Date of Award
Doctor of Business Administration (DBA)
Dr. Dana Hermanson
Dr. Todd DeZoort
Dr. Divesh Sharma
This study examines the effects of internal audit reports issued to external stakeholders (the public) and internal audit reporting relationship types on internal auditors’ judgments. I use a 4 x 2 between-subjects experiment and practicing internal auditors as participants. I manipulate internal audit report type at four levels ((1) no external report issued by the internal audit function [current state of practice], (2) descriptive external report of internal audit activities, (3) assurance external report on the internal controls, and (4) a descriptive external report of internal audit activities and an assurance external report on the internal controls). Senior level internal audit’s reporting relationship is manipulated at two levels (primarily to management or primarily to the audit committee chair). I examine the effects of these independent variables on internal auditors’ fraud risk and control risk assessments.
I find that the issuance of an internal audit report (IAR) to external stakeholders affects internal auditors’ judgments. Specifically, internal auditors’ fraud risk assessments are higher (more conservative) when the IAR is assurance-based or both activities and assurance-based than when the report is only activities-based or there is no external report. Additionally, the results indicate that when the Chief Audit Executive reports primarily to the Audit Committee Chair (as opposed to management), internal auditors’ control risk assessments are higher (more conservative). This relation is marginally significant for fraud risk assessments. Overall, there is evidence that internal audit report type and reporting relationship each affect internal auditors’ judgments, increasing the conservatism of certain risk assessments when accountability to stakeholders or the audit committee increases.