equipment.

0.719

13. Managerial level should be able to identify external factor that can possibly affect goal achieving, such as politics, and society, etc. 0.692

14. Ability of accounting personnel in identifying odds and extent of internal and external risk occurrence 0.511

19. Proper authorization within unit and segregation of duties 0.718

23. Ability, experience or qualification of accounting personnel in executing internal audit. 0.570

26. Appropriateness of auditor’s report pursuing action 0.621

30. Extent of nonaccounting personnel in the understanding of accounting personnel’ ethical standard. 0.703

31. Timeliness and appropriateness of pursing action after every unit received outside information (press exposure, etc.) 0.532

Control activities

5. Ability of accounting personnel in appropriately perform tasks 0.638

14.708% 36.919%

18. Financial receipts and payments of unit and custody of finance, actualizing segregation of duties 0.569

20. Execute every policy or plane, establish clear system law or operating manual and then execute according to unit goal 0.760

21. Results of plan execution must be audited by either independently internal or external auditors. 0.648

22. Unit in-charge (supervisors) let unit personnel understand effectiveness of internal audit through training curriculum, meeting, or other methods

0.655

27.Achieving that internal and external information needed to achieve unit goal can be provided to unit in-charge (supervisor) 0.487

27

Risk evaluation and risk response

15. Management carefully analyzes recognized risk, and evaluates possibility of occurrence of “existing risk” “remaining risk” and managerial ability of consequences.

0.798

13.210% 50.129%16. Accounting personnel’ responsive ability toward changes in internal and external environment. 0.764

17. Management should select methods of risk response (avoiding, taking responsibility, reducing or sharing), and effectively take relative action.

0.694

Goal setting and items recognition

3. Accounting personnel’ integrity and value perspectives. 0.719

10.144% 60.273%10. Reliability of unit financial and nonfinancial information report 0.595

11. with relative laws and regulations. 0.727

Supervision

24. When accounting personnel execute internal audit, they all obey relative laws and regulations. 0.837

6.927% 67.200%25. Extent of unit in-charge (supervisor) concern about internal audit

work and their attitude toward suggestions made on screen. 0.500

Internal environment

2. The extent of variation accepted by unit in pursuing achieving entire mission or prospects 0.636

6.791% 73.992%8. Accounting personnel’s’ understanding toward unit mission and

prospects 0.678

Table 3: Cronbach’s α of each dimensions

Named of dimensions No. of sample Items of question Cronbach’s α

Information and communication 30 13 0.937

Control activities 30 6 0.870

Risk evaluation and risk reponse 30 3 0.925

Goals setting and items identification 30 3 0.756

Supervision 30 2 0.690

Internal environment 30 2 0.664

28

Table 4: Variance analysis of internal auditors with different gender

Dimensions No. of sample Average Std.

Dev. Source of variance

ANOVA

Sum of square

Degree of

freedom

Average sum of square

F test Significance


Male 202 7.96 0.96 Intergroup 6.03 1 6.03 6.41 0.012*

Female 25 7.44 1.04 Within group 211.84 225 0.94

Total 227 7.90 0.98 Total 217.87 226

Supervision

Male 202 8.38 1.11 Intergroup 0.10 1 0.10 0.08 0.782


Total 227 8.38 1.12 Total 285.42 226

Goals setting and items

identifications

Male 202 13.30 1.32 Intergroup 3.16 1 3.16 1.80 0.181


Total 227 13.26 1.33 Total 399.18 226


Male 202 12.22 1.51 Intergroup 4.66 1 4.66 2.11 0.148


Total 227 12.17 1.49 Total 501.64 226

Controlled activities

Male 202 24.83 2.51 Intergroup 3.41 1 3.41 0.53 0.468

Female 25 24.44 2.79 Within group

1450.44 225 6.45

Total 227 24.79 2.54 Total 1453.85 226


Male 202 53.18 5.24 Intergroup 40.14 1 40.14 1.48 0.225

Female 25 51.84 4.90 Within group

6089.58 225 27.07

Total 227 53.04 5.21 Total 6129.72 226

*p≦.05; **p≦.01; ***p≦.001; n＝227

29

Table 5: Variance analysis of internal auditors with different years of service

Dimensions No. of sample

Average

Std. Dev.

Source of variance

ANOVA

Sum of square

Degree of

freedom


F test Significance


less than 6 years 16 7.63 1.02 Intergroup 7.11 2 3.56 3.79 0.024*

6-15 years 163 7.83 1.01 Within group 210.76 224 0.94

more than 15 years 48 8.23 0.81 Total 217.87 226

Total 227 7.90 0.98

Supervision

less than 6 years 16 8.00 1.46 Intergroup 2.81 2 1.42 1.13 0.330



Total 227 8.38 1.12

Goals setting and

items identificatio

ns

less than 6 years 16 12.38 1.63 Intergroup 14.50 2 7.25 4.22 0.016*



Total 227 13.26 1.33





Total 227 12.17 1.49





Total 227 24.79 2.54

Information and

communication




Total 227 53.04 5.21

*p≦.05; **p≦.01; ***p≦.001; n＝227

30

Table 6: Post hoc test analyses of different years of service on “dimensions of internal environment” and “goals setting and items identifications”

