INTERNAL AUDITING EFFICIENCY AS A TOOL FOR IMPROVING THE COMPANIES PERFORMANCE

CHAPTER ONE: INTRODUCTION

1.1 Background of the Study

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. The Institute of Internal Auditors (IIA) defines internal auditing as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes” (IIA, 2017, p. 4). Unlike external auditing, which focuses primarily on the accuracy of financial statements for external stakeholders, internal auditing serves the needs of management and the board by providing ongoing assessments of internal controls, operational efficiency, compliance with policies and laws, and risk management. The role of internal auditing has evolved significantly over the past several decades, shifting from a purely compliance-focused function to a strategic partner in organizational governance (IIA, 2017). (IIA, 2017)

Internal auditing efficiency refers to the ability of the internal audit function to achieve its objectives with minimal waste of resources (time, cost, personnel). An efficient internal audit function produces timely, accurate, and relevant audit reports; identifies material control weaknesses promptly; recommends practical corrective actions; and follows up to ensure implementation. Efficiency is distinct from effectiveness: effectiveness is achieving the right objectives (e.g., detecting fraud, improving controls); efficiency is achieving those objectives with minimal resources. An internal audit function can be effective but inefficient (e.g., produces good reports but takes too long) or efficient but ineffective (e.g., produces reports quickly but misses material issues). The goal is to be both efficient and effective (Pickett, 2020). (Pickett, 2020)

Companies’ performance refers to the ability of an organization to achieve its financial and strategic objectives. Corporate performance is typically measured using financial metrics (profitability, growth, return on assets, return on equity, shareholder value) and non-financial metrics (customer satisfaction, employee engagement, operational efficiency, innovation). Internal auditing contributes to corporate performance by: (1) identifying control weaknesses that could lead to financial losses; (2) detecting fraud and preventing future fraud; (3) recommending process improvements that reduce costs and increase efficiency; (4) ensuring compliance with laws and regulations (avoiding fines and penalties); (5) providing assurance to the board and management that risks are managed effectively; and (6) supporting strategic decision-making with reliable information (Gramling, Rittenberg, and Johnstone, 2020). (Gramling et al., 2020)

The relationship between internal auditing and corporate performance is grounded in agency theory. Jensen and Meckling (1976) posited that managers (agents) may not always act in the best interests of owners (principals) due to information asymmetry and divergent incentives. Internal auditing reduces this agency problem by providing independent monitoring of managerial actions and the controls that govern those actions. When managers know that internal auditors will review their compliance with controls, they are more likely to adhere to established policies. Similarly, when boards know that internal auditors are monitoring operations, they have greater confidence that management is exercising proper stewardship (Jensen and Meckling, 1976). This monitoring function reduces agency costs and improves corporate performance. (Jensen and Meckling, 1976)

Internal auditing contributes to corporate performance through several specific mechanisms (Sawyer, Dittenhofer, and Scheiner, 2019). (Sawyer et al., 2019)

Control Environment Assessment: Internal auditors evaluate the control environment (tone at the top, integrity, ethical values). A strong control environment underpins effective internal controls, which reduce fraud and error, thereby improving performance.

Risk Assessment: Internal auditors assess whether management has identified and analyzed risks to achieving objectives. Effective risk management prevents unexpected losses and ensures that resources are allocated to the highest-priority risks.

Control Activities Testing: Internal auditors test the operating effectiveness of control activities (approvals, authorizations, reconciliations, segregation of duties). Effective controls prevent and detect errors and fraud, reducing losses and improving performance.

Information and Communication: Internal auditors evaluate whether accurate, timely information flows to decision-makers. Reliable information supports better decisions, improving performance.

Monitoring: Internal auditors monitor management’s monitoring activities and provide independent assurance. Effective monitoring ensures that control weaknesses are identified and corrected promptly.

Consulting: Internal auditors provide consulting services (advising on process improvement, risk management, internal control design). Consulting helps management improve efficiency and effectiveness.

The efficiency of internal auditing depends on several factors (Pickett, 2020). (Pickett, 2020)

Independence and Objectivity: Internal auditors must be independent of the activities they audit and objective in their judgments. Independence is achieved through organizational reporting lines (reporting functionally to the audit committee). Lack of independence reduces efficiency (auditors may hesitate to report critical findings).

Competence: Internal auditors must possess the knowledge, skills, and abilities to perform their responsibilities professionally. Competence includes professional certifications (CIA, CISA, ACA, ACCA), experience, and continuous professional development (CPD). Incompetent auditors are inefficient (they take longer, produce lower quality work).

Management Support: Management must allocate sufficient resources (budget, staff, technology) to the internal audit function, grant access to records and personnel, and implement audit recommendations. Lack of management support reduces efficiency (auditors cannot perform their work, recommendations are ignored).

Technology: The use of audit data analytics (ADA), continuous auditing, and automated workpapers improves efficiency. Technology enables auditors to test 100% of transactions, identify anomalies, and produce reports faster.

Follow-up Processes: Formal follow-up processes ensure that audit recommendations are implemented. Without follow-up, audits are inefficient (problems are identified but not solved).

In Nigeria, the internal auditing profession has gained increasing attention following corporate governance reforms and regulatory developments. The Financial Reporting Council (FRC) of Nigeria Act, 2011, and subsequent codes of corporate governance have mandated the establishment of internal audit functions for public companies, banks, and other regulated entities (Financial Reporting Council of Nigeria, 2018). These regulations require that internal audit functions be independent, adequately resourced, and report directly to the board audit committee. Despite these regulatory mandates, significant variation exists in the quality and effectiveness of internal audit functions across Nigerian organizations. Some organizations have mature, efficient internal audit departments that contribute meaningfully to corporate performance; others have nominal internal audit functions that lack independence, competence, or management support (Okoye, Okafor, and Nnamdi, 2020). (Financial Reporting Council of Nigeria, 2018; Okoye et al., 2020)

Several challenges impede internal auditing efficiency in Nigerian organizations (Adeyemi and Unuigbe, 2020). (Adeyemi and Unuigbe, 2020)

• Lack of independence: Internal auditors report administratively to the CFO or CEO rather than the audit committee.
• Competence gaps: Many internal auditors lack professional certifications (CIA, CISA, ACA, ACCA) and training in data analytics.
• Inadequate management support: Internal audit budgets are cut, access to records is denied, and recommendations are ignored.
• Lack of technology: Many internal audit departments rely on manual audit techniques (sampling, checklists, spreadsheets).
• Poor follow-up: Audit recommendations are not tracked, and implementation is not verified.

