The Contribution of Internal Audit to the Strategic Objectives of Organization - Literature review Example

THE CONTRIBUTION OF INTERNAL AUDIT TO THE STRATEGIC OBJECTIVES OF ORGANIZATION Introduction The internal audit is the most significant tool to accessthe internal processes that a business organization is performing. The role of internal audit is not only to find the gaps in the process but also give the functions a space to modify in accordance to market and changing business dynamics. The paper would describe the strategic role of the internal audit processes in business and study its role in context of risk management. The organizational strategic objectives and its correlation with internal audit processes and their contribution would be further studied herein. The risks and fraud detection capacities of the internal audit process with suitable examples from the industry is discussed. Internal Audit: The Strategic Role The business strategizes its processes and future plans to adapt with the changing market scenario and competitors influence in objective achievements. This alignment is audited to understand and analyze the fundamentals of the business to find the balance between the cost and value of the business offerings (Abbott et al. 2010). Further, the business performs internal audit to remain relevant in the competitive business conditions and makes contributions to the overall corporate governance, risk and internal control management. The reporting of the findings is done by the audit committee to the senior management along with new initiatives taken to do course corrections. Nevertheless, Chapman (2006) suggested the internal audit needs to have the following strategic vision to create a formal strategic execution process. Develop and refine the strategic vision to incorporate the stakeholders roles and responsibilities to formulate a long term audit strategy Identify and prioritize the strategic key for employee development required to achieve the objectives. Tools and technology along with knowledge of business is one that needs to be sufficiently ensured for audit’s success Design key performance indicators for internal audit itself to determine the audits initiatives and alignment towards the desired outcomes for the process of audit Develop operational strategy to help internal audit accomplish its objectives along with performance milestones to measure the process success Nevertheless, Wieczorek et al. (2002) argues that the objective of the business is to have optimum use of its resources in the process of objective achievement. Thus internal audit form a structured, systematic process to develop internal plans enabling alignment with its vision and mission. The business checks for the following in the Internal Audit processes: Changes In the organizational strategies if needed to set the alignment with the pre set objectives Degree Of organization’s growth and process maturity, Effectiveness Of the risk assessment and management measures Controls and corporate governance Measures as applicable on a particular business Integrity and accountability Of each individual stakeholder in the business Process and legal compliances As followed by the business. Venables and Impey (1988) suggest that the role of the internal audit is thus to measure the affectivity of the plans strategized and give the management an idea of the gaps to close any deviations. Further, the role of internal audits in business is very often used to access the compliance with the rules and laws of the state in its processes. However, Berkowitz (2001) argues that the other aspects of internal audit and its importance in detecting fraud, controls and deficits therein and establishment of financial losses. The broader aspects of strategic formulation through internal audit in risk assessment are developed herein (Ismail, 2012). Data analysis and continuous auditing: The capability of the business of identifying the early warning systems to mitigate the risks by efficiently by allocating the resources. The continuity and frequency of the process ensures the processes are in-line with the objectives set for the business. Business use the internal audit process as a strategic tool for improvements thus the cost of having such an audit costs the business its Opportunity cost, which it could have used in other ventures. However, the Return of Invested Security can be calculated in a quantified manner by back calculating the cost that internal audit saves had a risk identified, happened. Therefore the cost savings made with investments on strategic application after internal audit is the strategic long term gain for business. Although the assumed value cannot be exact but the probable appropriation gives a rough idea to the managers (Gerrard and Bettis, 2011). Strategic Initiatives and planning: The business plans the financial year or a period to achieve few objectives. These objective