Abstract
This book focuses on changes in the internal audit function (IAF) following the introduction of an enterprise resource planning (ERP) system. ERP systems are cross-functional integrated systems consisting of software modules supporting operational activities such as accounting, control and human resources. ERP systems have implicit in their design a new institutional logic for controlling business and information. The IAF is one of the most interested functions in the IT infrastructure and its impact on the internal control system; therefore, it has been affected by ERP systems implementation. Corporate governance is defined as the system by which companies are directed and controlled. Internal auditing is considered as an integral part of the corporate governance mosaic, which play a significant role in assuring an effective internal control system. This book focuses on the corporate governance rules and regulations related to the IAF and the role of the IAF in contributing to the governance process through assuring the internal control system, where internal controls promote efficiency, reduce risk of asset loss and help ensure the reliability of financial statements and compliance with laws and regulations. Changes in the IAF have been broadly discussed in the literature. Certainly, internal auditing has attracted the attention of the other governance actors (board of directors, audit committees and external auditors) who face external pressures for assurance about corporate governance practice. Internal auditing is receiving more attention than ever before. However, despite the progress in the theoretical and empirical efforts to study IAF changes, in the governance and IT contexts and despite the consensus that asserts the role of the IAF as an actor in helping to tackle governance problems, there are important areas which have been overlooked and that need attention from both scholars and practitioners.
Access provided by CONRICYT-eBooks. Download chapter PDF
Similar content being viewed by others
1.1 Background
This book focuses on changes in the internal audit function (IAF) following the introduction of an enterprise resource planning (ERP) system . ERP systems are cross-functional integrated systems consisting of software modules supporting operational activities such as accounting, control and human resources (Shehab et al. 2004). ERP systems were broadly implemented in many organisations to control diverse operations. ERP systems implementation implies new ways of designing functions, leads to new work procedures, changes job definitions and restricts flexibility in job tasks (Grabski et al. 2011). ERP systems are considered to be the most important and substantial IT infrastructure that interacts with the accounting functions in the last 15 years (Kanellou and Spathis 2013). ERP systems have implicit in their design a new institutional logic for controlling business and information (Gosain 2004). The IAF is one of the most interested functions in the IT infrastructure and its impact on the internal control system; therefore, it has been affected by ERP systems implementation.
Corporate governance is defined as “the system by which companies are directed and controlled” (Cadbury Report 1992, p. 15). Internal auditing is considered as an integral part of the corporate governance mosaic, which play a significant role in assuring an effective internal control system. The IIA (2004) recognises the role of internal auditing in corporate governance. It asserts that the internal audit activity brings “a systematic, disciplined approach to evaluate and improve the effectiveness of risk management , control and governance processes” . This book focuses on the corporate governance rules and regulations related to the IAF and the role of the IAF in contributing to the governance process through assuring the internal control system, where internal controls promote efficiency , reduce risk of asset loss and help ensure the reliability of financial statements and compliance with laws and regulations (COSO 2011).
The expanding opportunities for the IAF have been highlighted through the increased interest in better corporate governance practice (Ebaid 2011). This claim is supported by real-life cases which elucidate clearly the implications of underestimating the role that the IAF can and should play (Boyle et al. 2012). The series of corporate collapses such as Enron and WorldCom resulted in a growing number of rules and regulations that made a radical redefinition of the nature of the internal control linking it with the concept of risk. These risks are managed through accountability mechanisms, such as financial reporting , internal control and internal auditing (Sarens and Christopher 2010). The increasing public interest in corporate governance has motivated organisations to strengthen their IAF (Radu 2012). Egypt code of corporate governance (2005, p. 12) defines the aim of the IAF as “laying down systems for evaluating the means, methods and procedures of risk management within the corporation and for soundly implementing the rules governing corporate governance”. The Egyptian code does not refer explicitly to the concept of internal control, unlike the codes of corporate governance in the UK and other countries.
Changes in the IAF have been broadly discussed in the literature (e.g. Boyle et al. 2012; Robson et al. 2007). Certainly, internal auditing has attracted the attention of the other governance actors (board of directors , audit committees and external auditors) who face external pressures for assurance about corporate governance practice. Internal auditing is receiving more attention than ever before (Boyle et al. 2012; Carcello et al. 2005). However, despite the progress in the theoretical and empirical efforts to study IAF changes , in the governance and IT contexts and despite the consensus that asserts the role of the IAF as an actor in helping to tackle governance problems, there are important areas which have been overlooked and that need attention from both scholars and practitioners.
