Importance of Internal Audit in Compliance

Introduction

Internal audit provides independent assurance that the governance, risk management, and processes of internal control are effective in their operation (Pizzini and Ziegenfuss, 2014). The procedure is objectively conducted and designed so as to improve and mature the business practices of an organisation. The procedure further provides insight into the policies, culture, and procedures of an organisation and further aids in management and board oversight through verifying internal controls like risk mitigation, operating effectiveness, and further compliance with relevant regulations or laws (Soh and Martinov, 2015). In today`s corporate world, compliance is a large as well as an increasing focus area, and more relevant than ever before (Wheelen et al., 2017). As such, in utilising the optimal resources in the management of compliance risks strategically, internal audit becomes a vital tool. As such, this project is focused on determining through explanatory research approaches, the effectiveness of internal audit in managing compliance risk. In the modern economic world, governance regulatory and compliance has become a challenge to many businesses. New laws and regulations are generated daily with aim of ensuring that business increases their level of transparency, professionalism, and objectivity (Roussy, 2013). Businesses are increasingly elevating the process and platforms they need to enhance compliance with regulations. For purposes of effective and efficient regulatory compliance management in an organization, the roles of integrated governance in the key management functions especially the legal, risks, compliance and internal audit must be completely understood and enabled. Based on the fact that there are very many regulations within each country, legislations vary from one organization to the other depending on the kind of industry, business imperatives and the nature of the organization. Knechel & Salterio (2016), state that, every organization is tasked with the role of identifying the emerging legislation which is relevant to its field of operation and ensures risk that may be associated with the legislation are well assessed and understood by the board and management. The risk that may arise from non-compliance to key legislation can be very damaging and costly to an organization in general. The consequences of non-compliance range from fines, penalties, imprisonment, and withdrawal of license to reputational risks (Arvidson & Lyon, 2014). Residual risks that are related to any legislation mostly remain high until the time the organization implement measures that effectively mitigate the arising risk due to non-compliance requirements mostly due to new policies and legislation.

Research questions

To which extent does internal audit provide assurance to the management that a strong control environment exists that mitigates compliance risks sufficiently?

How does internal audit facilitate regulatory compliance through enhanced compliance with internal regulations, policies, and procedures?

How effective and efficient is an internal audit on the identification and assessment of compliance risk?

Objectives

1. To explore the literature on internal audit and compliance risk management.

2. To determine the effectiveness and efficiency of internal audit on the identification and assessment of compliance risk.

3. To establish how internal audit facilitates regulatory compliance through enhanced compliance with internal regulations, policies, and procedures.

4. To determine the extent to which internal audit provides assurance to the management that a strong control environment exists that mitigates compliance risks sufficiently.

Literature Review

Internal audit is an objective, independent consulting and assurance practice that is designed to improve and add value to the operations of an organisation (Alzeban & Gwilliam, 2014). It assists an organization to accomplish its objectives by creating a disciplined platform to assess and increase the effectiveness of risk management, organization’s governance, and control (Ege, 2014). Compliance risk is the exposure to penalties related to failure to conduct its operations in accordance with the industry best practice and internal policies. Compliance regulations ensure that firms are operating ethically and fairly and as such compliance risk is also called integrity risk (Lenz, Sarens, and D'Silva, 2014).

The Effectiveness and Efficiency of Internal Audit in the Identification and Assessment of Compliance Risk.

