The evolution of the internal auditing function in the context of corporate transparency

The study presents relevant aspects concerning the evolution of internal auditing, after the economic recession. The reasons that persuaded the authors to tackle the evolution of the internal auditing function are the timeliness actuality and importance given to internal auditing in the post-economic crisis period. Therefore, at the level of published literature, a series of studies concerning the evolution of internal auditing and its role were analysed. Following the conceptual delimitation and the presentation of the study concerning the published literature, the authors undertook a qualitative study, which covered the perspectives of the internal auditing function. The result of this analysis indicates that even though a series of changes have been undertaken concerning the function of internal auditing, in the recent period, the role and the importance of this function inside the entities will change.


Introduction
According to Arthur Hald (1994), "no large business can escape internal auditing.If the large organisations haven't adopted it until now, they will do it so sooner or later, and, if events develop as they did until now, they will have to have it sooner".
The events linked to the crisis drew attention mainly to the internal control systems and risk management.While previous attempts to reform the corporate governance system have been focused on the composition of the administrative council or on problems linked to remuneration, the financial crisis put risk aspects in the foreground.
Internal auditing takes place in different legislative and cultural environments: within organisations that differ from the point of view of their scope, size, complexity and structure; by people from inside or outside of the organisation.Although differences that can influence the practice of internal auditing can exist in every environment, it is essential to respect the International Standards for the Professional Practice of Internal Auditing set by IIA (Standards for Internal Auditing) to fulfil the responsibilities of internal auditors and the activity of internal auditing.If the legislation or regulations do not allow internal auditors or the activity of internal auditing to respect certain sections of the Standards, it is necessary to respect all the other sections of the Standard and to declare the existing nonconformity (International Standards for the Professional Practice of Internal Auditing, 2012 Institute of Internal Audit, p.4).
Internal auditing is an activity of strategic importance in what concerns the control and management processes at the level of the economic entities.Using different procedures and working instruments, internal auditing offers an analysis and a complete image of the pursued activities, through the working methods used in the company, the method of organising the entity and the operations undertaken.In this sense, it is considered that internal auditing brings a plus value and offers assurance on the internal control system of the entity, also viewed in the light of the principles of corporate governance.
According to the Institute of Internal Auditors, "internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations.It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and, governance processes" (Mermod and Sungun, 2013: 65).
Today, the function of internal audit plays a major role in improving companies' performance.The main reasons behind this role are the increasing rate of transformation of the economy, the swiftness of decision-making and the necessity of entrepreneurs to collect all the possible resources in order to gain a competitive advantage in relation to the competition.Of all the functions of an organisation, the internal audit function is the only one that plays this role in a natural way since it has "a unique responsibility to document, explain and evaluate activities linked to risk, control and governance".The function of internal audit has the capacity to increase the performance of companies by its own nature, as it leads to the daily obtainment of information through data collection.
Simultaneously, internal auditing represents a key element of organisations' corporate governance risk management and the structure of internal control.Creating an effective audit function represents a challenge for the organisations.The competitive advantages that can be obtained, fully reward the efforts (resources) invested and they include: improvement of risk management processes, of control environments, strengthening of relationships with regulatory authorities, a greater effectiveness during governance, a greater effectiveness in managing risks and controlling activities.
For a long period, internal auditing was considered an aid for external auditing through verification of the internal control process within the entity.Today, without omitting this aspect, the internal auditing activity has the role of supporting the external audit as well as to verify and evaluate the internal control, but nevertheless the function of internal audit starts to play a considerably more important role in assisting the management in what concerns the risk to which the entity is subject.In this context, it becomes clearer the fact that the professional profile of the internal auditor will suffer some changes generated not only by the modifications occurred in the role which they fulfil but also due to the challenges they have to face in the business world: risk management, more sophisticated information technologies, data mining etc. (Chersan, 2016).

Scientific research methodology
The article proposes to highlight the importance of the connection between the area of accounting and audit.In order to benefit of timely results and conclusions in research activity of the economic domain, we need to analyse facts, economic events, numbers and statistical data.The viable analysis of a domain or of an economic activity shows the necessity for the existence of a methodology and a specific research model.In what concerns the accounting domain, the fact that it represents an important source of information for economic decision-making and, especially, managerial decision making is widely acknowledged.The lack of economic facts provided by accounting can represent a major disadvantage for a manager.
Recently, from the point of view of importance within the entity, internal auditing gains more and more ground, thus representing an attractive and of interest research domain.The scope of this study is to identify and highlight the perspectives of the internal audit function and the ways in which this function will develop.
The conducted research is of qualitative type.The followed objectives are the identification of the evolution of internal auditing functions.The research entailed covering the published literature which harnesses the researches in the domain of internal auditing, analysing the norms and regulations in force, as well as analysing the studies concerning the evolution of internal auditing, carried out worldwide by prestigious international bodies.
In the research, our scientific approach is based on a deductive approach from the general to the particular.Therefore, we began from the actual stage of knowledge by defining the key concepts regarding internal auditing.
We subscribe to the idea according to which the completion of a scientific endeavour is the beginning of further development or of new approaches in the research domain.Thereby we end this research with a series of conclusions.

