Professional Documents
Culture Documents
An Examination of Internal Audit Function Size: Evidence From U.S. Government and Nonprofit Sectors
An Examination of Internal Audit Function Size: Evidence From U.S. Government and Nonprofit Sectors
SUMMARY: We examine factors associated with internal audit function (IAF) size in U.S.
government and nonprofit (GNP) entities. Our results, based on responses from 345 GNP
participants, indicate several factors related to organizational characteristics, IAF
characteristics, IAF responsibilities, and information technology (IT) tools and audit
activities that are associated with IAF size. Specifically, we find IAF size is positively
associated with: (1) mandated IAFs, (2) activity related to audits of general IT risks, (3)
use of a rotational staffing model, (4) degree of fraud detection responsibility, (5) conduct
of performance audits, (6) extent of sophisticated audit technologies, (7) organization
size, (8) opportunity to receive a bonus, and (9) age of the IAF. IAF size is negatively
related to (1) extent of access to records and property appropriate for the performance of
audits, (2) nonprofit organizations, (3) healthcare institutions, and (4) educational
institutions. Additional analysis reveals variation between large and small organizations.
Keywords: internal audit; government and nonprofit sectors; staffing; corporate
governance.
We thank workshop participants at the 2019 AAA Southeast Region meeting and the 2019 Ohio Region meeting for
helpful comments.
The Internal Audit Foundation granted access to the Common Body of Knowledge (CBOK) 2015 Global Internal Audit
Practitioner Survey on conditions of anonymity and confidentiality. Although the data were provided by the Foundation,
the views expressed in this study are those of the author and do not necessarily present positions or opinions of the
Foundation.
Sarah A. Garven and Audrey N. Scarlata, Middle Tennessee State University, Jones College of Business, Department
of Accounting, Murfreesboro, TN, USA.
Editor’s note: Accepted by Lisa Milici Gaynor.
A38
Garven and Scarlata A39
I. INTRODUCTION
G
overnment and nonprofit (GNP) organizations are major economic forces in our society
(Freeman, Shoulders, McSwain, and Scott 2018). Nonprofits (NPOs) employ over 10
percent of the workforce, receive over $330 billion in private contributions, hold more than
$5 trillion in assets, and contribute over $900 billion to the U.S. economy (McKeever 2015;
McKeever and Gaddy 2016). State and local governments report over $2.9 trillion in general
revenues and employ over 14 million full-time and almost 5 million part-time employees (U.S.
Census Bureau 2015a; U.S. Census Bureau 2015b). Collectively, the GNP sector accounts for
over a third of all U.S. economy expenditures (Freeman et al. 2018). Despite the importance of
GNPs to the U.S. economy, there has been limited investigation of their internal audit functions
(IAFs) beyond examining the effects of their presence or absence in an organization.
characteristics, IAF characteristics, IAF responsibilities, and information technology (IT) tools and
audit activities.
Using responses from 345 GNP participants in the Common Body of Knowledge (hereafter,
CBOK) 2015 Global Internal Auditor Practitioner Survey administered by the Institute of Internal
Auditors Research Foundation, we provide evidence that GNP IAF size is associated with
variables in all four sets of factors. These variables include organization size, IAF mandate, NPOs,
organizations classified as healthcare and educational institutions, IAF age, opportunity to receive
a bonus, use of a rotational staffing model, extent of access to records and property appropriate for
the performance of audits, degree of fraud detection responsibility, conduct of performance audits,
extent of activity related to audits of general IT risks, and extent of use of sophisticated audit
technologies. We also examine large and small organizations separately and find, among larger
Thousands of nonprofits compete for scarce resources and are commonly judged on what
proportion of these resources are dedicated to providing programs that fulfill the organization’s
mission, i.e., the program ratio (Garven, Hofmann, and McSwain 2016). Resources spent on the
IAF are considered administrative expenses. Although these resources are arguably key to helping
the organization accomplish its mission, they do not directly contribute to increasing a nonprofit’s
program ratio. This may result in the reluctance of some NPOs to funnel considerable amounts of
resources into the IAF. Governments, too, faced with ‘‘increasingly constrained public sector
budgets’’ (Aikins 2017, 1), may also be reluctant to spend considerable resources on activities that
do not provide direct service to citizens. As noted in a 2018 report by the Oregon Secretary of
State, the IAF is one of the first functions agencies cut in many states experiencing financial
difficulties (Richardson 2018). Thus, our study examines factors associated with GNP
Organizational Characteristics
The organizational characteristics we examine include: (1) organization size, (2) industry
classification (education, healthcare, and other), (3) type of entity (nonprofit or governmental), and
(4) whether an IAF is mandated. Larger GNP organizations are more complex and thus may be
scrutinized by the public more (Vermeer et al. 2006; C. Edmonds, J. Edmonds, B. Vermeer, and T.