achievements are based upon the execution of processes developed at each level (Pridgen and Wang, 2012). The hierarchy however develops the area of responsibility into processes to achieve these goals. The planning helps in identifying the major areas of performance, period of each task, expenses to be incurred in the process, revenue to be earned like different factorials in them (Tysiac, 2015). Hence Usg.edu (2014) suggests, the risks are minimized by the strategic initiatives with planned execution structure so that it does not deviate from the objective outcomes. Develop the Corporate Governance culture: The employee survey process gives the internal audit the idea about the employee’s requirements to achieve the set objectives. The gap between the expected skills and current existing skills and along with the gaps in performance is identified by the internal audit helping (Selby, 2012). The business develops the processes like training, grievance management initiatives to fill the gaps for maximum manpower utility. Leitch (2008) observed that the compliance of the rules and laws of a particular business environment is determined in the process of audit creating the space for the business to adhere to those. Application and utility of the existing policies are effectively measured to minimize the risks in a business. New Business Lines: The process is very important for the business to identify the new markets and develop processes to be suitable and valid in such market conditions. The merger, acquisition, new market venture would depend upon the processes as followed by the business. Thus Nichols (2014) observed that in the particular market, to be stable and be effective as competitor within the existent market set up, the business needs to be able to develop process that increases the value and minimize cost in the new market or new ventures. Internal audit gives the idea of what all needs to be done to suitable align with a new venture. Tax strategies: The payment of regulatory dues like Excise and tax is guided by the laws of the land. The compliance with those financial norms of the state is guided by the internal audit thereby reducing the risks of non-compliances. Ian woodruff the Director of Tax Practice at Grant Thornton (2015) said “we are seeing more heads of tax reporting into the audit committee and the board to report on tax risks and controls, so the issue is becoming more important and is considered a boardroom risk"1. From the derivations it can be said that the strategic planning processes have the influence of the internal audit where the business evaluates the alternative strategies in objective achievements keeping internal and external factors in the loop. The audit considers the objectives through mission and vision statements and determines the alternatives from internal and external analysis and determines the SWOT (Strength, weaknesses, Opportunities and threats). Leitch (2008) suggests that the internal audit, during strategic planning process seeks for process compliance levels, cross functional involvements to see right man for right job, communicate and set the measurements to check the objective success and thus prepare the business for any eventualities. Figure 1: Alignment of Strategic Internal Audit processes (Source: Selim and McNamee, 1999, pp. 160) Developing Strategic Audit’s objectives: The first step for the auditor is to understand the department’s role, business, and stakeholder’s needs, in objective achievement. Therefore the mandate for the audit is set that needs to be accomplished over a period of time. Prioritize the key strategic initiatives: Based on mandate and strategic vision of the business, the internal audit’s objectives are aligned on risk, operational and financial priorities. The tools, methods, staffing to conduct such a business objective based audit which are flexible enough to anticipate changes, risks and address them likewise. Design KPI (Key Performance Indicators): Determination of the internal Audit measures on a success or failure benchmarking to track its priorities about the success of the process is done. Aligning the audit process to suite the stakeholders need and expectations by tracking productivity and value driven measures of the audit is laid down for auditor’s evaluation. Developing operational strategy: Detailing the activities to achieve strategic initiatives and milestones and functional communication to the stakeholders or senior management is designed. Again the flexibility of the process to change its priorities with changing needs is included to maximize the role of internal audit in business. Value Projection Value Creation Figure 2: Value Projection to Creation (Source: Expertise.us, 2015) However, Brown et al. (2012) observed that the internal audit can only identify and put forward their observations and findings to the senior management but do not act as an executive body. The