Dependent variable (I) Years of service (J) Years of service Average difference (I-J)

Standard error

Significance


less than 6 years 6-15 years -0.21 0.25 0.713

more than 15 years -0.60 0.28 0.100

6-15 years less than 6 years 0.21 0.25 0.713

more than 15 years -0.39 (*) 0.16 0.048

more than 15 years less than 6 years 0.60 0.28 0.100

6-15 years 0.39 (*) 0.16 0.048

Goals setting and items identifications

less than 6 years 6-15 years -0.91(*) 0.34 0.032

more than 15 years -1.08 (*) 0.38 0.018

6-15 years less than 6 years 0.91(*) 0.34 0.032

more than 15 years -0.18 0.22 0.716

more than 15 years less than 6 years 1.08 (*) 0.38 0.018

6-15 years 0.18 0.22 0.716

*Significant of 0.05 level in average difference. (using Scheffe method)

Table 7: Variance analysis of internal auditors with different job positions

Dimensions No. of sample

Aver-age

Std. Dev.

Source of variance

ANOVA

Sum of square

Degree of freedom


F test Signifi-cance


Supervisor 21 7.76 1.10 Intergroup 0.46 1 0.46 0.47 0.490Non-super-

visor 206 7.92 0.97 Within group 217.41 225 0.97

Total 227 7.90 0.98 Total 217.87 226

Supervision

Supervisor 21 8.57 0.93 Intergroup 0.86 1 0.86 0.68 0.411Non-super-

visor 206 8.36 1.14 Within group 284.56 225 1.26

Total 227 8.38 1.12 Total 285.42 226

Goals setting and items identifications

Supervisor 21 13.48 0.98 Intergroup 1.13 1 1.13 0.64 0.426Non-su-pervisor 206 13.23 1.36 Within

group 398.05 225 1.77

Total 227 13.26 1.33 Total 399.18 226



group 501.31 225 2.23

Total 227 12.17 1.49 Total 501.64 226


Supervisor 21 26.05 2.06 Intergroup 36.68 1 36.68 5.82 0.017*Non-su-pervisor 206 24.66 2.55 Within

group 1417.2 225 6.30

Total 227 24.79 2.54 Total 1453.9 226



group 6129.6 225 27.24

Total 227 53.04 5.21 Total 6129.7 226

*p≦.05; **p≦.01; ***p≦.001; n＝227

31

Table 8: Pearson correlational coefficients of each dimensions

Classification Internal environment Supervision


identifications

Risk evaluations

and risk responses



Effectiveness of internal auditing

Internal environment 1

Supervision .218** 1

Goals setting and items identifications .365** .524** 1

Risk evaluations and risk responses .577** .557** .564** 1

Controlled activities .475** .735** .638** .755** 1

Information and communication .535** .552** .657** .757** .748** 1

Effectiveness of internal auditing .219** .293** .120* .266** .312** .319** 1

*p≦.05; **p≦.01; ***p≦.001; n＝227

Table 9: Simple regression analysis of each dimension

Dimensions R R2 Unstandardized coefficient Standardized

coefficient t-value Significance

Estimated value of β

Standard error

β distribution

Internal environment .219 .048 79.635 6.874 11.586 .000**

2.908 .863 .219 3.37 .001**

Supervision .293 .086 74.187 6.248 11.874 .000**

3.394 .739 .293 4.592 .000**

Goals setting and items identifications .12 .014

87.081 8.644 10.074 .000**

1.172 .649 .12 1.807 .036*

Risk evaluation and risk response .266 .071

74.281 6.888 10.784 .000**

2.329 .562 .266 4.145 .000**

Controlled activities .312 .098 62.846 8.106 7.753 .000**

1.605 .325 .312 4.932 .000**

Information and communication .319 .102

60.269 8.423 7.156 .000**

.799 .158 .319 5.052 .000**

*p≦.05; **p≦.01; ***p≦.001; n＝227

32

Table 10: Summary of research hypothesis and results of examination

Hypothesis Information and communication

Controlled activities Supervision




identificationsH1: Internal

auditors of different individual’s background variables are significant different in their awareness of the importance on risk management.

Gender - - - - Y -

Years of service - - - - Y Y

Job positions - Y - - - -

H2: Awareness of the importance on risk management has significant predictability on effectiveness of internal auditing.

Y Y Y Y Y Y

Figure 1: Research structure

H2 H1

Individual backgrounad

variable

1. Gender 2. Years of service 3. Job Position

Effectiveness of

internal auditing

Awareness of the importance on risk management

1. Internal environment 2. Goal setting and items

identifications 3. Risk evaluation and risk

response 4. Control activities 5. Information and communication 6. Supervision

IJRAM risk management and internal auditing

Documents

Transcript of IJRAM risk management and internal auditing