Vermeer 2017), and hospitals and educational institutions are often subject to much more
complexity and regulation in their operations as compared to other types of organizations
(Vermeer et al. 2006). This increased complexity and scrutiny of operations may result in an
increased level of audit work, as well as adoption of stronger monitoring mechanisms (Beattie,
Goodacre, Pratt, and Stevenson 2001; Vermeer et al. 2006, Vermeer, Raghunandan, and
Forgione 2009). Thus, we expect a positive association between organization size and GNP
entities that are hospitals or educational institutions and IAF size.
As noted earlier, both governments and nonprofits may be reluctant to expend significant
resources on the IAF as these expenditures are not service-related. For nonprofits, such
expenditures lower their program ratio, a common measure of nonprofit efficiency, and research
has found a positive association between the program ratio and donations (Weisbrod and
Dominguez 1986; Posnett and Sandler 1989; Callen 1994; Tinkelman 1999; Okten and Weisbrod
2000; M. Yetman and R. Yetman 2013). Thus, nonprofits that are viewed as financially inefficient
risk a loss of donations, upon which many depend. Governments, however, which depend on
taxes, will normally continue operations even if they are deemed inefficient or ineffective
(Freeman et al. 2018). Thus, the need to demonstrate financial efficiency may be stronger for
nonprofits than governments. As such, we posit nonprofits may invest fewer resources into their
IAFs compared to governments and we expect a negative association between nonprofit
organizations and IAF size.
Certain organizations are required by law or regulation to have an IAF in place. For example,
within the public sector, there is often a mandatory requirement to have an IAF, the banking and
financial services industry has a general global requirement to have an IAF, and companies and
parent companies listed on the New York Stock Exchange are required to maintain an IAF
(Allegrini, D’Onza, Melville, Sarens, and Selim 2011; Sarens and Abdolmohammadi 2011).
Because organizations mandated to have an IAF operate in highly regulated environments and
typically face greater compliance risks, it is likely they will invest more in their IAF (Sarens and
Abdolmohammadi 2011). Examining Belgian companies, Sarens and Abdolmohammadi (2011)
find a mandate for the IAF is positively associated with IAF size. Consistent with prior research, we
expect a positive association between IAF mandate and IAF size.
IAF Characteristics
The IAF characteristics we examine include: (1) extent of access to property and records
appropriate for the performance of audit activities, (2) use of a rotational staffing model, (3)
opportunity to receive a bonus, and (4) IAF age. An IAF’s charter should ‘‘[authorize] access to
records, personnel, and physical properties relevant to the performance of engagements’’
(Interpretation to IIA Standard 1000: Purpose, Authority, and Responsibility) (IIA 2016). Greater
ease of access to such property and records will likely result in staffing efficiencies with the IAF
IAF Responsibilities
The IAF responsibilities we examine include: (1) degree of fraud prevention responsibility, (2)
degree of fraud detection responsibility, and (3) conduct of performance audits. Fraud is one of the
top risks organizations face (Anderson et al. 2017) and internal auditors ‘‘are increasingly being
asked to play a key role in preventing, deterring, and detecting fraud in for-profit, governmental,
and nonprofit organizations globally’’ (Anderson et al. 2017, 8–28). Fraud prevention and detection
activities conducted by internal audit may include whistleblower hotline monitoring, fraud
investigation, fraud awareness training, audits of internal controls related to fraud prevention or
detection, and fraud risk assessment facilitation (Araj 2015). As these activities require a
significant time commitment and redirect internal audit resources away from other important audit
activities (Araj 2015), we expect organizations heavily involved in fraud prevention and detection to
be associated with larger staffs, possibly even having dedicated fraud specialists on staff. Thus,
we expect a positive relationship between an IAF’s responsibilities related to the prevention and
detection of fraud and IAF size.