An organisations internal audit team and even internal auditor cannot have any operational responsibility to achieve this objective (George, Theofanis, and Konstantinos, 2015). By providing a view that is both unbiased and independent, the function of internal auditing is able to add value to an organisation. It is possible for an organisation to receive assurance that it is on the right path through objective reviewing of an organisations policies and procedures. Through continuous monitoring and review of an organisations processes, it is possible to identify control recommendations and as such improve the effectiveness and efficiency of the processes (Unegbu and Kida, 2011). This, in turn, allows an organisation not to be dependent on people but on the process. Internal audit also improves the control environment of an organisation through assessment of operating effectiveness and efficiency. For the achievement of a firm, it should consistently adjust to nature in which it works and makes strides. This is the main way that organizations can keep up development and gainfulness (George, Theofanis, and Konstantinos, 2015). There is no space for wastefulness or lack of concern because of aggressive weights. The nature of items and administrations and the client mind around them all should be hearty to keep up certainty and steadfastness. Those in charge of administration should thusly guarantee that their risk management, administration and inside control courses of action are suitable for the business (Elbardan, Ali and Ghoneim, 2015). Internal audit programs assist stakeholders and even the management of organisations through identifying and further prioritising risks through a risk assessment that is systematic. Risk assessment aids in the identification of gaps within the environment and even creates an enabling environment for remediation plans to take place. A good internal audit program will help in tracking and documenting changes made to the environment and further ensure mitigation of any risks encountered. Compliance ensures that business process, practices, and operations are in accordance with the prescribed set of rules (Zaman & Sarens, 2013). The evaluation of internal audit effectiveness in risk compliance is vital to analyses the concept of internal audit and its evolution. The definition stated that internal auditing is an objective assurance, independent and consulting activity that was meant to improve the value to an organization's activities. The auditing assists a business to accomplish its goals by creating a disciplined platform, systematic and increase the effectiveness of management of risks, governance management, and control. This created a new understanding which saw the internal auditing to be seen as both consulting and assurance activities that are needed to add value to an organization. This evolution of internal auditing activities indicates that the work of internal auditor is not to perform assurance functions only but also must add value to the activities of the audited business organization (Davidson et al., 2013). The increasing relevance of internal auditing and the evolution of its roles in an organization has raised the issue of efficiency and effectiveness of internal audit. Herath & Herath (2014), postulate that internal auditors have the role of performing a risk assessment on behalf of the organizations with reference to the best practice industry standard and providing improvement recommendations. They also review the existing processes to determine whether the board of the organization has considered key threat that is created by the rapid evolution in the digital era (Abomhara & Køien, 2015).

In compliance, the internal auditing team evaluates the ability of the organization to respond to any notable phenomenon of noncompliance (Institute of Internal Auditors, 2007). They also assess the approach by the organization in managing its global compliance activities which are not limited to integrating of a newly merged or acquired organization (Alles et al., 2018). Nevertheless, the internal auditing team should be able to review compliance training conferences and workshops that are offered to employees and stakeholders to assess the effectiveness for the respective roles. As per Yee et al., (2017), for internal audit to be effective, it should conduct a gap assessment of the business anti-bribery and corruption procedures.

Internal Audit Facilitates Regulatory Compliance through Enhanced Compliance with Internal Regulations, Policies, and Procedures

When it comes to legislation compliance, the internal audit takes the role to facilitate regulatory compliance through enhanced compliance with internal regulations, policies, and procedures. (Badara & Saidin, 2013). It is responsible for revising the effectiveness and adequacy of the functions of controls implemented by the management to ensure there is total compliance with legislation (Leung, Cooper and Perera, 2011). In order to conduct a compliance review, the internal audit should ask; what are some of the pieces of regulation should be reviewed? What new regulations are being put in place? And what new platforms are being put in place to ensure compliance with the regulations? To ensure compliance, the internal audit maps the regulation to the existence of a legislation or a policy and creates a risk map (Mock & Turner, 2013). They also audit the internal compliance risk rating that has undergone changes mainly where residual rating indicates improved control (Stewart and Subramaniam, 2010). For the review, internal auditors validate the existing controls, a monitoring plan which indicates the business unit compliance, additional controls which are associated with rise in new regulations and amendments and lastly the validate provide knowledge of the responsible parties when it comes to the compliance of one regulation or the other depending on the affected parties (Lenz and Sarens, 2012). The internal audit assesses the effectiveness and adequacy of the compliance process, structures, and systems while highlighting the associated risks as well as key weakness in terms of regulatory compliance (Mebratu, 2015). It is also the task of the internal audit to make a recommendation to the management and the respective boards to make corrections and take actions where possible in order to evade risk that can be associated with noncompliance. The main role of internal auditing is to provide objective assurance to the board of an organization as per the enterprise-wide risk management (Endaya & Hanefah, 2013). Research indicates that internal auditors and management board have come to a conclusion that internal auditing can only increase organization's value by availing the objective assurance that the most vulnerable risks of the organization are being appropriately handled.