internal auditors are paid by the company for their performance of audit. Thus the auditor is only answerable to the top management and performs the oversight of management activities without any bias. The role of the internal audit to prevent fraud has been discussed as a strategic tool for the business, from time to time. IPPF or International Professional Practice Framework for the Auditors discusses the role of the internal audit to meet professional standards to avoid fraud and detect them in the process of audit. The fraud detection process of internal audit along with fraud prevention and detection forming an internal control and investigation is a key part of internal audit (Fin.ucar.edu, 2014). The diagram below elucidates the strategic planning process that gives the idea of internal audit’s space in such a planning process. The identification of each task, allocating resources for each of the tasks, monitoring the execution to see the improvements and setting standards for future performance or derive the results to modify further, are all that the internal audits role in developing strategies for operations. These strategies are designed with a view of strategic execution, where the existing processes are not compatible with set objectives, identified in internal audit process (Forbes.com, 2015). The case of Qantas Airways is one where the internal audit specified the business have nearly 50 aircrafts extra in its fleet, compared to its other competitors when average flight hour of the global carrier’s were compared. This led the business identify and sell those extra crafts to gain cost savings and put more focus on consumer services (Quantasneesroom.com.au, 2014). The process not only reduced the cost of operations but also added value and identified the ‘opportunity cost’ fund for consumer service development. The Strategic Planning Lifecycle (Figure 3: Expertise.us, 2015) Prevention The internal audit can thus provide the top management a way to establish ethics, honesty and assist management to find internal control processes and its strength to assess and reduce fraud risks. Collier (2009) suggests that the organizational internal audit can be more effective if the audit chief reports to the board of directors functionally. A variety of consultation, collaborative, advisory and investigative approach in organizational internal audit prevents risk of fraud from happening. However, Nichols (2014) argues that the cost of resources spend for risk management can be better invested for some other venture in business. The idea is that the opportunity cost of managing risks is thought to have better uses in other business ventures. Again, it is evident that Internal Audits are preventive measures that minimizes business overhead spending upon many an area as manpower, wastages etc. Therefore the preventive cost is taken as a ‘utility’ fund to reduce the cost that risks may bring in (Iia.org.au, 2015). Detection Internal auditors are exposed to every part of the process in a business and have the scope to discuss with senior management. Again, the internal audits determine competencies and skill sets to priories and give an idea about the training and development needs (Acharyya and Brady, 2014). Therefore the audit plans are suitable for detection of scopes of fraud and also give the business an idea of its fraud detection capabilities. Randall (2014) suggests that in the Venture Capital and Private Equity market the risk of fraud can be suitably curbed by making the steps of fraud detection more vibrant. The research carried out in the Title Insurance Company in Chicago is an example of such fraud being made. The Intervention and further policy setting to detect and prevent fraud in future even with a lower manpower count with a four step reconciliation of accounts method, custom build for the organization by Vonya Global. Investigation Internal audit process is dependent upon gathering of evidences and data to represent each aspect of the business. Reporting to the top management the auditors can build their level of independence and objectivity necessary to detect investigation of serious nature. Either directly or indirectly the objective can be developed to detect fraud by the internal auditor. However the experience and expertise for such investigation and prevention process development is necessary for the auditors. Few also have the certifications as specialized internal auditors (Theiia.org, 2013). Various economies have developed its own set of laws to comply with the internal audit process. The SOX (Sarbanes-Oxley Act) is one for example in United States that governs the internal audit processes and its compliances. In UK the process is governed by the directives of CIIA (Charter Institute of Internal Auditors) about the nature and extent of the internal audit. Authorities like Prudential Regulation Authority and Financial Conduct Authority are also