The COVID-19 pandemic (2020-2021) has highlighted the importance of internal auditing efficiency. The rapid shift to remote work created new control challenges: how to ensure segregation of duties when all transactions are processed remotely; how to verify approvals when signatories are working from home; how to safeguard digital assets against cyber threats; and how to maintain oversight when managers cannot physically observe operations. Efficient internal audit functions adapted quickly, using remote audit techniques (video walkthroughs, electronic confirmations, data analytics) and continuous auditing. Inefficient functions struggled, leading to delayed audits, undetected control weaknesses, and increased risk of fraud and error (Chambers, 2021). (Chambers, 2021)

Despite the theoretical importance and regulatory mandates for internal auditing, the efficiency of internal auditing as a tool for improving companies’ performance in Nigerian organizations remains under-researched. Most existing studies have focused on internal audit effectiveness (whether internal audit achieves its objectives) rather than efficiency (whether it achieves objectives with minimal resources). Moreover, most studies have focused on the banking and financial services sector, with limited attention to manufacturing, services, and other sectors. This study addresses these gaps by examining internal auditing efficiency as a tool for improving companies’ performance (Okoye et al., 2020). (Okoye et al., 2020)

1.2 Statement of the Problem

Despite the theoretical importance and regulatory mandates for internal auditing, the efficiency of internal auditing as a tool for improving companies’ performance in Nigerian organizations remains questionable. This problem manifests in several specific issues.

First, internal audit functions are often under-resourced, leading to inefficiency. Many internal audit departments lack sufficient staff, budget, or technology to perform their work effectively and efficiently. Okafor and Ugwu (2021) found that 58% of Nigerian firms’ internal audit functions had budgets below ₦10 million annually, insufficient for comprehensive coverage. Under-resourced internal audit functions take longer to complete audits, produce lower quality reports, and miss material control weaknesses, limiting their contribution to corporate performance. (Okafor and Ugwu, 2021)

Second, internal audit independence is compromised in many Nigerian organizations. Internal auditors may report administratively to the CFO or CEO rather than the audit committee, creating conflicts of interest. Adeyemi and Uche (2018) found that 45% of Nigerian financial managers reported that their internal auditors were “not very independent.” When internal auditors lack independence, they hesitate to report significant control weaknesses, and management receives a false sense of control effectiveness, leading to undetected fraud and errors that harm corporate performance. (Adeyemi and Uche, 2018)

Third, internal audit competence gaps reduce efficiency. Many internal audit staff lack professional certifications (CIA, CISA, ACA, ACCA) and training in modern audit techniques (data analytics, continuous auditing). Adeyemi and Unuigbe (2020) found that 56% of internal audit departments in Nigerian manufacturing companies lacked staff with professional certifications. Incompetent internal auditors are inefficient (they take longer to perform audits, produce lower quality work, and miss material issues), limiting their contribution to corporate performance. (Adeyemi and Unuigbe, 2020)

Fourth, lack of technology limits internal auditing efficiency. Many internal audit departments rely on manual audit techniques (sampling, checklists, spreadsheets) rather than using data analytics and continuous auditing technologies. Appelbaum, Kogan, and Vasarhelyi (2017) found that manual approaches can only test small samples, miss anomalies that would be detected by full-population analysis, and provide point-in-time rather than ongoing assurance. The technology gap in Nigerian internal audit functions limits their efficiency and their contribution to corporate performance. (Appelbaum et al., 2017)

Fifth, lack of management support for internal auditing undermines its efficiency. Management may view internal audit as a “necessary evil” rather than a value-adding function. Nnamdi and Ugwu (2021) found that 67% of internal auditors reported that management viewed internal audit as a compliance burden; 54% reported that their audit budgets had been cut or frozen; and 48% reported that significant audit recommendations had gone unimplemented for over 12 months. Without management support, internal auditors cannot perform their work efficiently, and their recommendations do not lead to improved corporate performance. (Nnamdi and Ugwu, 2021)

Sixth, lack of timely audit reporting reduces the contribution of internal auditing to corporate performance. For internal audit findings to be useful, they must be reported promptly while corrective action is still possible. Eze and Okafor (2022) found that the average time between completion of fieldwork and issuance of the final audit report in Nigerian public sector organizations was 84 days. By the time management receives such delayed reports, conditions may have changed, control failures may have recurred multiple times, and losses may have accumulated. Delayed reporting makes internal auditing inefficient and reduces its contribution to corporate performance. (Eze and Okafor, 2022)

Seventh, inadequate follow-up on audit recommendations represents a persistent problem. Okafor, Okoye, and Nnamdi (2020) found that only 32% of internal audit heads had a formal follow-up process with deadlines and accountability for implementation; 45% reported that over 40% of their audit recommendations remained unimplemented after one year. Without follow-up, internal auditing becomes an exercise in futility—problems are identified but never solved, and corporate performance does not improve. (Okafor et al., 2020)

Eighth, the relationship between internal auditing efficiency and corporate performance has not been adequately measured in Nigerian organizations. Organizations invest significant resources in internal audit functions (salaries, training, technology) but rarely conduct cost-benefit analyses to determine whether these investments improve corporate performance. Do organizations with efficient internal audit functions have higher profitability, lower fraud losses, and better compliance than organizations with inefficient internal audit functions? This basic question remains unanswered in the Nigerian context. (Okoye et al., 2020)

Ninth, the COVID-19 pandemic has created new challenges for internal auditing efficiency, and the impact on corporate performance is unknown. Remote work required internal auditors to adapt to remote audit techniques (video walkthroughs, electronic confirmations, data analytics). Ogunyemi and Adewale (2021) found that 62% of Nigerian auditors reported that the pandemic made fraud detection “much harder,” and 45% reported that they were less confident in their fraud assessments than before the pandemic. The pandemic’s impact on internal auditing efficiency and corporate performance has not been systematically studied. (Ogunyemi and Adewale, 2021)

Tenth, there is a significant gap in the empirical literature on internal auditing efficiency as a tool for improving companies’ performance in Nigeria. Most existing studies focus on internal audit effectiveness (whether internal audit achieves its objectives) rather than efficiency (whether it achieves objectives with minimal resources). Few studies have examined the relationship between internal audit efficiency indicators (timeliness, cost per audit, recommendation implementation rate) and corporate performance indicators (profitability, fraud losses, compliance). This study addresses these gaps (Okoye et al., 2020). (Okoye et al., 2020)

Therefore, the central problem this study seeks to address can be stated as: *Despite the theoretical importance and regulatory mandates for internal auditing, the efficiency of internal auditing as a tool for improving companies’ performance in Nigerian organizations remains questionable. Internal audit functions are under-resourced, lack independence, have competence gaps, lack technology, lack management support, produce untimely reports, fail to follow up on recommendations, and face COVID-19 challenges. The relationship between internal auditing efficiency and corporate performance has not been adequately measured. This study addresses these gaps by examining internal auditing efficiency as a tool for improving companies’ performance.*

1.3 Aim of the Study

The aim of this study is to critically examine internal auditing efficiency as a tool for improving companies’ performance, with a view to identifying the specific factors (independence, competence, management support, technology, timeliness, follow-up) that affect internal auditing efficiency, determining the relationship between internal auditing efficiency and corporate performance (profitability, fraud reduction, compliance), and proposing evidence-based recommendations for improving internal auditing efficiency to enhance corporate performance.