1.2 Knowledge Gap Addressed by the Book
The importance of having a sound internal control system has driven organisations to review their expectations of the IAF (Radu 2012). Legislative and professional responses to financial scandals have highlighted internal auditing as a key function to support internal controls, risk management and corporate governance processes ; therefore, there are institutional pressures on organisations to maintain a developed IAF (Arena et al. 2006). Academic research as discussed by Gramling et al. (2004) has identified the IAF as being one of the cornerstones of corporate governance. Current auditing practice is criticised, and particular perceptions are formed concerning the necessity for improved internal auditing practice (Kotb and Roberts 2011).
Although the role of IT in organisations is perceived differently among different studies, the belief that IT is the motivator for change dominates in the information research community (Caglio 2003; Orlikowski 1992). Nevertheless, the focus of the relevant literature has been on ERP systems in general; there is limited published scientific evidence on the implementation of ERP and its effects on accounting or auditing in particular (Sutton 2006; Granlund and Malmi 2002). ERP systems have significantly changed methods of business data collection, storage, dissemination and use. ERP systems could act as a catalyst for IAF adaptation through affecting the internal control system within organisations. While the internal control objectives remain the same, the mechanisms of control are changed by implementing ERP systems. The traditional IAF, which looks only for errors, is insufficient after ERP systems implementation (Kanellou and Spathis 2011; Madani 2009). The traditional boundaries of internal auditing are challenged as ERP systems complicate the IAF (Saharia et al. 2008). The IAF needs to be revamped with the emerging technology, and its relationship with all other parties also is affected (Paape et al. 2003).
With this level of acknowledged ambiguities and difficulties in mind, scholars repeatedly point out the inevitable need to adapt the IAF; otherwise, its legitimacy might be threatened because of the growing complexity of the IT and governance demands. After ERP systems introduction, internal auditing is particularly laborious and the requirement for automation of auditing tasks was never more urgent (Tryfonas and Kearney 2008). The ERP systems’ control principle could force auditors to change their way of conducting audits. They reassess their audit models and move towards a business process and IS control orientation. Auditing after ERP systems implementation is a very complex task as it needs a high level of technical knowledge and internal control becomes too difficult to be assessed by traditional auditors (Hunton et al. 2004). It is essential for professional groups such as internal auditors to constantly update their knowledge and skills to maintain a grasp of their field or extend their expertise into new fields (Abbott 1988). This professional development might include gaining some knowledge and skills of other professional groups (Caglio 2003). Given that specialised IT knowledge is not traditionally part of the education for the internal auditors, this might encourage non-auditors to take over some of the internal auditor’s role, especially after ERP systems introduction.
In order to play a key role in corporate governance, the IAF needs to establish credibility and maintain legitimacy by demonstrating its capabilities for adding value. ERP systems give auditors a chance to look at how audit is performed and make improvements. In accordance with institutional theory (DiMaggio and Powell 1991; Meyer and Rowan 1977), failing to be equipped to respond to new challenges leads to legitimacy problems (Power 2003). As confirmed by Suchman (1995), threats to legitimacy cause problems in gaining, maintaining or repairing legitimacy. In the case of the IAF, failing to assure the effectiveness of internal controls would lead to legitimacy problems for auditors. Internal auditors and organisations are likely to be particularly interested in the role that adaptation may play in legitimising itself and its IAF in comparison with others. Therefore, investigating the adaptation at the individual organisational level may reflect not only considerations of efficiency and effectiveness, but also position the IAF in relation to other professions and other organisations.
Internal auditing practice is social constructions , where agreement among professionals is essential before something can be counted as legitimate practice by the profession. However, there is no agreement in the literature regarding the drivers for IAF change or the nature of the IAF adaptation after ERP system introduction.
ERP systems have an embedded logic that gives rise to new legitimisation rules which are then enacted as new practice and positions (Gosain 2004). Thus, the way of working suggested by ERP functionalities may lead to the redefinition of the rights and obligations of internal auditors. With the implementation of ERP systems, the positions of professional groups should not be considered as fixed (Caglio 2003). This may represent an opportunity for organisational actors to extend their knowledge to strengthen their professional legitimacy . However, such professional development may be matched by a movement in the opposite direction. Internal auditors may have to face the erosion of their preserve by other competing professional groups, and the extent of this erosion depends on their ability to protect their occupational jurisdiction. Therefore, this book tries to explore the ambiguous and often inconsistent consequences for internal auditors deriving from the introduction of ERP systems.