Deloitte’s ‘‘Internal Audit Insights 2018’’ report identifies operational risk assurance as a high-
impact area of focus for IAFs. The report notes operational (or performance) audits ‘‘focus mainly
on nonfinancial assets and processes’’ and ‘‘aim to determine how performance aligns with
management’s expectations, identify areas to be investigated, and propose enhancements’’
(Deloitte 2018, 13). The report further mentions the orientation of many internal auditors is toward
financial processes and performance, and IAFs should dig deeper into assessing operational
TABLE 1
Sample Selection
Number of Global Government and Nonprofit Organizations 3,647
Less: Non-U.S. organizations (2,881)
Less: Respondents who do not work as internal auditors within the (17)
organization where employed
Less: Observations with missing data (404)
Final Sample 345
Our data, taken from the results of the Common Body of Knowledge (CBOK) 2015 Global
Internal Audit Practitioner Survey, are provided by the Institute of Internal Auditors Research
Foundation (IIARF). The CBOK is the largest study of the internal audit profession in the world. An
online survey link was emailed to IIA members and posted on the IIA’s website, with survey
responses collected from February 2, 2015 until April 1, 2015 (Araj 2015). Approximately 14,500
practitioners across 150 North American chapters as well as 166 countries participated in the
survey (IIA 2015).
Of the approximately 14,500 practitioners that participated in the survey, 3,647 were from
GNP organizations. Since U.S. GNP organizations are the focus of our study, we narrow our
sample to U.S. respondents. Thus, we removed 2,881 non-U.S. observations. Because we only
wish to include observations in which the respondent indicated he/she works as an internal auditor
within the organization where employed, 17 additional observations were removed. An additional
404 observations were dropped due to missing responses, resulting in a final sample of 345 (see
Table 1).1
Empirical Model
1
Using statistical software, we examined the data on various organizational variables simultaneously to
determine if people from the same organization completed the survey in our sample. The results did not return
any duplicate observations; thus, we feel confident that our sample is composed of only one response per
organization.
TABLE 2
Pearson Correlation Coefficients
Panel A: IAF_SIZE—ROTATE
IAF_SIZE ORG_SIZE IND_EDUC IND_HLTH NPO MANDATE ACCESS ROTATE
ORG_SIZE 0.410**
IND_EDUC 0.095 0.129*
IND_HLTH 0.012 0.276** 0.188**
NPO 0.130* 0.039 0.077 0.358**
MANDATE 0.224** 0.002 0.029 0.258** 0.423**
ACCESS 0.026 0.098 0.027 0.039 0.051 0.027
Panel B: BONUS—IT_GENRISK
BONUS IAF_AGE PREV_FRAUD DET_FRAUD PERF_AUDIT IT_TOOLS IT_GENRISK
IAF_AGE 0.004
PREV_FRAUD 0.083 0.033
DET_FRAUD 0.029 0.012 0.480**
PERF_AUDIT 0.055 0.053 0.086 0.024
IT_TOOLS 0.197** 0.098 0.072 0.048 0.154**
IT_GENRISK 0.242** 0.095 0.009 0.051 0.05 0.420**
IT_SECURITY 0.260** 0.155** 0.069 0.056 0.042 0.435** 0.720**
**, * Indicate correlation is significant at the 0.01 and 0.05 levels, respectively (two-tailed).
SECURITY is 0.72) and an analysis of variance inflation factors (VIFs) in the model does not
indicate problems with multicollinearity. All VIFs are less than ten, with a high of 2.32.
The variables are defined as follows (See Appendix A for original CBOK survey questions):
IAF_SIZE ¼ natural log of full-time equivalent employees in IAF;
ORG_SIZE ¼ natural log of employees in organization;
IND_EDUC ¼ 1 if organization industry classification is Educational Services, 0 otherwise;
IND_HLTH ¼ 1 if organization industry classification is Health Care and Social Assistance, 0
otherwise;
NPO ¼ 1 if organization type is nonprofit organization (not related to government), 0 otherwise;
MANDATE ¼ 1 if IAF is mandated, 0 otherwise;
ACCESS ¼ IAF’s extent of access to records and property appropriate for the performance of
audits (1 ¼ None of the time; 2 ¼ Some of the time; 3 ¼ Most of the time; 4 ¼ All of the
time);
Descriptive Statistics
Table 3 provides descriptive statistics for the final sample. Internal audit size is measured as
the log of the number of full-time equivalent employees and has a mean of 1.88 (or about 7
employees).