The Extent to Which Internal Audit Provides Assurance to the Management That a Strong Control Environment Exists That Mitigates Compliance Risks Sufficiently

It is the role of the internal auditing to provide consulting services that upgrade the ability of an organization to manage, governance, as well as the control process (Soh & Martinov, 2015). The internal auditor's extent to consult with the enterprise-wide risk management usually depends on the availability of resources to the board and the risk maturity of the organization, which is likely to change with seasons. When the organization's risk maturity increase, the ability to manage risks become more embedded to the activities of the organization and the internal auditing roles in the enterprise-wide risk management may reduce (Sadgrove, 2016). In some cases, if the organization make a decision to employ a specialist in the management of risks, the internal audit is more likely to give the value by emphasizing on their role of assurance as compared to employing more consulting operations. To ensure the maximum value of the auditing sector, internal auditors have the role to report directly to the auditing committee chair. To ensure assurance to the organization management that there is a strong control environment to mitigate risks, the internal audit comes with consulting roles such as ensuring that management tools and techniques that are utilized in auditing while analysing risks and control are available, secondly is to introduce the enterprise-wide risk management to the organization, thirdly is the providing advice, teaching the employees of the firm risk control and management and promoting existence of a common language, understanding and framework (Hematfar & Hemmati, 2013). Moreover, the internal auditing should be able to act as a central point in coordinating, reporting and controlling risk as well as supporting managers within an organization in identifying the best ways to mitigate any arising risks (Louwers et al., 2015). To determine whether the consulting services are compatible with the assurance role it is good to assess if the internal auditing assumes the responsibilities of management (Reding et al., 2013). For the auditing section to assure a strong control environment to mitigate risk, they have to set strategies. For risk managed and risk enabled organizations, the conclusion of the maturity of a risk is the first step in providing an assurance on the management of the risk process. Other strategy includes the reporting of key risk in time as well as managing of risks. The internal auditing should be able to provide assurance in all areas pertaining to risk (Kaur et al., 2013). In order to provide assurance, the auditing section should assure the board of directors in an organization that risk control processes are working based on the standards and objectives that have been previously set. In cases where there are a joint management risk and an internal audit function, it is vital for the internal audit to observe integrity.it is the role of the board of directors to understand that the internal audit needs to have its own view in order to enable it to focus its own audit plan on the organization activities which are vulnerable to high risk. Sadgrove (2016) state that, the auditing team should be able to alert the board if the risk appetite, as well as the risk culture, are not in line with the risk universe of the organization.

Summary and Research Gap

Internal auditing is an objective assurance and consulting practice that is independent which is meant to improve the value of an organizations activities and operations. It acts as a catalyst in the management of risk and governance in the institution by providing the best recommendation meant to curb risks as well as managing them. Currently, there is more research on the effective and the efficiency of the activities of internal audit, how the internal auditors provide assurance to the management that there is a strong control environment to mitigate compliance risk, as well as how the internal audits facilitate regulatory compliance. With all the roles of the internal auditing team and the existing research, there is a gap in the independence of independence and authority of internal auditors mainly in local government organizations. The head of the internal auditing department should be able to have sufficient authority to create independence for the auditing team, ensure broad coverage of the audit and well considerations in the audit reports. In addition, there is a research gap in the assessment of the internal auditor's technical competence. With the evolution of information technology, the use of the latest information technology auditing software by internal auditing team is in question. This could interfere with risk determination and deliverance of services which include non-compliance resulting in a bad loss to an organization. There should be a frequent training and conferences to train internal auditors on the use of internal auditing software and devices.