Although there is considerable literature on the potential impacts of ERP systems on audit (Kanellou and Spathis 2013; Grabski et al. 2011; Madani 2009; Saharia et al. 2008; Hunton et al. 2004; Spathis and Constantinides 2004), there is a scarcity of information on the key drivers of audit change (Robson et al. 2007) and the nature and direction of that change.
To date, research has pointed out the increased importance of the internal audit after ERP systems implementation. For example, Spathis and Constantinides (2004) find that the only notable change in accounting practice is related to the increased use of the IAF . Moreover, Kanellou and Spathis (2013) find that ERP systems often result in improved internal audit.
The insights gained to date have a number of limitations. First, there have been no previous studies that address the internal auditing adaptations as a response to ERP systems implementation (Kanellou and Spathis 2011). Second, most of the studies regarding the IAF and ERP systems have taken place in the developed countries such as the USA and the UK (Kholeif et al. 2007; Ebaid 2011), while ignoring developing countries where there is growing attention to the corporate governance process and a diffusion of ERP systems. ERP built-in practice and logic are derived from developed countries and so are not necessarily appropriate for developing countries, but the previous literature has not explored this issue (Soh et al. 2000). Finally, according to Abdolmohammadi and Boss (2010), studies have focused on addressing the changes in external auditing , while very few are driven by the internal audit view.
The IAF adaptations after ERP systems implementation are an under-researched area that requires more attention (Grabski et al. 2011; Kanellou and Spathis 2011, 2013; Nwankpa and Datta 2012). Moreover, Grabski et al. (2011) suggest that there is a lack of a strong theoretical base in ERP studies. However, there are different levels of analysis in research on ERP systems offering interesting new insights. Mignerat and Rivard (2009) suggest that there is room for contributions by applying institutional theory at sub-organisational levels such as groups, departments and functions. Therefore, the book responds to institutional theorists’ calls to understand how ISs contribute to functions change and stability.
Consistent with recent studies (e.g. Grabski et al. 2011; Kanellou and Spathis 2013) and based on the literature analysis, this book finds a continuing need to bridge a knowledge gap stemming from the lack of a multilevel lens that explores the macro- and micro-institutional pressures on IAF adaptation. It is found that the field lacks in particular an empirically verified lens that can offer an in-depth understanding of the pressures that are associated with the IAF change and the nature of needed adaptations. Moreover, Rose and Kræmmergaard (2006) suggest that a research focus on change and actors’ perceptions of evolving conditions is likely to reveal new and challenging insights and contribute to AIS research .
1.3 The Purpose and Objectives of the Book
The purpose of this book is to explore, through using the institutional theoretical lens, the adaptation in the IAF’s practice and structure as a response to the new control assumptions carried by ERP systems and the increased IAF-related governance pressures , in order to maintain its legitimacy. The book aims to add to our knowledge of how ERP systems motivate adaptation in the IAF to maintain the acceptability of its role by its stakeholders as a corporate governance actor. This should contribute to our understanding of these issues and the development of a frame of references, which can be used to support the IAF adaptation .
The specific objectives of the book are:
-
To critically review the ERP literature related to the accounting and auditing field with particular focus on the IAF and to identify and evaluate governance factors influencing the IAF
-
To design an appropriate theoretical research framework
-
To make an informed decision about the appropriate research methods and analytical tools to be adopted
-
To verify the framework within the practical arena and to provide a novel contribution to the domain of ERP systems and IAF.
The book addresses one overarching issue:
How does the IAF respond to the external governance pressures and the internal ERP systems’ logic pressures in order to maintain its legitimacy as a governance mechanism?
This is broken down into a number of subsidiary issues:
-
RQ1. What is the macro-governance pressure associated with the IAF and how do these pressures direct the IAF practice and structure in the sub-organisational level?
-
RQ2. What are the control assumptions of ERP systems that have impact on the IAF and how do the participants perceive these assumptions?
-
RQ3. How has the alignment between ERP systems logic and governance been made?
-
RQ4. How does the IAF adapt after ERP system introduction and how does this relate to the governance pressures?
-
RQ5. How do these adaptations affect the legitimacy of the IAF?
1.4 Significance and Scope of the Book
Prior studies tend to agree about the need for IAF change after ERP systems implementation; however, no sufficient evidence has been revealed about the nature and direction of the required adaptation in the practice and the structure of the IAF . This book is expected to fill a gap that exists in prior research related to governance, ERP systems and the IAF. It makes a significant contribution to the academic IS and accounting literature as it addresses a topic that is timely and of interest not only to academics, but also to the audit practice community. It is a topic that has generated considerable discussion in both environments, as organisations spend major portions of their budgets on ERP systems and want to improve their governance process.