Organizational Characteristics
Average organization size (also a logged value) is 7.53 (or about 1,900 employees). Fourteen
percent of the sample are in the educational services industry, 18 percent are in the healthcare
industry, and the remaining 68 percent are classified as ‘‘Other’’ (e.g., finance and insurance,
utilities, arts, entertainment, and recreation). Thirty percent of the sample consist of nonprofit
organizations and an IAF is mandated for 45 percent.
IAF Characteristics
The mean for extent of access to records and property appropriate for performing audits is
3.48, which translates to the IAF having access most of the time. A mere 12 percent of
organizations have a process in place to rotate employees through the IAF as part of
management training. The low usage of rotational programs is consistent with findings from the
Deloitte 2016 Global Chief Audit Executive Survey and may be attributed to barriers such as a
lack of support from senior management and a common view that an internal audit rotation is
not a career accelerator (Deloitte 2016). Although paying bonuses to internal auditors is viewed
by some as a possible threat to an internal auditor’s independence (DeZoort et al. 2000;
McLeod 2014), approximately 32 percent of internal auditors in the sample are eligible to
receive one. The average age of the IAF is 2.82 (logged value) which translates to
approximately 17 years.
IAF Responsibilities
The sample mean for preventing fraud is 1.85, which translates to IAFs having, on average,
some of the responsibility for preventing fraud. The sample mean for detecting fraud is 2.11, which
indicates that IAFs also have some of the responsibility for detecting fraud. Almost half (48
percent) of sample IAFs reported doing a performance audit in the last year.
TABLE 3
Descriptive Statistics (n ¼ 345)
25th 75th Std.
Variable Name Mean Median Min Pctl. Pctl. Max Dev.
Dependent Variable
IAF_SIZE 1.88 (1.79) 0.00 1.10 2.48 4.61 1.18
Independent Variables
Organizational Characteristics
ORG_SIZE 7.53 (7.60) 4.32 6.31 8.70 10.36 1.64
IND_EDUC 0.14 (0.00) 0.00 0.00 0.00 1.00 0.35
TABLE 4
Multivariate Regression Results
IAF SIZE ¼ b0 þ b1 ORG SIZE þ b2 IND EDUC þ b3 IND HLTH þ b4 NPOt þ b5 MANDATE
þ b6 ACCESS þ b7 ROTATE þ b8 BONUS þ b9 IAF AGE þ b10 PREV FRAUD
þ b11 DET FRAUD þ b12 PERF AUDIT þ b13 IT TOOLS þ b14 IT GENRISK
þ b15 IT SECURITY þ e
(mean ¼ 1.95), with less than minimal activity on average and less than 4 percent of IAFs
indicating extensive activity.
Multivariate Analysis
Table 4, Model 1 reports our full sample regression results. The model is statistically
significant at the p , 0.001 level with an adjusted R2 of 0.4321.
Organizational Characteristics
Consistent with expectations and with Anderson et al. (2012), Goodwin-Stewart and Kent
(2006), and Gronewold and Heerlein (2009) we find organization size is positively associated with
IAF size (p , 0.0001). These results are possibly due to the increased complexity and scrutiny of
operations these organizations face, which may result in an increased level of audit work, fueling
the need for a larger staff. Contrary to expectations, compared to organizations classified as
‘‘Other,’’ organizations classified as educational institutions or healthcare institutions are negatively
associated with IAF size (p ¼ 0.0094 and p ¼ 0.0705, respectively). A possible explanation for
these results is a recent decrease in funding to these two industries, stemming from declines in
state appropriations for public education and declines in federal money for healthcare as a result of
the Affordable Care Act (Woodhouse 2015). This, coupled with an increased focus on providing
direct value-added services to combat consumer criticism over rising prices (Woodhouse 2015),
may result in their IAFs having to make do with less. NPOs in the sample, compared to the
governmental organizations, are negatively associated with IAF size (p ¼ 0.0473). The need to
between the extent of IT general risk audit activity (p ¼ 0.0019), but no association between extent
of IT privacy and security compliance audit activity, and IAF size (p ¼ 0.7490). We posit these
differing audit activity results may be related to a supply of talent. As noted in Anderson et al.