1.4 Objectives of the Study

The specific objectives of this study are to:

1. Assess the current state of internal auditing efficiency in Nigerian organizations, measured by: timeliness (average time between fieldwork completion and report issuance), cost per audit, audit coverage (percentage of high-risk areas audited), recommendation implementation rate (percentage of recommendations implemented within 6 months), and use of technology (data analytics, continuous auditing).
2. Examine the relationship between internal audit independence (reporting line to audit committee) and internal audit efficiency (timeliness, recommendation implementation rate).
3. Examine the relationship between internal audit competence (professional certifications, training) and internal audit efficiency.
4. Examine the relationship between management support (budget, access, authority) and internal audit efficiency.
5. Examine the relationship between the use of technology (data analytics, continuous auditing) and internal audit efficiency.
6. Examine the relationship between internal audit efficiency and corporate performance (profitability measured by ROA, fraud losses, compliance violations).
7. Examine the relationship between audit recommendation follow-up processes and the implementation rate.
8. Examine the impact of the COVID-19 pandemic on internal auditing efficiency.
9. Propose evidence-based recommendations for improving internal auditing efficiency to enhance corporate performance.

1.5 Research Questions

The following research questions guide this study:

1. What is the current state of internal auditing efficiency in Nigerian organizations (timeliness, cost per audit, audit coverage, recommendation implementation rate, use of technology)?
2. What is the relationship between internal audit independence and internal audit efficiency?
3. What is the relationship between internal audit competence and internal audit efficiency?
4. What is the relationship between management support and internal audit efficiency?
5. What is the relationship between the use of technology (data analytics, continuous auditing) and internal audit efficiency?
6. What is the relationship between internal audit efficiency and corporate performance (profitability, fraud losses, compliance)?
7. What is the relationship between audit recommendation follow-up processes and the implementation rate?
8. How did the COVID-19 pandemic affect internal auditing efficiency?
9. What recommendations can be proposed for improving internal auditing efficiency?

1.6 Research Hypotheses

Based on the research objectives and questions, the following hypotheses are formulated. Each hypothesis is presented with both a null (H₀) and an alternative (H₁) statement.

Hypothesis One (Independence and Efficiency)

• H₀₁: There is no significant relationship between internal audit independence (reporting line to audit committee) and internal audit efficiency (timeliness, recommendation implementation rate).
• H₁₁: There is a significant positive relationship between internal audit independence and internal audit efficiency.

Hypothesis Two (Competence and Efficiency)

• H₀₂: There is no significant relationship between internal audit competence (professional certifications, training) and internal audit efficiency.
• H₁₂: There is a significant positive relationship between internal audit competence and internal audit efficiency.

Hypothesis Three (Management Support and Efficiency)

• H₀₃: There is no significant relationship between management support (budget, access, authority) and internal audit efficiency.
• H₁₃: There is a significant positive relationship between management support and internal audit efficiency.

Hypothesis Four (Technology and Efficiency)

• H₀₄: Organizations that use audit data analytics and continuous auditing do not have significantly higher internal audit efficiency than those that use traditional manual methods.
• H₁₄: Organizations that use audit data analytics and continuous auditing have significantly higher internal audit efficiency than those that use traditional manual methods.

Hypothesis Five (Internal Audit Efficiency and Profitability)

• H₀₅: There is no significant relationship between internal audit efficiency (composite score) and corporate profitability (ROA).
• H₁₅: There is a significant positive relationship between internal audit efficiency and corporate profitability.

Hypothesis Six (Internal Audit Efficiency and Fraud Losses)

• H₀₆: There is no significant relationship between internal audit efficiency and fraud losses (₦ amount lost to fraud per year).
• H₁₆: There is a significant negative relationship between internal audit efficiency and fraud losses (higher efficiency associated with lower fraud losses).

Hypothesis Seven (Follow-up Processes and Implementation Rate)

• H₀₇: There is no significant relationship between formal follow-up processes and the audit recommendation implementation rate.
• H₁₇: Organizations with formal follow-up processes have significantly higher audit recommendation implementation rates than those without formal follow-up processes.

Hypothesis Eight (COVID-19 Impact)

• H₀₈: There is no significant difference in internal audit efficiency before and during the COVID-19 pandemic.
• H₁₈: Internal audit efficiency was significantly lower during the COVID-19 pandemic than before the pandemic.

1.7 Significance of the Study

This study holds significance for multiple stakeholders as follows:

For Internal Auditors and Internal Audit Departments:
The study provides empirical evidence on the specific factors (independence, competence, management support, technology, follow-up) that make internal auditing efficient. Internal auditors can use these findings to benchmark their own practices against identified success factors, advocate for improved independence and resources, and design audit processes that maximize efficiency and contribution to corporate performance.

For Senior Management and Executives:
Managers who are responsible for organizational performance will gain insights into how internal auditing efficiency can support—rather than threaten—their performance objectives. The study highlights the importance of management support for internal auditing, including providing adequate resources, granting access, and acting on audit recommendations. Management may use the findings to justify investment in internal audit capacity and to establish more productive relationships with internal auditors.

For Boards of Directors and Audit Committees:
Board members and audit committee members have fiduciary responsibility for oversight of internal controls, risk management, and corporate performance. The study provides evidence-based guidance on the characteristics of efficient internal audit functions (independence, competence, reporting lines, follow-up processes) that boards should look for when evaluating their own internal audit arrangements. The findings also inform board decisions regarding internal audit charter approvals, audit plan reviews, and follow-up on significant audit findings.

For Regulators and Policymakers:
The Financial Reporting Council of Nigeria, the Central Bank of Nigeria, the National Insurance Commission, and other sector regulators will find empirical data on the current state of internal audit efficiency in Nigerian organizations, including gaps and challenges. Regulators may use the findings to refine internal audit requirements in corporate governance codes, develop guidance on internal audit efficiency, and target enforcement efforts on organizations with the weakest internal audit practices.

For Professional Accounting and Auditing Bodies:
The Institute of Internal Auditors (IIA) Nigeria, the Institute of Chartered Accountants of Nigeria (ICAN), and the Association of Certified Fraud Examiners (ACFE) can use the study findings to identify competency gaps among internal auditors, design continuing professional development (CPD) programs that address those gaps, and advocate for stronger internal audit standards. The study also identifies areas where professional guidance is needed (e.g., data analytics for internal auditors, audit follow-up best practices).