available for their judgement and supervision for the guidelines formed. However an overall International or multi economic set of rules and guidelines are absent where the IIA’s (Institute of Internal Audit) set of guidelines are followed as the common set of guidelines for the auditors for multinational businesses (Collier, 2009). Internal audit processes of the business gives an idea of the strategic transition that the business needs to follow in the new venture processes. The significance of the audit is to justify the role of M&A for a business to its stakeholders as the high risks associated with such ventures in a new market can be identified and avoided (Na.theiia.org, 2014). Consultants globally like Pricewaterhouse Coopers (PWC), Ernst and Young (E&Y), Voyna Global are few firms to name who specializes in Internal Audit procedures for third party businesses. The PWC’s Global Transportation Audit for the Logistics firms conducted gives an insight along with a strategic framework for the 2030 Logistics management with a vision for future (Pwc.com, 2014). CONTRIBUTION TO INTERNAL AUDIT IN ENTERPRISE RISK MANAGEMENT The business tries to protect its return on investments and grow in a certain market with few pre set objectives. However in the words of the CFO for Research and Crowe group “More than 65 percent of CFOs and more than 70 percent of audit committee members say managing enterprise risk is the biggest challenge their organizations face in the coming 12 months. The results suggest Enterprise Risk Management (ERM) is a challenge even greater than financial reporting and improving internal controls2”. Nevertheless, Coram et al. (2011) suggests that the enterprise or business would try to manage the risks and keep the way towards the objective error free. To identify and manage the risks that may deviate organizational objectives, is the risk management measure a business undertakes (Auditandrisk.org.uk, 2015). Enterprise risk management is the function that can be initiated after the SWOT or strength, weaknesses, opportunities and threats are assessed. In this regard it is quoted “Risk management as a discipline in business has been around for a while, but the collapse of credit markets would suggest it’s still in its infancy3”. The process of identifying the strengths and weaknesses of a particular business can only be done with a process analysis framework as done in internal audit. Internal audit functions are therefore the basis of such strategic application of enterprise risk management. Therefore, the transformation of the internal processes is more proactive in risk management terms where the internal audit is based upon risk-measured operations. Connelly (2014) suggests, ERM or the enterprise risk management is based to manage the following aspects of the business: Strategic- affecting the achievement of strategic goals and objectives Compliance- affecting the legal aspects of the business in a particular nation Reputational- affects public perception and reputation Financial- affecting the asset, financial aspects, technology Operations- affecting ongoing management processes and practices. Enterprise Risk management is important in achieving the objectives set for the business. The utility of resources and maximization of assets use is strategically planned in accordance to the objectives. Vlaovic-Begovic and Ilic-Pupovac (2012) suggested the efforts of the internal audit in risk management are focused upon the following: Identification and prioritization of the risks Alignment of process, people and policies or systems with strategies Key performance Indicator identification and definitions Analysis and quantification of the risk factors in new business venture and strategies Understanding of the shared risks among various projects and initiatives Risk management is a process that gives the business an opportunity to design and implement steps to minimize the risks. The internal audit creates the platform to identify and mitigate the risks that can affect the business. Schwartz (2013) suggests the role of value preservation and value creation in the internal audit is immense. The value preservation is the key to maintenance of strength as it is in a market where the business would work upon the current state to build more value to expand in the market. Kagermann (2008) suggest that the value creation in the internal audit focus upon finding new ways to create skills and controls to create more value for the stakeholders. The activities to initiate behavioural change, prioritize growth, eliminate costs, reduce the complexity and make the competency of the business enhanced in a market (Jalilvand and Malliaris, 2012). However, for an internal audit to be successful in its objectives needs to have the following to qualify as a quality internal audit. Scope and emphasis Internal audit may address risks from various perspectives finance, operations, compliances