Methodology

A descriptive survey research design was used in this study. In this study, both open ended and closed ended questionnaires were used so as to provide a representative sample from different organisations.

Sample design

Population

The population of the study was composed of managers and stakeholders of different organisations.

Sample size and sampling procedure

23 managers made up the sample size, these are managers working in different organisations. The simple random sampling procedure was used.

Instrumentation and pre-testing

On the basis of the background information of the respondents and research objectives, questionnaires were developed from the literature review and organized. This was done so as to ensure that the research problem was relevant. Pre-testing was used to refine the questionnaire design and identify errors, which may only be apparent to the population concerned (McGuirk and O`Neill, 2016). Those questionnaire used in pre-testing should be as similar as possible to the final group and should take place in conditions similar to those of the actual questionnaire administration. Employees used for pre-testing were excluded from the final sample.

Data analysis and presentation

The data that was obtained from this study was coded and subsequently fed into computers. The data was then subjected to statistical analysis through Microsoft Excel. The results of the analysis were presented in tables and charts. Descriptive statistics in the form of percentages were used in summarizing the raw data.

Findings and Data Analysis

In this section, the findings as presented by the gathered data is presented. Data is also analysed using descriptive statistics. Also, the research explains the meaning of the analysis data. The explanation provided regarding the analysed data and the findings is what has been used as a guide for the discussion section that follows.

Demographic information

Four question were used to gather the demographic information of the research subjects. This data has been analysed as follows;

Gender

The respondents were asked to state their gender and the following are the results;

Represented graphically, this information is as follows;

This information concerning the gender of the representatives was essential in that it showed the representation of the gender bias of the study. From the findings shown above, it is clear that more female respondents (61%) than male respondents (39%) were involved. The meaning of this is that the study was gender bias considering that significantly more males were involved. This, however, is because the study used a random sampling technique in which the gender of the participant was not an inclusive factor but rather volunteer respondents were selected based on their availability. Therefore, the gender bias revealed does not affect the credibility of the findings of this study.

Management level

This study required the respondents to reveal their management level positions and the findings are as follows;

According to the data represented above, among those selected as respondents, 57% of them held positions as middle-level management. 26% of these respondents held a senior management level of 17% were in junior management. The instructions of the questionnaire were that either a staff of a management staff would respond. The fact that this study only selected management staff is an advantage considering the focus of the research. The study focuses on the management of compliance risk using the internal audit as a tool. Thus, gathering view from the management staff increases the credibility of the results supposedly because assumptions, this category of the staff have more knowledge and experience regarding the management of compliance risk and the role of internal audit in the organisation. The 26% representation is also essential to the credibility of the findings considering that this category of organisation staff has a crucial role in the governance and compliance of an organisation. The 17% representation of the junior managers indicates that a lesser number of respondents had minimal or limited knowledge regarding compliance risk.

Education background

The respondents were required to state their education backgrounds the following are the results for this question;

Based on the information represented graphically above, it is clear that all the respondents had an education background of at least college level. The largest number of the respondents (61%) had an education background of postgraduate. 26% of the respondents had a university undergraduate degree and on 13% of the respondents has a college certificate or diploma. The essence of this information was to determine whether the respondents had the minimal required knowledge to respond to the questions. It is clear that all had an education that ascertains that they all understood the questions and as such responded appropriately.

Company

The study required the subjects to state the type of organisation they represented. The types were narrowed down into public and private and the following are the results to this question;

From the information presented, it is clear that 70% of the organisations represented by the respondents were private companies while 30% are public companies. The importance of this information is that both public and private organisations are involved in the study. Have a 70% representation of the private companies was advantageous for this study considering that , compliance issues, which is the focus of this study, are critical to the establishment and governance of private companies. Public companies also are vastly affected by compliance issues. Therefore the inclusion of both contributes positively to the credibility of the findings of this study.