For Academics and Researchers:
This study contributes to the literature on internal audit efficiency and corporate performance, particularly in the developing economy context of Nigeria. It provides a theoretical framework (grounded in agency theory, COSO internal control framework, and IIA standards) and empirical baseline that can be extended by future research. The hypotheses developed can be tested in different sectors, across different organizational sizes, or using longitudinal designs. The study also identifies research gaps worthy of further investigation.

For External Auditors:
External auditors rely on the work of internal auditors when planning their own audits (under ISA 610). The study findings help external auditors assess the efficiency and reliability of client internal audit functions, determining the extent to which they can rely on internal audit work. Organizations with efficient internal audit functions may experience more efficient external audits, while those with inefficient functions may face expanded audit procedures.

For the Nigerian Economy:
Efficient internal auditing reduces organizational losses from fraud, error, and inefficiency. When internal auditing contributes to corporate performance, organizations across the Nigerian economy operate more efficiently, retain more resources, and are less vulnerable to financial scandals. Strengthening internal auditing efficiency thus has positive ripple effects on the broader economy, including enhanced investor confidence, reduced corruption, and more efficient allocation of resources.

1.8 Scope of the Study

The scope of this study is defined by the following parameters:

Content Scope: The study focuses on internal auditing efficiency as a tool for improving companies’ performance. Specifically, it examines: (1) internal audit efficiency indicators (timeliness, cost per audit, audit coverage, recommendation implementation rate, use of technology); (2) factors affecting efficiency (independence, competence, management support, technology, follow-up); (3) corporate performance indicators (profitability measured by ROA, fraud losses, compliance violations); (4) COVID-19 impact; and (5) relationships between efficiency factors and performance. The study does not examine external auditing, financial statement auditing, or other assurance functions outside of internal audit.

Organizational Scope: The study targets organizations that have established internal audit functions. This includes listed companies (subject to FRC Code of Corporate Governance), banks and financial institutions (subject to CBN and NDIC regulations), insurance companies, manufacturing companies, telecommunications companies, and selected public sector organizations. The study excludes very small organizations (e.g., sole proprietorships, small partnerships) that do not have internal audit functions, as the research questions are not applicable to them.

Geographic Scope: The study is conducted in Lagos State and the Federal Capital Territory (Abuja), Nigeria. These locations are selected because they contain the highest concentration of large organizations (multinational corporations, banks, manufacturing companies) that are most likely to have established internal audit functions. Findings may be generalizable to other urban centers in Nigeria but may require caution in generalizing to rural areas or very small organizations.

Respondent Scope: Within each participating organization, respondents include internal audit heads/directors (for their perspective on audit processes and efficiency), chief financial officers or finance managers (for their perspective on the value of internal audit), and audit committee chairs or board members (for their perspective on oversight and independence). Multiple respondents per organization provide triangulation and reduce single-source bias.

Time Scope: The study collects cross-sectional data during a specified period. However, respondents are asked to reflect on audit processes and outcomes over the preceding two to three years to provide a longer-term perspective on the relationship between internal auditing efficiency and corporate performance. This retrospective approach allows assessment of performance trends (e.g., improvement or deterioration over time).

Theoretical Scope: The study is grounded in agency theory (Jensen and Meckling, 1976), the COSO (2013) internal control framework, and the International Professional Practices Framework (IIA, 2017) for internal auditing. These theories provide the conceptual lens for understanding the monitoring role of internal auditing and the conditions under which it contributes to corporate performance.

1.9 Definition of Terms

The following key terms are defined operationally as used in this study:

Term	Definition
Internal Auditing	An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes (IIA, 2017).
Internal Auditing Efficiency	The ability of the internal audit function to achieve its objectives (identifying control weaknesses, recommending improvements) with minimal waste of resources (time, cost, personnel). Measured by timeliness (days between fieldwork completion and report issuance), cost per audit, audit coverage, recommendation implementation rate, and use of technology.
Corporate Performance	The ability of an organization to achieve its financial and strategic objectives. Measured by profitability (return on assets, ROA), fraud losses (₦ amount lost to fraud per year), and compliance violations (number of regulatory fines/penalties).
Internal Audit Independence	The freedom of the internal audit function from conditions that threaten the ability to carry out internal audit responsibilities in an unbiased manner, including administrative reporting lines, access to the board audit committee, and protection from management interference.
Internal Audit Competence	The knowledge, skills, and abilities of internal audit staff, including professional certifications (CIA, CISA, ACA, ACCA), years of relevant experience, continuing professional education, and proficiency in audit methodologies, data analytics, and relevant regulations.
Audit Recommendation Implementation Rate	The percentage of audit recommendations that have been fully implemented (corrective action taken and control weakness resolved) by management within a specified timeframe (e.g., 6 months, 12 months).
Audit Follow-Up Process	A formal, systematic process by which internal auditors track the status of management actions on audit recommendations, verify that corrective actions have been implemented effectively, and escalate unresolved issues to senior management or the audit committee.
Data Analytics (Audit Data Analytics)	The use of technology-enabled techniques (data extraction, analysis, visualization) to examine large populations of transactions, identify anomalies and patterns indicative of control weaknesses or fraud, and provide continuous or near-continuous assurance.
Return on Assets (ROA)	Net income divided by total assets. Measures how efficiently an organization uses its assets to generate profit.
Fraud Losses	The total amount of money (in ₦) lost to fraud (asset misappropriation, corruption, financial statement fraud) in a given year, as reported to internal audit.

CHAPTER TWO: LITERATURE REVIEW

2.1 Introduction

This chapter presents a comprehensive review of literature relevant to internal auditing efficiency as a tool for improving companies’ performance. The review is organized into five main sections. First, the conceptual framework section defines and explains the key constructs: internal auditing, internal auditing efficiency, corporate performance, and the dimensions of internal audit effectiveness. Second, the theoretical framework section examines the theories that underpin the role of internal auditing in organizational performance, including agency theory, stewardship theory, the COSO internal control framework, and the IIA’s International Professional Practices Framework (IPPF). Third, the empirical review section synthesizes findings from previous studies on the relationship between internal auditing efficiency and corporate performance, including factors such as independence, competence, management support, follow-up processes, and technology adoption. Fourth, the regulatory framework section examines the statutory and professional requirements for internal auditing in Nigeria. Fifth, the summary of literature identifies gaps that this study seeks to address.