and strategies along with changing business perspectives. Portfolio of services Traditional audit assurances for risk related processes along with others like monitoring of major company initiatives. Competency development The internal audit also makes it clear and evident about the skills and competency needed to perform a job thereby assessing the training requirements. Technology The use of technology helps in processing the data more precisely and analysis becomes easier for the auditors with technology use. Figure 4: The Objectives of a successful Internal Audit (Source: Flight, 2002) After the audit processes are over the auditors prepares the report for the management to conclude the findings from the process. Mohamed et al. (2012) suggested that the audit report needs to have the elements of 5Cs in its body to be effective. Condition: The problem identified descriptions Criteria: The standards those were not met in comparison to benchmark or organization standards Cause: The reasons for the problem or such identified deviations Consequence: The risks that are identified in the process Corrective actions: Actions to be taken by the management to solve those issues within the set time frame. Risks Categories (Source: Coram et al. 2011, pp. 116) The risks can be categorized as short term or long term risks based upon the findings. The internal audit can serve as a tool to evaluate the control mechanisms in the process of business to mitigate those risks. The internal processes can be further developed to mitigate the future risks by evaluating the tools and processes along with employee skills sets to adapt with changing market conditions. The audit thus plays an important role to give the business an idea of how successful it is and what all it needs to incorporate to further manage risk through task driven systems internally. The business may take strategic measures for the period to mitigate the risks by organizing its procedures to have least long term effects of future risks. The process gives the management an idea of a balanced report that provides executives to evaluate and prepare a balanced scorecard with opportunities to evaluate and weigh issues in terms of priority and context perspectives (Anon, 2013). The balanced scorecard approach of course depends upon the quality of auditors along with the objective of the management that conducts the internal audit processes. Hardy (2015) argued that the report formed by the auditors can also be used to give a performance benchmark to the process managers along with recommendations to improve the performances. Therefore the role of the audit functions in functional improvements and objective alignment is key to a business. However, quantifying the risks in a business can help the managers with credible data to suggest the spending on them. Pickett and Pickett (2005) suggested that the risk management is not very competent in quantifying the actual cost or harm that it may pose on business as the risk assessments are based on assumed harms. For an example the risk due to natural disaster can be a risk factor but the Audit may miss upon the risks that may happen due to human error. Ignoring such a variable is possible during an internal audit which may pose as a critical element undetermined in future. However, Vlaovic-Begovic and Ilic-Pupovac (2012) suggested that the use of Information Technology has made a difference in those cases where the risks are unpredictable but not random. Therefore the actions can be statistically analyzed for a quantifiable value. In such a case where the Internal Audit fails to quantify due to lack of data, the statistical probabilities may act as assessor with some knowledge of enterprise past. Even though the quantification is done on mathematical terms the quantified findings are but well informed guesses. Therefore the quantifiable elements in risk assessment by internal audit processes are subjective and different in accordance to the nature of industry it is done upon. The organizational risk capacities or risk appetite is dependent upon various business conditions. The maximum amount of risk that the business can sustain or the amount of appetite that the business shows for the future is calculated upon the strengths of the businesses (Barnes and Preston, 1985). Risk in achieving a potential value or the hindrance that the risks may put forth for the business are based upon the audited likelihood of the risk along with the impact or consequences that the risk has. The Internal audit sets the course for the control or modification of events to negate the inherent risks however the residual risks may stay even after it (Anon, 2013). Identification and suitable actions to negate the chances of anything harmful for the business is suitably identified and exposed by the internal audit mechanisms. Risk Management: Internal Audit Processes (Sources: Schwartz, 2013. Pp. 