Research questions

The study’s research questions and objectives were covered by three categories of questions in the questionnaire. The three sets of questions were headlined;

Identification and assessment of compliance risk

Evaluation and assurance

Compliance risk management

The questions provided under each category were required to help the respondent to show how internal audit serves or does not serve as a compliance risk management tool. The results are presented below;

Identification and assessment of compliance risk

Using three questions the respondents were required to indicate the level of agreement or disagreement with a statement provided under each question to determine whether or not internal audit as a tool can be used in the identification and assessment of compliance risk. The results are as follows;

The data above shows that the largest number of the respondents (64%, m=14.67) reported that they agree that internal audit as a tool of compliance risk management in an organisation is effective and efficient in the identification and assessment of compliance risk. Likewise, (28%, m=6.33) reported that they strongly agree. In total, therefore, 92% of the respondents stated that they agreed that internal audit is effective in the identification and assessment of compliance risk in an organisation. It is important to mention that 6% of the respondents stated that they don't know, however, this percentage is insignificantly low. The results support the data gathered through the interview. Five managers interviewed were asked to state what they thought about employing internal audit and the effectiveness in the identification and assessment of compliance risk. The following are their responses; Yes, I believe an internal audit helps an organisation identify gaps in the policies and procedures that are being employed. I think a regular internal audit helps identify issues with operations, management, and compliance. Regular internal audit reveals weaknesses in time allowing correction Regular audit is effective in revealing areas of non-compliance Operation control. A regular internal audit reveals the state of the control and this is important information in the management of compliance risk

Evaluation and assessment

In this category, two statements were used and the respondents were required to state their level of agreement or disagreement. The following are the results.

As shown in the above table, it is evident that a majority of the representative (52%, m=12) agree that as a compliance management tool, internal audit is effective in the evaluation and assurance of compliance risk. Also, 37% (m=8.5) strongly agree that the tool is effective in evaluation and assurance. Only 9% (m=2) reported that they don’t know while 2% stated that they strongly disagree that internal audit is effective in the evaluation and assurance of compliance risk.

Compliance risk management

Under this category, five statement were used and the respondents were required to report their level of agreement or disagreement. The following are the results;

According to the results presented in the table above 49% (m=11.2) reported that they strongly agreed that internal audits are an effective tool of compliance risk management. 31% (m=7.2) reported that they strongly agreed. In total 80% of the respondents agreed that internal audit is effective and efficient as a tool of compliance risk management. 13%, however, reported that they don't know while 7% stated that they disagreed that compliance risk can be managed effectively by internal audit. Concerning the effectiveness of internal audit to manage compliance risk, the interviewees were asked two questions to gather data to determine whether it is effective. The first questions required the respondent to state the status of compliance in their organisations. The following are the responses;

According to the last internal audit, the organisation is fully Good. Policies and procedures are well laid out and constant divisional meetings are performed to ensure the policies are implemented Good Good. We have not had any non-compliance issues Good. We have not had any issues this year

The other question required the interviewee to state the last time they were charged with non-compliance issues and the following are the responses;

No, we are mostly focussed on ensuring that we are fully compliant Yes, 3 years ago. We had failed to fill taxes Yes, 4 years ago we suffered a huge financial loss and could not pay wages until later but we had already been charged. Yes two years ago, health safety issues. The organisation had not provided the employees with dust coats. No, we have never been charged

According to these responses, it is clear that the not a single organisation has had any issues with non-compliance at least in the last 2 years which.