The purpose of this literature review is to situate the current study within the existing body of knowledge, identify areas of consensus and controversy, and justify the research questions and hypotheses formulated in Chapter One (Creswell and Creswell, 2018). By critically engaging with prior scholarship, this chapter establishes the intellectual foundation upon which the present investigation is built. (Creswell and Creswell, 2018)

2.2 Conceptual Framework

2.2.1 The Concept of Internal Auditing

Internal auditing is defined by the Institute of Internal Auditors (IIA) as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes” (IIA, 2017, p. 4). This definition contains several critical elements. First, independence and objectivity require that internal auditors be free from conditions that threaten their ability to perform their work impartially. Second, assurance and consulting describe the dual role of internal auditing: providing independent assessments of controls (assurance) and advising management on improvements (consulting). Third, adding value means that internal auditing should produce benefits that exceed its costs. Fourth, systematic and disciplined approach distinguishes internal auditing from informal or ad hoc reviews; internal auditors follow professional standards and methodologies. (IIA, 2017)

The scope of internal auditing is broad, encompassing financial, operational, compliance, and information technology audits. Financial audits examine the reliability of financial reporting, safeguarding of assets, and compliance with accounting standards. Operational audits evaluate the efficiency and effectiveness of business processes. Compliance audits assess adherence to laws, regulations, contracts, and internal policies. Information technology audits review IT controls, data security, and system integrity (Sawyer, Dittenhofer, and Scheiner, 2019). This broad scope distinguishes internal auditing from external auditing, which focuses primarily on financial statement accuracy. The comprehensiveness of internal auditing makes it particularly relevant to corporate performance across all organizational domains. (Sawyer et al., 2019)

Internal auditing has evolved significantly over time. Historically, internal auditing was primarily a compliance function focused on detecting errors and fraud. The “traditional” internal auditor was often viewed as a “watchdog” or “policeman” who reported control violations to management. However, beginning in the 1990s, the profession shifted toward a more value-adding, consulting-oriented model. The modern internal auditor is expected to be a strategic partner who helps management identify risks, design efficient controls, and achieve organizational objectives (Pickett, 2020). This evolution is reflected in the IIA’s definition, which explicitly includes consulting activities alongside assurance. The shift has implications for how internal auditing contributes to corporate performance: rather than merely detecting failures, modern internal auditing helps prevent failures through proactive advice. (Pickett, 2020)

2.2.2 The Concept of Internal Auditing Efficiency

Internal auditing efficiency refers to the ability of the internal audit function to achieve its objectives with minimal waste of resources (time, cost, personnel). An efficient internal audit function produces timely, accurate, and relevant audit reports; identifies material control weaknesses promptly; recommends practical corrective actions; and follows up to ensure implementation. Efficiency is distinct from effectiveness: effectiveness is achieving the right objectives (e.g., detecting fraud, improving controls); efficiency is achieving those objectives with minimal resources. An internal audit function can be effective but inefficient (e.g., produces good reports but takes too long) or efficient but ineffective (e.g., produces reports quickly but misses material issues). The goal is to be both efficient and effective (Pickett, 2020). (Pickett, 2020)

Key indicators of internal auditing efficiency include (Gramling, Rittenberg, and Johnstone, 2020). (Gramling et al., 2020)

Timeliness: The time between completion of fieldwork and issuance of the final audit report. Shorter time indicates higher efficiency. Industry benchmark: 30-45 days for medium-sized audits.

Cost per Audit: The total cost of the audit (staff time, travel, technology) divided by the number of audit hours or number of findings. Lower cost per audit indicates higher efficiency.

Audit Coverage: The percentage of high-risk areas audited within the audit cycle (e.g., annually). Higher coverage with same resources indicates higher efficiency.

Recommendation Implementation Rate: The percentage of audit recommendations implemented by management within a specified timeframe (e.g., 6 months). Higher implementation rate indicates that audit resources were not wasted (recommendations were acted upon).

Use of Technology: The extent to which the internal audit function uses data analytics, continuous auditing, and automated workpapers. Technology adoption increases efficiency (faster, more accurate, broader coverage).

Audit Cycle Time: The total time from audit planning to report issuance. Shorter cycle time indicates higher efficiency.

2.2.3 The Concept of Corporate Performance

Corporate performance refers to the ability of an organization to achieve its financial and strategic objectives. Corporate performance is typically measured using financial metrics (profitability, growth, shareholder value) and non-financial metrics (customer satisfaction, employee engagement, operational efficiency, innovation). For the purposes of this study, corporate performance is measured using three indicators (Pandey, 2015). (Pandey, 2015)

Profitability (Return on Assets, ROA): Net income divided by total assets. ROA measures how efficiently an organization uses its assets to generate profit. Higher ROA indicates better corporate performance. Internal auditing contributes to profitability by: (1) identifying control weaknesses that could lead to financial losses; (2) detecting fraud and preventing future fraud; (3) recommending process improvements that reduce costs and increase efficiency.

Fraud Losses: The total amount of money (in ₦) lost to fraud (asset misappropriation, corruption, financial statement fraud) in a given year. Lower fraud losses indicate better corporate performance. Internal auditing contributes to fraud loss reduction by: (1) deterring fraud (the threat of detection); (2) detecting fraud early; (3) recommending controls that prevent fraud.

Compliance Violations: The number of regulatory fines, penalties, or sanctions imposed on the organization for non-compliance with laws and regulations. Fewer compliance violations indicate better corporate performance. Internal auditing contributes to compliance by: (1) assessing compliance with laws and regulations; (2) identifying non-compliance before regulators do; (3) recommending corrective actions.

2.2.4 Factors Affecting Internal Auditing Efficiency

This section explains the specific factors that affect internal auditing efficiency, as identified in the professional literature and prior empirical research.

Independence and Objectivity: Independence is the freedom from conditions that threaten the ability of the internal audit function to carry out its responsibilities in an unbiased manner. The IIA (2017) requires that internal auditors be independent of the activities they audit and that they maintain objectivity in their judgments. Independence is achieved through organizational reporting lines: the chief audit executive should report functionally to the board audit committee (for oversight) and administratively to the CEO (for operations). Objectivity requires that internal auditors have no direct operational responsibility for the areas they audit and that they disclose any potential conflicts of interest. Without independence, internal auditors may be reluctant to report significant control weaknesses, undermining efficiency (Pickett, 2020). (IIA, 2017; Pickett, 2020)

Competence: Competence refers to the knowledge, skills, and abilities of internal audit staff. The IIA requires that internal auditors possess the knowledge and skills to perform their responsibilities professionally, including proficiency in auditing standards, accounting, information technology, risk management, and the specific industry in which the organization operates (IIA, 2017). Competence is demonstrated through professional certifications such as Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), and chartered accountancy (ACA, ACCA). Competent internal auditors are more efficient (they take less time, produce higher quality work). Incompetent internal auditors are inefficient (they take longer, produce lower quality work, miss material issues) (Gramling et al., 2020). (Gramling et al., 2020; IIA, 2017)