(2017, 7–6), all internal auditors are expected to understand ‘‘the IT risks that threaten the
achievement of their organizations’ business objectives.’’ Thus, organizations involved extensively
in IT general risk audits may find it easier to supply the required extra staff they need. Alternatively,
audits of privacy and security compliance likely require the use of auditors with IT expertise, which
are in short supply and high demand. Thus, to supply the IT talent they need, many organizations
may have to go outside the function to find those with the required IT skills.
Additional Analysis
Some limitations of our study should be noted. An inherent limitation of using ‘‘off-the-rack’’
survey data is that we were unable to examine certain variables that should be related to IAF size,
such as those related to outsourcing and audit committees.2 Thus, we encourage future
researchers to examine the effects of these variables as well as others on the current model.
Additionally, our sample includes only a small number of U.S. GNP participants who chose to
participate in the CBOK survey. Thus, caution is warranted in inferring how the variables examined
relate to the broader set of GNP organizations. As with all survey research, we do not have the
ability to ensure the questions were answered accurately and by the appropriate person (Garven et
al. 2016). Finally, although our study provides insights into factors associated with GNP IAF size, it
does not identify which IAF factors relate to organizational efficiency or improved organizational
performance, nor does it identify the ‘‘right’’ sized IAF for any particular organization. We invite
REFERENCES
Aikins, S. 2013. Government internal auditors: The determinants of quality supervisory review of audit documentation.
International Journal of Public Administration 36 (10): 673–685. https://doi.org/10.1080/01900692.2013.791309
Aikins, S. 2017. An investigation of the relationships between time invested in government internal audit projects and
audit outcomes. Journal of Accounting and Finance 17 (7): 159–173.
Alhajri, M. 2017. Factors associated with the size of internal audit functions: Evidence from Kuwait. Managerial
Auditing Journal 32 (1): 75–89. https://doi.org/10.1108/MAJ-12-2015-1289
Allegrini, M., G. D’Onza, R. Melville, G. Sarens, and G. Selim. 2011. What’s Next for Internal Auditing? Report IV.
Altamonte Springs, FL: Institute of Internal Auditors Research Foundation.
Anderson, R., and J. Svare. 2011. Imperatives for Change: The IIA’s Global Internal Audit Survey in Action. Altamonte
Springs, FL: Institute of Internal Auditors Research Foundation.
Anderson, U., M. Christ, K. Johnstone, and L. Rittenberg. 2012. A post-SOX examination of factors associated with
the size of internal audit functions. Accounting Horizons 26 (2): 167–191. https://doi.org/10.2308/acch-50115
Anderson, U., M. Head, S. Ramamoorti, C. Riddle, M. Salamasick, and P. Sobel. 2017. Internal Auditing: Assurance &
Advisory Services. Lake Mary, FL: Internal Audit Foundation.
Araj, F. 2015. Responding to Fraud Risk: Exploring where Internal Auditing Stands. Altamonte Springs, FL: The
Institute of Internal Auditors Research Foundation.
Barua, A., D. V. Rama, and V. Sharma. 2010. Audit committee characteristics and investment in internal auditing.
Journal of Accounting and Public Policy 29 (5): 503–513. https://doi.org/10.1016/j.jaccpubpol.2010.09.001
Beattie, V., A. Goodacre, K. Pratt, and J. Stevenson. 2001. The determinants of audit fees: Evidence from the
voluntary sector. Accounting and Business Research 31 (4): 243–274. https://doi.org/10.1080/00014788.2001.
9729619
Callen, J. 1994. Money donations, volunteering, and organizational efficiency. Journal of Productivity Analysis 5 (3):
215–228. https://doi.org/10.1007/BF01073908
Cangemi, M. 2015. Staying a Step Ahead: Internal Audit’s Use of Technology. Altamonte Springs, FL: Institute of
Internal Auditors Research Foundation.
Cangemi, M., and T. Singleton. 2003. Managing the Audit Function: A Corporate Audit Department Procedures Guide.
Hoboken, NJ: John Wiley & Sons, Inc.
Carcello, J. V., D. R. Hermanson, and K. Raghunandan. 2005a. Factors associated with U.S. public companies’
investment in internal auditing. Accounting Horizons 19 (2): 69–84. https://doi.org/10.2308/acch.2005.19.2.69
2
Anderson et al. (2012) examine size of the audit committee, number of audit committee meetings, number of
audit committee meetings in which the CAE attends, if the audit committee approves the IAF’s budget, the
percentage of internal audit activities outsourced to third parties, and the percentage of internal audit activities
outsourced to other departments. Sarens and Abdolmohammadi (2011) look at audit committee activity and the
proportion of independent board members. Goodwin-Stewart and Kent (2006) examine directors’ shareholdings
and number of audit committee meetings. Alhajri (2017) examines audit committee size.