This book contributes to the knowledge of the relationship between ERP and internal auditing, which will be of value to any organisation considering ERP systems implementation and needing to know what are the proper internal audit practice and structure . Moreover, educational institutions will be interested in the results of this book as it will investigate the qualities which are required in the internal auditors in the ERP-based organisations. Regulators who issue the standards followed by internal auditors will benefit as well. Practitioners also need to know the kind of training, skills and knowledge they require before working in ERP-based organisations. Furthermore, the results of this book provide stimulus for consequent research in the field in order to further examine and account for the internal auditing benefits that can occur from ERP systems implementation as well as the effect of these benefits on the governance process.
This book contributes to the academic field through offering an empirically validated theoretical frame to analyse and explore the pressures affecting the IAF. Previous studies have failed to produce a multilevel holistic framework to understand the role of the macro- and micro-factors impacting the IAF arrangement. This book offers a lens to explore these factors and simultaneously produces a novel multifaceted framework for analysing the unsolved issues in the field. The book also contributes to advancing the field theoretically, practically and methodologically.
The scope of this book is restricted to the study of one particular mechanism of corporate governance (the IAF) and one particular information system (the ERP system) in one developing country (Egypt).
1.5 Structure of the Book
The remainder of the book is structured as follows. The next chapter provides a critical review of the literature on accounting, auditing, corporate governance and ERP. It evaluates previous studies that have focused on the intersection between the fields of accounting and information systems . Chapter 3 discusses the legitimacy of internal auditing practice. It concludes by identifying gaps in the literature that are addressed by the book.
This is followed by Chap. 4, which presents the conceptual framework and discusses its main concepts, factors and sub-factors. The evolution of the framework is described to show its theoretical roots. The framework is based on the findings from the literature and the pilot stage.
The interpretive approach for data collection and analysis is discussed in Chap. 5. It identifies the research paradigm and links it with the research design. It also explains and justifies the research methods used to select the cases and to collect and analyse the data.
Chapters 6–9 present the findings from the analysis of the individual case studies, while Chap. 10 provides a discussion of the findings from the cross-case analysis and highlights the lessons that emerged from the main findings of the book.
The final chapter draws a conclusion and discusses the theoretical, practical and methodological contributions of the book. It ends with a discussion of the limitations of the book and identifies areas for further study.
References
Abbott, A. (1988). The system of professions: An essay of the division of expert labor. Chicago, IL: University of Chicago Press.
Abdolmohammadi, M., & Boss, S. (2010). Factors associated with IT audits by the internal audit function. International Journal of Accounting Information Systems, 11(3), 140–151.
Arena, M., Arnaboldi, M., & Azzone, G. (2006). Internal audit in Italian organizations. Managerial Auditing Journal, 21(3), 275–292.
Boyle, D. M., Wilkins, A. M., & Hermanson, D. R. (2012). Corporate governance: preparing for the expanding role of the internal audit function. Internal Auditing, 27(2), 13–18.
Caglio, A. (2003). Enterprise resource planning systems and accountants: Towards hybridization? European Accounting Review, 13(1), 123–153.
Carcello, J., Hermanson, D., & Raghunandan, K. (2005). Changes in internal auditing during the time of the major US accounting scandals. International Journal of Auditing, 9, 117–127.
Committee of Sponsoring Organizations of the Treadway Commission (COSO). (2011). Internal control-integrated framework. New York: Coopers and Lybrand.
DiMaggio, P. J., & Powell, W. W. (1991). ‘The iron cage revisited: institutional isomorphism and collective rationality’. In W. W. Powell and P. J. DiMaggio (Eds.), The new institutionalism in organizational analysis. Chicago: University of Chicago Press [Originally published (1983), American Sociological Review, 38, 147–160].
Ebaid, I. E. (2011). Internal audit function: An exploratory study from Egyptian listed firms. International Journal of Law and Management, 53(2), 108–128.
Gosain, S. (2004). Enterprise information systems as objects and carriers of institutional forces: The new iron cage? Journal of the Association for Information Systems, 5(4), 151–182.
Grabski, S. V., Leech, S. A., & Schmidt, P. J. (2011). A review of ERP research: A future agenda for accounting information systems. Journal of Information Systems, 25(1), 37–78.
Gramling, A., Maletta, M., Schneider, A., & Church, B. (2004). The role of the internal audit function in corporate governance: a synthesis of the extant internal auditing literature and directions for future research. Journal of Accounting Literature, 23, 194–244.
Granlund, M., & Malmi, T. (2002). Moderate impact of ERPS on management accounting: A lag or permanent outcome? Management Accounting Research, 13(3), 299–321.