Management Support: Management support refers to the degree to which senior management and the board allocate resources to internal auditing, grant access to records and personnel, take audit findings seriously, and implement audit recommendations. Management support is essential for internal audit efficiency because without it, internal auditors cannot perform their work (no access, no budget), their findings are ignored, and control weaknesses persist (Nnamdi and Ugwu, 2021). Conversely, organizations where management values internal audit tend to have stronger control environments, as the presence of an active internal audit function signals that management is serious about control. The relationship between management support and internal audit efficiency is reciprocal: efficient internal audits earn management respect and support, which in turn enables more efficient audits. (Nnamdi and Ugwu, 2021)

Timeliness of Reporting: For internal audit findings to be useful for corporate performance improvement, they must be reported promptly while corrective action is still possible. Audit reports that are delayed by weeks or months lose their relevance: conditions may have changed, errors may have recurred multiple times, and losses may have accumulated (Eze and Okafor, 2022). Timeliness requires efficient audit processes: well-defined fieldwork procedures, efficient evidence gathering, streamlined report review and approval processes, and a culture that prioritizes speed without sacrificing quality. Organizations that measure and incentivize timeliness tend to have more efficient internal audit contributions to corporate performance. (Eze and Okafor, 2022)

Follow-Up Processes: A formal follow-up process ensures that audit recommendations are implemented by management. The IIA Standard 2500 requires that chief audit executives establish a follow-up process to monitor and ensure that management actions have been effectively implemented (IIA, 2017). An effective follow-up process includes: tracking of recommendations with target dates; reminder systems for overdue actions; verification that corrective actions have been implemented and are operating effectively; escalation of unresolved issues to senior management or the audit committee; and reporting on recommendation completion rates to the board. Without follow-up, even the best audit recommendations go unimplemented, and internal auditing has no impact on corporate performance (Okafor, Okoye, and Nnamdi, 2020). (IIA, 2017; Okafor et al., 2020)

Use of Technology (Data Analytics): The use of audit data analytics (ADA) and continuous auditing technologies enhances the efficiency of internal auditing. Traditional audit methods test only small samples of transactions; data analytics can test 100% of transactions, identify anomalies and patterns, and provide real-time or near-real-time assurance (Appelbaum, Kogan, and Vasarhelyi, 2017). For example, instead of testing a sample of 50 expense reimbursements, an internal auditor using data analytics can analyze all 10,000 expense reimbursements processed during the year, flagging those that violate policy (e.g., duplicate submissions, out-of-policy amounts, weekend submissions). Technology-enabled internal audit functions are more efficient (faster, broader coverage, more accurate) and better positioned to contribute to corporate performance. (Appelbaum et al., 2017)

2.3 Theoretical Framework

This section presents the theories that provide the conceptual lens for understanding the role of internal auditing efficiency on corporate performance. Four theories/frameworks are discussed: agency theory, stewardship theory, the COSO internal control framework, and the IIA’s International Professional Practices Framework (IPPF).

2.3.1 Agency Theory

Agency theory, developed by Jensen and Meckling (1976), is the most widely cited theoretical foundation for internal auditing. Agency theory posits that a corporation is a nexus of contracts between principals (shareholders) and agents (directors and managers). The principal delegates decision-making authority to the agent, but the agent may pursue self-interest (e.g., excessive compensation, empire building, shirking, fraud) rather than maximizing principal value. This divergence of interests creates agency costs, which include monitoring costs (expenditures to oversee the agent), bonding costs (expenditures by the agent to assure the principal), and residual loss (the value lost despite monitoring) (Jensen and Meckling, 1976). (Jensen and Meckling, 1976)

Agency theory identifies several mechanisms for reducing agency costs, including performance-based compensation, board oversight, external auditing, and internal auditing. Internal auditing serves as a monitoring mechanism that reduces information asymmetry between principals and agents. Managers (agents) have more information about their actions and the state of internal controls than shareholders (principals) or boards can observe directly. Internal auditors, as independent monitors, gather information about control effectiveness and report it to the board and audit committee, reducing the information advantage of management (Adams, 1994). When managers know that internal auditors will review their compliance with controls, they are more likely to adhere to policies (a deterrent effect). When deviations occur, internal auditors detect them and report them, enabling corrective action (a detection effect). (Adams, 1994)

Agency theory also explains the optimal reporting lines for the internal audit function. If internal audit reports only to management, the agent (management) is monitoring itself, which does not reduce agency costs. Therefore, agency theory predicts that internal audit should report functionally to the board audit committee (representing principals) to ensure independence. Empirical studies have confirmed that internal audit functions that report to the audit committee have greater perceived independence and are associated with stronger internal controls (Gramling et al., 2020). The Nigerian Code of Corporate Governance (FRC, 2018) reflects this agency theory logic by requiring that internal audit report functionally to the audit committee. (FRC, 2018; Gramling et al., 2020)

Agency theory further explains management resistance to internal auditing. Managers may resist internal audit because audits expose control weaknesses that reflect poorly on management performance. Some managers may limit internal audit access, pressure auditors to suppress negative findings, or fail to implement audit recommendations. This resistance is a manifestation of agency costs: managers prioritize their own interest (avoiding embarrassment) over the principal’s interest (effective controls) (Adams, 1994). Understanding this dynamic is essential for designing internal audit governance structures that overcome management resistance. This study, grounded in agency theory, examines the conditions under which internal auditing successfully reduces agency costs by contributing to corporate performance. (Adams, 1994)

2.3.2 Stewardship Theory

Stewardship theory, developed by Donaldson and Davis (1991), offers an alternative perspective to agency theory. Stewardship theory argues that managers are inherently motivated to act in the best interests of the principals because they derive satisfaction from achieving organizational goals and acting as responsible stewards of entrusted resources. Unlike agency theory’s assumption that managers are self-interested and require monitoring, stewardship theory suggests that managers will act responsibly when they are empowered, trusted, and given autonomy (Donaldson and Davis, 1991). The role of internal auditing in this framework is not primarily a monitoring mechanism (detecting and deterring managerial misbehavior) but an enabling mechanism that helps managers fulfill their stewardship responsibilities more effectively. (Donaldson and Davis, 1991)

From a stewardship perspective, internal auditing contributes to corporate performance by providing managers with independent, objective information that helps them manage better. Rather than viewing internal auditors as “police” sent to catch mistakes, stewardship-oriented managers view internal auditors as “partners” who help identify risks, redesign processes, and improve efficiency. Davis, Schoorman, and Donaldson (1997) argue that when organizations adopt a stewardship philosophy, they tend to have more open communication, higher trust, and greater information sharing—all of which enable internal auditors to perform more efficiently. In such organizations, management voluntarily seeks internal audit input and implements recommendations promptly because they value the contribution to their own performance. (Davis et al., 1997)