Discussion

The main aim of this study was to establish whether the internal audit is an effective tool useable in the management of compliance risk in organisations. Employing a survey research design, the study employed questionnaires that were distributed to 30 organisations. The study employed a random sampling technique. Only 23 questionnaires were completed and returned back. Therefore, the data analysis above is primarily based on the data gathered in the 23 three research questionnaires. The main research question of this study was to determine whether internal auditing as a tool can be employed in the management of compliance risk. To respond to this research question, three categories of questions were prepared using sets of questions under each. The question was presented as statements in which the respondents were supposed to tick appropriately from the given list indicating the level of agreement or disagreement. These level were coded into letters as follows;

SA (Strongly Agree) A (Agree) DK (Don’t know) D(Disagree) SD(Strongly disagree)

The three categories were as follow;

Identification and assessment of compliance risk Evaluation and assurance Compliance risk management

Based on the findings, 92% (28%= strongly agree, 64%= agree) of the respondents reported that an internal risk is an effective tool for the identification and assessment of compliance risk. 89% (37%= strongly agree, 52%= agree) of the respondents reported that they agreed that internal audit is effective in the evaluation and assurance as a tool in compliance risk management. 80% (31%= strongly agree, 49%= agree) reported that they agree that an internal audit is an effective tool and strategy for the management of compliance risk in an organisation. Therefore, in general, the current study agrees that internal audit can efficiently and effectively be used as a compliance risk management tool. According to the observations made through the interviews, it is clear that an internal audit is effective in the identification and assessment of compliance risk. All the five interviews agreed that conducting a regular internal audit is effective in identifying issues that are related to compliance and other forms of risks. From the responses provided by the interviews, the keyword that all insisted on is regular. Based on the responses provided conserving the regularity that internal audit is performed, it is clear that in the organisations of the managers that were involved, internal audit is regularly performed stating intervals of semi-annual, quarterly and monthly. The interviewees reported that an early identification of issues that may result in compliance risk is what enables the organisations to correct non-compliance in time. The interviews also revealed that organisations employing regular internal audit move from several years of being charged to not having any issues at all. From the data, it is evident that all the managers responded that at the time of interviewing, their organisations had a good status for compliance. Then the most recently charged organisation for non-compliance based on the data is two years ago. In fact, in two of the organisation, they reported having never been charged for non-compliance. The results from an interview support the observation made by data gathered using the questionnaires The findings of the current study support the findings of other studies that have identified that the collaboration of compliance risk management and internal audit is useful in the management of compliance risk. Alzeban and Gwilliam, (2014) supported this theory by looking closely at the responsibilities and activities of these two. First, the study established that the main responsibility of compliance risk management is to enhance ongoing monitoring of controls and risk to support management. In support of this, an internal audit has identified as a tool that provides independent and objective assurance to the board and the management. In the research, Alzeban and Gwilliam, (2014) insisted that the activities of internal audit are an evaluation to assess the effectiveness of the internal controls, reporting about the effectiveness of the first lines of defence and lastly in the provision of assurance of the effectiveness of risk management and governance. In this line, the research stated that compliance risk management has three activities which are to assist the management to the development and design of controls and process, evaluation to assess the intended performance of the controls and to inform the management about the issues emerging and the changes in risk. In line with the results, the current study examined various aspects of compliance risk management that are associated with the internal audit. The study introduced the aspect of the identification of compliance risk. Brannen (2017) defines compliance as the threat that is posed to an organisation’s organisational, financial, and reputational standards that comes from the violation of regulations, laws organisational standards of practice and the codes of conduct. When exploring the aspect of compliance risk identification, the current study assumes that it is impossible to control or manage compliance risk unless there is adequate information regarding its presence. Regarding this, therefore, it means that when an internal audit is performed, the performance and effectiveness of control are revealed and therefore risk management can effectively be performed.