3) The other part of the internal audit is huge when the process encompass the business merger acquisition or new venture development motives. The audit of a particular market in context of a particular business would give the idea of what all needs to be changed or modified to accommodate the business in that market, especially new markets (Apostolou and Alleman, 1991). However, the observation is that there is a gap in a new market is not very much of a focus for an internal audit. The operational risk management in internal audit is based out of the objectives set for an existing market in existing set of business conditions. Nevertheless, Brown et al. (2013) suggests that the objectives in a new market, with the inputs of compliance, risk management and governance, can be measured by internal audit to get an idea of the change or modifications needed to suite a particular condition. The probability of risk “the potential that a specific threat will exploit the vulnerabilities of an asset or Risk=Probability*Impact.4” The probability has a value as discusses earlier, which is derived based upon past data and experiences as a ‘quantified guess’5. In this space, VoynaGlobal like audit firms specializes in Enterprise Risk management software developments for such quantifiable solutions to risks. The tools to evaluate the risks in the future with concurrent market and process risks are evaluated on the SOX guidelines, when preparing the governance tools for the organization (Isaca.org. 2015). Reporting The reporting of the internal audit continuously monitors, control and assess the performance of individual and business units. This reporting further helps in reporting of each and every business department and personnel job to the senior management making the reporting structure open to further introspection. The format not only assesses the risks with early detection but also assess the gaps, if any to reduce them and have the best of output. The continuous process gives a control tool to the senior management. Identification The internal audit processes identifies the process where the gap exists between the objective oriented performance and deviations from it. The identification of the gaps and deviations gives the space for assessment and prioritize the needs of address. The one that needs the first look and thus the simultaneous process developments are assessed and identifies for suitable solution. The identification of the faults and therefore prioritizing the measures upon the need and urgency basis is clarified by the internal audit. The remedies for the same are determined once the identification is complete. Remedy The process to avoid, reduce and expedite the processes to reach the objective is planned and executed in the process. The remedy is the step that the internal process helps the business is risk management and early detection of the same. The remedy from the process deviation and gaps formed in actual application of strategies are identified and to avoid them and get back to the objective oriented process. The risk assessment and remedy is the risk avoidance process got by the business via internal audit. Conclusions The process of internal audit and its use in business process for risk management and strategic planning process is studied. The role of internal audit in assessing the organizational objectives and its role in formulating the plans to determine the deviations in the business processes is discussed. The risk can only be mitigated once they are identified. However not all risks are quantifiable thus the contribution of the same towards strategic risks due to external factors, remains to be determined. The strategic objectives are formulated based upon internal and external business conditions with the view of maximum utilization of resources for objective achievements. Nevertheless, the internal factors can be managed to a larger extend with internal audit functions but the risk projection from an external factor is largely independent from such assessments. The anticipatory role of internal audit to such external conditions and variables are mush dependent upon previous data quantified statistically that may not hold well in every situation. Reference List Abbott, L., Parker, S. and Peters, G., 2010. Serving Two Masters: The Association between Audit Committee Internal Audit Oversight and Internal Audit Activities. Accounting Horizons, 24(1), pp.1-24 Acharyya, M. and Brady, C. 2014. Designing an Enterprise Risk Management Curriculum for Business Studies: Insights From a Pilot Program. Risk Management and Insurance Review, 17(1), pp.113-136. Anon, 2013. [online] Available at: [Accessed 4 Feb. 2015]. Apostolou, B. and Alleman, F., 1991. Internal audit sampling. Altamonte Springs, Fla.: Institute of Internal Auditors. Auditandrisk.org.uk, 2015. “Audit and Risk“ January 2015 - Audit & Risk. [online] Available at: [Accessed 17 Feb. 2015]. Barnes, I. and