Carcello, J. V., D. R. Hermanson, and K. Raghunandan. 2005b. Changes in internal auditing during the time of the
major U.S. accounting scandals. International Journal of Auditing 9 (2): 117–127. https://doi.org/10.1111/j.1099-
1123.2005.00273.x
Deloitte. 2016. Evolution or irrelevance? Internal audit at a crossroads. Available at: https://fdocuments.in/document/
evolution-or-irrelevance-deloitte-us-audit-consulting-2018-05-22.html
Deloitte. 2018. Internal audit insights 2018: High-impact areas of focus. Available at: https://www2.deloitte.com/
content/dam/Deloitte/global/Documents/Audit/gx-audit-high-impact-areas.pdf
DeZoort, F.T., R. Houston, and J. Reisch. 2000. Incentive-based compensation for internal auditors. The Internal
Auditor (June): 43–46.
Edmonds, C., J. Edmonds, B. Vermeer, and T. Vermeer. 2017. Does timeliness of financial information matter in the
governmental sector? Journal of Accounting and Public Policy 36 (2): 163–176. https://doi.org/10.1016/j.
jaccpubpol.2017.02.002
Freeman, R. J., C. D. Shoulders, D. N. McSwain, and R. B. Scott. 2018. Governmental and Nonprofit Accounting:
PricewaterhouseCoopers (PWC). 2018. Moving at the speed of innovation: The foundational tools and talents of
technology-enabled internal audit. Available at: https://www.pwc.co.uk/audit-assurance/assets/pdf/moving-at-
the-speed-of-innovation.pdf
Reck, J. L., and S. L. Lowensohn. 2016. Accounting for Governmental & Nonprofit Entities. New York, NY: McGraw-
Hill Education.
Richardson, D. 2018. Opportunities exist to increase the impact of state agency internal audit functions. Available at:
https://sos.oregon.gov/audits/Documents/2018-25.pdf
Sarens, G., and M. Abdolmohammadi. 2011. Monitoring effects of the internal audit function: Agency theory versus
other explanatory variables. International Journal of Auditing 15 (1): 1–20. https://doi.org/10.1111/j.1099-1123.
2010.00419.x
Sarens, G., M. Allegrini, G. D’Onza, and R. Melville. 2011. Are internal auditing practices related to the age of the
internal audit function? Managerial Auditing Journal 26 (1): 51–64. https://doi.org/10.1108/02686901111090835
Tinkelman, D. 1999. Factors affecting the relation between donations to not-for-profit organizations and an efficiency
APPENDIX A
Variable Mapping
Data were obtained from the CBOK 2015 Global Internal Audit Practitioner Survey (Lake Mary,
Florida, U.S.: The Internal Audit Foundation). Question numbers and wording are provided below.
Visit www.theiia.org/CBOK for more information. The views in this study reflect the researchers’
opinions and are not intended to represent the position or policies of The IIA or the Internal Audit
Foundation.
Question
Variable Name Number Question Wording
Dependent Variable
APPENDIX A (continued)
Question
Variable Name Number Question Wording
IAF Characteristics
ACCESS Q86 In your opinion, to what extent does the internal audit
department at your organization have complete and
unrestricted access to employees’ property and records as
appropriate for the performance of audit activities?
1 ¼ ‘‘All of the time’’; 2 ¼ ‘‘Most of the time’’; 3 ¼ ‘‘Some of
the time’’; 4 ¼ ‘‘None of the time’’
ROTATE Q45 Does your organization have a process in place to rotate staff
APPENDIX A (continued)
Question
Variable Name Number Question Wording
IT Tools and Audit Activities
IT_TOOLS Q134_A_1 to What is the extent of activity for your internal audit department
A_11 related to the use of the following information technology (IT)
tools and techniques? 1 ¼ ‘‘None’’; 2 ¼ ‘‘Minimal’’; 3 ¼
‘‘Moderate’’; 4 ¼ ‘‘Extensive’’, or ‘‘Not applicable/I don’t know’’
1. A software or a tool for internal audit risk assessment.
2. An automated tool for internal audit planning and
scheduling.