Organisation ethics and compliance professional will probably concur that new ethics, compliance, and reputational risks are seen and every day. These variables have made a strain between developing administrative commitments and the strain to accomplish more with less. To help settle this circumstance and keep on adding an incentive to their organisations, compliance and ethics experts should make certain they comprehend the full range of compliance risk sneaking in each piece of the organisations. They at that point need to evaluate which risks have the best potential for lawful, money related, operational, or reputational harm and designate constrained assets to relieve those dangers. Organisations direct evaluations to distinguish diverse kinds of compliance risks. For instance, they may direct enterprise hazard appraisals to distinguish the vital, operational, money related, and compliance risk to which the association is uncovered. As a rule, the undertaking hazard appraisal process is centred on the distinguishing proof of "best the organization" risks – those that could affect the association's capacity to accomplish its key goals. Most firms also perform an internal risk assessment to help in the improvement of the inside review plan. A customary internal risk appraisal is probably going to consider money related articulation risks and other operational and consistence dangers. While both of these sorts of risk evaluations are ordinarily proposed to distinguish huge compliance related dangers, none is intended to explicitly recognize legitimate or administrative compliance risks. In this manner, while compliance risk appraisals ought to positively be connected with the venture or inner review chance procedures, they, for the most part, require a more engaged approach. This isn't to imply that they can't be finished simultaneously, or that they should be siloed endeavours. Most firms might have the capacity to consolidate the practices that help different risk evaluations, maybe following an underlying compliance risk establishment and assessment process.

Conclusion

In today's business world, the regulatory environment is constantly changing. Accordingly, therefore, many firms face increased vulnerability to compliance risk. This applies to all organisations whether they operate locally or internationally, or are private or public. The complexity of the penalties that are associated with non-compliance increases the need for thorough assessment by organisations on the compliance risk exposure. It is important to note that to achieve this, the firm requires a comprehensive framework for the evaluation and prioritization of risk. As a result, organisations can, therefore, develop effective risk mitigation strategies to reduce noncompliance events. Internal control is viewed as the primary part of the moral part of organisations. An internal audit is, therefore, a tool that can create business value through its ability to identify different types of risks in an organisation. In this particular study, it was established that internal audit has a significant role in the identification assessment of compliance risk and therefore a useful tool for managing compliance risk. The current study has recognised different aspects of an internal audit that facilitates its use as a compliance risk mitigator. First, there is the aspect of identifying and evaluating compliance risk. As has been identified, it is not possible for organisations to mitigate the risk that they are not aware that it exists. Therefore, regular performance of internal audit targeting the performance of the controls can effectively reveal the risk of non-compliance and therefore be in a position to mitigate it. Secondly, be the results of an internal audit, it is possible to develop a compliance risk management framework and methodology. In most organisations, as has been identified, it is not the absence of information regarding noncompliance that leads to penalties but rather a lack of developing effective and efficient methods of risk mitigation. Thirdly, following the effectiveness of compliance risk identification and the development of effective mitigation framework, it is, therefore, possible for the internal audit to be used as a tool to champion the assessment and establishment of non-compliance and therefore mitigate the compliance risk. Risk management and reporting processes and procedures are as important as the mitigation frameworks. Therefore, as has been established in the current study, the use of regular internal audits facilitates the development and assurance of such processes and procedures. In general, the current study concludes that the internal audit is an effective strategy for the assessment, evaluation, and identification of compliance risk. The consolidation of risk assessing and reporting processes and procedures has been established to be important in the management of compliance risk. The consolidation of these processes is achieved through an internal audit. A constant focus on regulatory compliance using the internal audit function is important in the introduction and promotion of compliance consciousness as a culture in all organisation. It is possible to enhance compliance of regulations and internal policies of an organisation through the involvement of internal audit. Lastly, through internal audit, the management, the stakeholders, and the board are provided the assurance in the administrative effectiveness. Internal audit enhances compliance through the fresh periodic re-examination to prevent redundancy and bad habits that may have developed over time in the organisation.

References

Abomhara, M. and Køien, G.M., 2015. Cybersecurity and the internet of things: vulnerabilities, threats, intruders and attacks. Journal of Cyber Security, 4(1), pp.65-88.

Alles, M., Brennan, G., Kogan, A., and Vasarhelyi, M.A., 2018. Continuous monitoring of business process controls a pilot implementation of a continuous auditing system at Siemens. In Continuous Auditing: Theory and Application (pp. 219-246). Emerald Publishing Limited.