Hunton, J. E., Wright, A. M., & Wright, S. (2004). Are financial auditors overconfident in their ability to assess risks associated with enterprise resource planning systems? Journal of Information Systems, 18(2), 7–28.
Institute of Internal Auditors (IIA) (2004). Internal audit consulting activity: Survey results. Available at www.theiia.org/gain/con2_results.html.
Kanellou, A., & Spathis, C. (2011). Auditing in enterprise system environment: A synthesis. Journal of Enterprise Information Management, 24(6), 494–519.
Kanellou, A., & Spathis, C. (2013). Accounting benefits and satisfaction in an ERP environment. International Journal of Accounting Information Systems, 14(3), 209–234.
Kholeif, A., Abdel-Kader, M., & Sherer, M. (2007). ERP customization failure: Institutionalized accounting practices, power relations and market forces. Journal of Accounting and Organizational Change, 3(3), 250–299.
Kotb, A., & Roberts, C. (2011). The impact of E-business on the audit process: An investigation of the factors leading to change. International Journal of Auditing, 15, 150–175.
Madani, H. (2009). The role of internal auditors in ERP-based organizations. Journal of Accounting and Organizational Change, 5(4), 514–526.
Meyer, J. W., & Rowan, B. (1977). Institutionalised organisations: Formal Structure as myth and ceremony. American Journal of Sociology, 83(2), 340–363.
Mignerat, M., & Rivard, S. (2009). Positioning the institutional perspective in information systems research. Journal of Information Technology, 24, 369–391.
Nwankpa, J., & Datta, P. (2012). Perceived audit quality from ERP implementations. Information Resources Management Journal, 25(1), 61–80.
Orlikowski, W. J. (1992). The duality of technology: Rethinking the concept of technology in organizations. Organization Science, 3(3), 398–427.
Paape, L., Scheffe, J., & Snoep, P. (2003). The relationship between the internal audit function and corporate governance in the EU—A survey. International Journal of Auditing, 7(3), 247–262.
Power, M. K. (2003). Auditing and the production of legitimacy. Accounting, Organizations and Society, 28(4), 379–394.
Radu, M. (2012). Corporate governance, internal audit and environmental audit—the performance tools in Romanian companies. Accounting and Management Information Systems, 11(1), 112–130.
Report, Cadbury. (1992). The report of the committee on the financial aspects of corporate governance. London: Gee & Co.
Robson, K., Humphrey, C., Khalifa, R., & Jones, J. (2007). Transforming audit technologies: Business risk audit methodologies and the audit field. Accounting, Organizations and Society, 32, 409–438.
Rose, J., & Kræmmergaard, P. (2006). ERP systems and technological discourse shift: Managing the implementation journey. International Journal of Accounting Information Systems, 7(3), 217–237.
Saharia, A., Koch, B., & Tucker, R. (2008). ERP systems and internal audit. Issues in Information Systems, XL, 2, 578–586.
Sarens, G., & Christopher, J. (2010). The association between corporate governance guidelines and risk management and internal control practices. Managerial Auditing Journal, 25(4), 288–308.
Shehab, E., Sharp, M., Supramaniam, L., & Spedding, T. (2004). Enterprise resource planning an integrative review. Business Process Management Journal, 10(4), 359–386.
Soh, C., Kien, S. S., & Tay-Yap, J. (2000). Cultural fits and misfits: Is ERP a universal solution? Communications of the ACM, 43(4), 47–51.
Spathis, C., & Constantinides, S. (2004). Enterprise resource planning systems’ impact on accounting processes. Business Process Management Journal, 10(2), 234–247.
Suchman, M. C. (1995). Managing legitimacy: Strategic and institutional approaches. Academy of Management Review, 20, 571–610.
Sutton, S. G. (2006). Enterprise systems and the re-shaping of accounting systems: A call of research. International Journal of Accounting Information Systems, 7, 1–6.
Tryfonas, T., & Kearney, B. (2008). Standardizing business application security assessments with pattern-driven audit automations. Computer Standards and Interfaces, 30(4), 262–270.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2017 The Author(s)
About this chapter
Cite this chapter
Elbardan, H., Kholeif, A.O. (2017). Introduction. In: Enterprise Resource Planning, Corporate Governance and Internal Auditing. Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-319-54990-3_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-54990-3_1
Published:
Publisher Name: Palgrave Macmillan, Cham
Print ISBN: 978-3-319-54989-7
Online ISBN: 978-3-319-54990-3
eBook Packages: Economics and FinanceEconomics and Finance (R0)