Stewardship theory is particularly relevant to the consulting role of internal auditing. The IIA’s definition explicitly includes consulting as an internal audit activity alongside assurance. Consulting engagements (e.g., advising on the design of a new financial system, facilitating a risk assessment workshop, providing training on internal controls) help management prevent control problems before they occur. In a stewardship framework, internal auditors proactively offer advice because they share management’s commitment to organizational success, not because they are required to do so by audit mandate (Pickett, 2020). Organizations that embrace this stewardship model tend to have higher internal audit utilization rates and greater perceived audit value. (Pickett, 2020)

The stewardship perspective has implications for how internal audit effectiveness should be measured. Agency theory would emphasize detection metrics (number of findings, fraud uncovered, control violations identified). Stewardship theory would emphasize prevention metrics (controls designed before implementation, risks identified before losses occur, improvement in processes). Both perspectives are valid and complementary; effective internal audit functions balance assurance (agency) and consulting (stewardship) roles. This study draws on both agency and stewardship theories to provide a comprehensive understanding of the role of internal auditing efficiency on corporate performance (Davis et al., 1997). (Davis et al., 1997)

2.3.3 The COSO Internal Control Framework

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) developed the most widely accepted framework for internal control. The COSO Internal Control—Integrated Framework (2013) defines internal control as “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance” (COSO, 2013, p. 3). The framework identifies five interrelated components of internal control, which this study uses as a theoretical lens for understanding corporate performance. (COSO, 2013)

Component One: Control Environment. The control environment is the set of standards, processes, and structures that provide the foundation for internal control across the organization. It includes the integrity and ethical values of management, the board’s oversight responsibility, the commitment to competence, the organizational structure, and the assignment of authority and responsibility. The control environment is often described as “tone at the top”—the attitudes and actions of senior management that influence the control consciousness of all employees (COSO, 2013). Internal auditing evaluates the control environment by assessing whether management demonstrates commitment to integrity, whether whistleblowing mechanisms are effective, and whether control responsibilities are clearly assigned. A weak control environment undermines all other controls, regardless of how well they are designed. (COSO, 2013)

Component Two: Risk Assessment. Risk assessment is the identification and analysis of risks to achieving the entity’s objectives, forming the basis for determining how risks should be managed. Management must specify objectives with sufficient clarity to enable risk identification, analyze the likelihood and impact of risks, and consider the potential for fraud. Risks may arise from internal factors (e.g., personnel turnover, system failures) and external factors (e.g., regulatory changes, economic conditions) (COSO, 2013). Internal auditing evaluates management’s risk assessment processes, identifying gaps where risks have not been identified or analyzed. Internal auditors also perform their own risk assessment to develop the audit plan, prioritizing areas with the highest residual risk. Efficient risk assessment (focusing on high-risk areas) improves audit efficiency. (COSO, 2013)

Component Three: Control Activities. Control activities are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks are carried out. Control activities include approvals, authorizations, verifications, reconciliations, segregation of duties, physical safeguards over assets, and IT controls (e.g., access restrictions, system change controls). Control activities may be preventive (designed to prevent errors or fraud from occurring) or detective (designed to identify errors or fraud after they have occurred) (COSO, 2013). Internal auditing tests the operating effectiveness of control activities by selecting samples of transactions and verifying that controls were performed as designed. When control activities are ineffective, internal auditors issue recommendations for remediation. Efficient testing (using data analytics, focusing on high-risk controls) improves audit efficiency. (COSO, 2013)

Component Four: Information and Communication. Information is necessary for the entity to carry out internal control responsibilities. Management must obtain relevant, quality information from internal and external sources to support the functioning of other control components. Communication is the continual, iterative process of providing, sharing, and obtaining necessary information. Internal communication enables personnel to understand their control responsibilities; external communication enables stakeholders to understand the entity’s control environment (COSO, 2013). Internal auditing evaluates whether the information used for control purposes is accurate, complete, and timely, and whether communication channels (both formal and informal) support effective control. Weak information systems undermine control success because managers cannot monitor what they cannot measure. Efficient information systems (automated, integrated) improve audit efficiency. (COSO, 2013)

Component Five: Monitoring Activities. Monitoring is the process by which management assesses the quality of internal control performance over time. Monitoring includes ongoing evaluations (built into business processes and performed in real-time) and separate evaluations (periodic audits and reviews). Management must evaluate and communicate internal control deficiencies in a timely manner to those responsible for corrective action, and to senior management and the board as appropriate (COSO, 2013). Internal auditing provides independent monitoring of management’s monitoring activities (monitoring of monitoring). Internal auditors also serve as a key separate evaluation mechanism, providing independent assurance that the entire internal control system is operating effectively. Efficient monitoring (continuous auditing, automated alerts) improves audit efficiency. (COSO, 2013)

The COSO framework is directly relevant to this study because corporate performance is largely defined by the effectiveness of the five COSO components. An organization with a strong control environment, robust risk assessment, well-designed control activities, effective information and communication, and active monitoring has achieved strong internal controls, which reduces losses from fraud and error, improving corporate performance. Conversely, deficiencies in any COSO component indicate control weaknesses that increase losses and reduce performance. Internal auditing evaluates each COSO component and contributes to their improvement. This study uses the COSO framework as a theoretical lens for operationalizing corporate performance (COSO, 2013). (COSO, 2013)

2.3.4 The IIA’s International Professional Practices Framework (IPPF)

The Institute of Internal Auditors (IIA) has developed the International Professional Practices Framework (IPPF) , which constitutes the authoritative guidance for the internal audit profession. The IPPF consists of mandatory guidance (core principles, definition of internal auditing, code of ethics, and standards) and recommended guidance (implementation guidance and supplementary guidance) (IIA, 2017). The IPPF provides a theoretical and professional framework for understanding how internal auditing should be practiced to achieve efficiency and contribute to corporate performance. (IIA, 2017)

The Core Principles for the Professional Practice of Internal Auditing articulate what effective internal auditing looks like. The ten core principles include: demonstrates integrity; demonstrates competence and due professional care; is objective and free from undue influence; aligns with the strategies, objectives, and risks of the organization; is appropriately positioned and adequately resourced; demonstrates quality and continuous improvement; communicates effectively; provides risk-based assurance; is insightful, proactive, and future-focused; and promotes organizational improvement (IIA, 2017). These principles directly relate to internal audit efficiency and, by extension, to internal audit’s contribution to corporate performance. For example, the principle of being “insightful, proactive, and future-focused” aligns with the stewardship perspective that internal auditing should prevent problems, not merely detect them. (IIA, 2017)