Alzeban, A. and Gwilliam, D., 2014. Factors affecting the internal audit effectiveness: A survey of the Saudi public sector. Journal of International Accounting, Auditing, and Taxation, 23(2), pp.74-86.

Alzeban, A. and Gwilliam, D., 2014. Factors affecting the internal audit effectiveness: A survey of the Saudi public sector. Journal of International Accounting, Auditing, and Taxation, 23(2).

Arvidson, M. and Lyon, F., 2014. Social impact measurement and non-profit organisations: compliance, resistance, and promotion. VOLUNTAS: International Journal of Voluntary and Non-profit Organizations, 25(4), pp.869-886.

Badara, M.A.S., and Saidin, S.Z., 2013. Impact of the effective internal control system on the internal audit effectiveness at the local government level. Journal of Social and Development Sciences, 4(1), pp.16-23.

Byrnes, P.E., Al-Awadhi, A., Gullvist, B., Brown-Liburd, H., Teeter, R., Warren Jr, J.D. and Vasarhelyi, M., 2018. Evolution of Auditing: From the Traditional Approach to the Future Audit 1. In Continuous Auditing: Theory and Application (pp. 285-297). Emerald Publishing Limited.

Davidson, B.I., Desai, N.K. and Gerard, G.J., 2013. The effect of continuous auditing on the relationship between internal audit sourcing and the external auditor's reliance on the internal audit function. Journal of Information Systems, 27(1), pp.41-59.

Elbardan, H., Ali, M., and Ghoneim, A., 2015. The dilemma of internal audit function adaptation: The impact of ERP and corporate governance pressures. Journal of Enterprise Information Management, 28(1), pp.93-106.

Endaya, K.A., and Hanefah, M.M., 2013. Internal audit effectiveness: An approach proposition to develop the theoretical framework. Research Journal of Finance and Accounting, 4(10), pp.92-102.

Hematfar, M. and Hemmati, M., 2013. A comparison of risk-based and traditional auditing and their effect on the quality of audit reports. International Research Journal of Applied and Basic Sciences, 4(8), pp.2088-2091.

Kaur Johl, S., Subramaniam, N. and Cooper, B., 2013. Internal audit function, board quality, and financial reporting quality: evidence from Malaysia. Managerial Auditing Journal, 28(9), pp.780-814.

Leung, P., Cooper, B.J. and Perera, L., 2011. Accountability structures and management relationships of internal audit: An Australian study. Managerial auditing journal, 26(9), pp.794-816.

Lenz, R., Sarens, G., and D'Silva, K., 2014. Probing the discriminatory power of characteristics of internal audit functions: sorting the wheat from the chaff. International Journal of Auditing, 18(2), pp.126-138.

Mebratu, A.A., 2015. Internal Audit function and its challenges in public sector governance: Empirical evidence from Amhara National Regional State, Ethiopia. AshEse Journal of Economics, 1(1), pp.001-012.

Reding, K.F., Sobel, P.J., Anderson, U.L., Head, M.J., Ramamoorti, S., Salamasick, M. and Riddle, C., 2013. Internal Auditing: Assurance & Advisory Services. Institute of Internal Auditors, The IIA Research Foundation.

Soh, D.S. and Martinov, N., 2015. Internal auditors’ perceptions of their role in environmental, social and governance assurance and consulting. Managerial Auditing Journal, 30(1), pp.80-111.

Unegbu, A.O. and Kida, M.I., 2011. Effectiveness of internal audit as instrument of improving public Sector management. Journal of emerging trends in economics and management sciences, 2(4), pp.304-309.

Yee, C.S., Sujan, A., James, K. and Leung, J.K., 2017. Perceptions of Singaporean internal audit customers regarding the role and effectiveness of internal audit. Asian Journal of Business and Accounting, 1(2), pp.147-174.

Zaman, M. and Sarens, G., 2013. Informal interactions between audit committees and internal audit functions: Exploratory evidence and directions for future research. Managerial Auditing Journal, 28(6), pp.495-515.