Preston, J., 1985. The Skuthorpe enterprise zone: an example of muddled interventionism. Public Administration, 63(2), pp.171-181 Berkowitz, S., 2001. Enterprise risk management and the healthcare risk manager. Journal of Healthcare Risk Management, 21(1), pp.29-38. Brown, S., Brown, S. and Holmes, A., 2012. Internal Audit in Higher Education. Hoboken: Taylor and Francis. Chapman, R., 2006. Simple tools and techniques of enterprise risk management. Chichester, West Sussex, England: J. Wiley & Sons. Colino, R, 1986. The People Factor in an International Enterprise in Turnaround. Asia Pacific Journal of Human Resources, 24(3), pp.10-15. Collier, P., 2009. Fundamentals of risk management for accountants and managers. Amsterdam: Elsevier/Butterworth-Heinemann. Connelly, N., 2014. Sharing in the Caring: Enterprise Risk Management, Disney style. Journal of Healthcare Risk Management, 34(2), pp.3-3 Coram, P., Ferguson, C. and Moroney, R. 2011. Internal Audit, Alternative Internal Audit Structures, and the Level of Misappropriation of Assets Fraud. SSRN Journal. Expertise.us, 2015. Auditing Strategic Risks: Turning Risks into Oppertunity. [online] Available at: [Accessed 23 Feb. 2015]. Forbes.com, 2015. Three Steps to Internal Audit Transformation. [online] Available at: [Accessed 24 Feb. 2015]. Fight, A., 2002. Measurement and internal audit. Oxford, England: Capstone Pub. Fin.ucar.edu, 2014. UCAR Ethics. [online] Available at: [Accessed 11 Feb. 2015]. Gerrard, T.H. and Bettis, M., 2011 Quantifiable Risk: Assumptions and Probability. (2013). [online] Available at: [Accessed 12 Feb. 2015] Hardy, K., 2015. Enterprise Risk Management. San Francisco: Jossey-Bass. Hodges, A., 2000. Emergency Risk Management. Risk management (Bas), 2(4), pp.7-18. Iia.org.au, 2015. Internal Auditor Magazine - Institute of Internal Auditors (Australia). [online] Available at: [Accessed 16 Feb. 2015] Isaca.org, 2015. Quantifying Information Risk and Security. [online] Available at: [Accessed 12 Feb. 2015]. Ismail, T. 2012. Internal auditors perception about their role in risk management audit in Egyptian banking sector. International Journal of Economics and Accounting, 3(2), p.196. Jalilvand, A. and Malliaris, A., 2012. Risk management and corporate governance. New York: Routledge. Kagermann, H., 2008. Internal audit handbook. Berlin: Springer. Leitch, M. 2008. Intelligent internal control and risk management. Aldershot, England: Gower. Mohamed, Z., Mat Zain, M., Subramaniam, N. and Wan Yusoff, W., 2012. Internal Audit Attributes and External Audits Reliance on Internal Audit: Implications for Audit Fees. International Journal of Auditing, 16(3), pp.268-285. Quantasneewsroom.com.au, 2014. Qantas Group Strategy Update, (Online), Available at: [Accessed 5 Feb. 2015] Theiia.org, 2014. International Professional Practices Framework (IPPF). [online] Available at: [Accessed 5 Feb. 2015] Nichols, A., 2014. A guide to effective internal management system audits. Ely, Cambridgeshire, UK: IT Governance Pub. Pickett, K., 2005. Auditing the risk management process. Hoboken, N.J.: Wiley. Pickett, K. and Pickett, J., 2005. Auditing for managers. Chichester, West Sussex, England: John Wiley & Sons. Pridgen, A. and Wang, K., 2012. Audit Committees and Internal Control Quality: Evidence from Nonprofit Hospitals Subject to the Single Audit Act. International Journal of Auditing, 16(2), pp.165-183. PwC, 2014. Business Megatrends and their implications. [online] Available at: [Accessed 10 Feb. 2015]. PwC, 2015. 2014 State of the Internal Audit Profession Study. [online] Available at: [Accessed 10 Feb. 2015]. Randall, S. 2014. Segregation of Duties: Fraud Prevention for Venture Capital and Private Equity. [online] Vonya Global Internal Audit Blog. Available at: [Accessed 11 Feb. 2015]. Schwartz, M. 2013. Do Not Audit Internal Control Over Financial Reporting Audit Internal Control!. EDPACS, 48(4), pp.1-11. Selby, S., 2012. Industry, Enterprise and Energy: Caleb Atwater and the Meaning of Ohio. Ohio History, 119(1), pp.101-118. Selim, G. and McNamee, D. 1999. The risk management and internal auditing relationship: developing and validating a model. Int. J. Audit., 3(3), pp.159-174. Smith, J., 1932. Log of Steamship "Enterprise," 1825. Transactions of the Newcomen Society, 13(1), pp.165-181. Tysiac, K., 2015. Four steps to formalize internal audit strategic impact. [online] Journal of Accountancy. Available at: [Accessed 6 Feb. 2015]. Usg.edu, 2014. Enterprise Risk Management - Internal Audit & Compliance – University System of Georgia. [online] Available at:< http://www.usg.edu/audit/risk >[Accessed 5 Feb. 2015]. Venables, J. and Impey, K., 1988. Internal audit. London: Butterworths. Vlaovic-Begovic, S. and Ilic-Pupovac, M., 2012. The role of internal audit in companies risk management. Skola biznisa, (2), pp.20-28. Wieczorek, M., Naujoks, U. and Bartlett, R., 2002. Business continuity. Berlin: Springer. Read More