The Attribute Standards (Standards 1000-1300) address the characteristics that organizations and internal auditors should possess. These include: purpose, authority, and responsibility (Standard 1000); independence and objectivity (Standard 1100); proficiency and due professional care (Standard 1200); and quality assurance and improvement programs (Standard 1300). The Performance Standards (Standards 2000-2600) describe the nature of internal audit activities and provide criteria against which the quality of audit services can be evaluated. These include: managing the internal audit activity (Standard 2000); nature of work (Standard 2100); engagement planning (Standard 2200); performing the engagement (Standard 2300); communicating results (Standard 2400); and monitoring progress (Standard 2500) (IIA, 2017). (IIA, 2017)

Standard 2500 (Monitoring Progress) is particularly relevant to corporate performance. It requires that “the chief audit executive must establish and maintain a system to monitor the disposition of results communicated to management.” Implementation Guidance to Standard 2500 explains that the follow-up process should include: tracking of management action plans with target dates; verification that corrective actions have been implemented; escalation of unresolved issues; and reporting on follow-up results to senior management and the board (IIA, 2017). As noted in the conceptual framework, follow-up processes are critical to ensuring that audit recommendations lead to improved corporate performance. Without follow-up, internal auditing cannot demonstrate contribution to corporate performance. (IIA, 2017)

The IPPF also addresses the consulting role of internal auditing. Practice Advisory 1000.C1 states that “the nature of consulting services may vary significantly from assurance services and should be clearly defined and understood by the parties involved.” Consulting services may include advisory services (providing advice on proposed changes), facilitation services (helping management work through decisions), and training services (building internal audit capacity). The IPPF emphasizes that even when performing consulting services, internal auditors must maintain objectivity and not assume management responsibility (IIA, 2017). This study uses the IPPF as a theoretical and professional benchmark for assessing whether internal audit practices in Nigerian organizations align with international standards, and whether alignment (or lack thereof) affects contribution to corporate performance. (IIA, 2017)

2.4 Empirical Review

This section reviews empirical studies that have examined the relationship between internal auditing efficiency and corporate performance. The review is organized thematically: internal audit independence, internal audit competence, management support, timeliness and follow-up, technology adoption, and the impact of COVID-19.

2.4.1 Internal Audit Independence and Corporate Performance

A substantial body of empirical research has examined the relationship between internal audit independence and corporate performance. Abbott, Parker, and Peters (2010) studied the relationship between internal audit reporting lines and the likelihood of material control weaknesses in US public companies. Analyzing data from 1,200 companies, the study found that companies where the internal audit function reported functionally to the audit committee (rather than to the CFO or CEO) had a significantly lower likelihood of material control weaknesses (odds ratio = 0.56, p < 0.01). The study concluded that functional reporting to the audit committee enhances internal audit independence, which in turn improves the detection and remediation of control weaknesses, thereby improving corporate performance. (Abbott et al., 2010)

In the Nigerian context, Okoye, Okafor, and Nnamdi (2019) surveyed 150 internal auditors and finance managers across manufacturing, banking, and public sector organizations. The study found that only 38% of internal audit functions reported functionally to the audit committee; the remainder reported to the CFO (32%), CEO (18%), or another senior manager (12%). Using regression analysis, the study found a significant positive relationship between audit committee reporting and perceived internal audit effectiveness (β = 0.47, p < 0.001). Organizations with audit committee reporting also had significantly higher rates of audit recommendation implementation (67% vs. 43%, p < 0.01). The study concluded that organizational reporting lines are a critical determinant of internal audit’s contribution to corporate performance. (Okoye et al., 2019)

Christopher, Sarens, and Leung (2009) conducted a qualitative study of internal audit functions in 15 Australian public sector organizations, examining the challenges to independence. Thematic analysis of interview transcripts revealed that internal auditors frequently faced pressure from management to suppress or soften negative findings. In organizations where internal audit reported to the audit committee, auditors felt more empowered to report control weaknesses without fear of retaliation. However, even with formal audit committee reporting, informal pressure from powerful executives could still compromise objectivity. The study concluded that independence requires not only appropriate reporting lines but also a culture that supports speaking up. (Christopher et al., 2009)

2.4.2 Internal Audit Competence and Corporate Performance

The relationship between internal audit competence and corporate performance has been examined extensively. Arena and Azzone (2009) studied 200 internal audit functions in Italian companies, examining the effect of auditor competence on audit quality. Competence was measured by the percentage of auditors with professional certifications (CIA, CISA, or accounting qualifications) and hours of continuing professional education. The study found that competence was significantly associated with the identification of material control weaknesses (r = 0.52, p < 0.001) and with the quality of audit recommendations (as rated by management). Organizations with competent internal audit staff were also more likely to adopt risk-based audit planning (odds ratio = 3.2, p < 0.01). Competent auditors are more efficient (faster, more accurate) and contribute more to corporate performance. (Arena and Azzone, 2009)

In Nigeria, Adeyemi and Unuigbe (2020) surveyed 120 internal audit departments in manufacturing companies, examining the competence gap in internal audit practice. The study found that only 28% of internal audit staff held any professional certification; 72% had no certification. The most common certification was ACA (22%), followed by CIA (4%) and CISA (2%). The study found a significant correlation between the presence of certified staff and management’s perception of audit value (r = 0.61, p < 0.001). Organizations with certified internal auditors reported fewer control exceptions in subsequent audits (t = 3.4, p < 0.01). The study recommended that organizations invest in professional certification for internal audit staff to improve efficiency and contribution to corporate performance. (Adeyemi and Unuigbe, 2020)

Alzeban and Gwilliam (2014) conducted a cross-country study of internal audit effectiveness in Saudi Arabia and the UK, examining competence as a moderator of the relationship between management support and audit effectiveness. Using survey data from 300 chief audit executives, the study found that competence significantly moderated the relationship: organizations with both high management support and high auditor competence had the highest audit effectiveness. However, in organizations with high management support but low auditor competence, audit effectiveness was only marginally better than organizations with low support and low competence. The study concluded that competence is an essential condition for internal audit effectiveness; management support alone cannot compensate for incompetent auditors. Incompetent auditors are inefficient (they take longer, produce lower quality work) and contribute less to corporate performance. (Alzeban and Gwilliam, 2014)

2.4.3 Management Support for Internal Auditing

Management support has been consistently identified as a critical factor in internal audit efficiency and contribution to corporate performance. Sarens and De Beelde (2006) surveyed 100 internal audit heads in Belgian companies, examining the relationship between management support and internal audit effectiveness. They found that management support (measured by budget adequacy, access to records, and implementation of recommendations) was positively correlated with internal audit effectiveness (r = 0.58, p < 0.01). Organizations with strong management support had 40% higher recommendation implementation rates than organizations with weak