Conceptual approaches regarding internal auditing
The activity of internal auditing emerged and developed due to its utility to the beneficiaries and due to its capacity of satisfying certain needs of its users.The activity of internal auditing is of strategic importance, because managers, as well as the Board of Directors of the entity, know that as long as there is a suitable internal control system, any mistakes and failures will be investigated and alleviated in a timely manner.The Board of Directors perceives internal auditing as an action for improving the activity, as well as an action of searching for and discovering errors and misdemeanours (Ţingău,2007).
Thus, the clarification of the internal auditing notion, and more than that, the clarification of the role that internal auditing plays today, is imperative.A number of researchers from the field have analysed the evolution of internal auditing at the international and national level (Möller and Witt, 1999;Anderson, 2003 Starting with the definition retrieved from the explanatory dictionary, the audit term comes from Latin, from the word audit-auditing, which has the meaning of "to listen". A more intense usage of the term audit is found in the period of the economic crisis from 1929, since then the role and necessity of internal auditing continuously increased, a fact which led to the organisation and standardisation of internal auditing practices through the establishment in 1941 in Orlando, Florida, SUA, of the Institute of Internal Auditors (IIA), to which, at the moment, more than 120 countries are related.
The internal audit had an important role within corporate governance already since 1940 (Möller, 2004) and it became even more important as the years passed.Since 1940, many changes have occurred regarding internal auditing which was regulated through different norms and corporate governance codes.Hermanson and Rittenberg (2003) consider that among the basic activities of internal auditing are listed the evaluation of risk, ensuring control inside the entity and ensuring compliance.
In 1942, J.B. Thurston, the first president of the International Institute of Internal Auditors, declared with an astonishing forecast that the most brilliant perspective of internal auditing will be the "managerial assistance".In 1991, Joseph J. Mossis -president of the Institute of Internal Auditors from Great Britain, resumes the same remark, but in more precise terms: "it is clear for those that work within the Internal Auditing function that this plays a vital role, helping the management to hold the reins of internal control" (Ghiţă et al, 2005).A first definition of internal auditing was given by Brink Victor, director of IIA Research Foundation in the year 1958."Internal auditing thus emergence as a special segment of the broad field of accounting, utilizing the basic techniques and method of accounting.The fact that the public accountant and the internal auditor use many of the same techniques often leads to a mistaken assumption that there is little difference in the work or in ultimate objectives.The internal auditor, like any auditor, is concerned with the investigation of the validity of representations, but in his case the representations with which he is concerned cover a much wider range and have to do with many matters where the relationship to the accounts is often somewhat remote.In addition, the internal auditor, being a company man, is quite naturally more deeply interested in helping to make those operations as profitable as possible."(Brink and Cashin, 1958).
Internal auditing is defined in the Professional Norms issued by the Institute of Audit and Internal Control as being "an objective and independent activity that confers to an organisation an insurance regarding the level of control concerning operations, it guides the organisation in order to improve its operations and it contributes to adding a plus value".Furthermore, it has to be mentioned that internal auditing helps the organisation to reach its objectives as it evaluates the management process, the control and governance process, but also the risk to which the organisation is exposed; more than that, internal auditing offers solutions to enhancing the efficiency of these processes, or to cover deficiencies (Chiţu and Ioanaş, 2005).
The internal auditing activity, as we have mentioned before, appreciates and guides the corporate governance process, in order to accomplish specific objectives related to ethics, responsibility and efficiency in administration.In this sense, for monitoring and ensuring the conformity with the applicable corporate governance code, we consider that it is imperative to define the concept of corporate governance.Corporate governance, according to OECD, represents all the procedures and processes according to which an • the period of the economic crisisthe role and the necessity of internal audit

The role of internal auditing
If the Standards are used together with other standards issued by other regulatory bodies, the internal auditing reports can, as well, mention the use of other standards, by case.In such a situation, if there are disparities between the IIA Standards and the other standards, the internal auditors and the internal auditing activity have to respect the IIA Standards and can apply also the other standards if these are more restrictive.
The scope of the Standards is: 1. To outline the basic principles regarding the practice of internal auditing.
2. To supply a general framework for developing a wide range of internal auditing missions capable of generating a plus value.
3. To establish the reference framework for evaluating the results of internal auditing.
4. To boost the improvement of the organisation's processes and operations.
The standards represent mandatory requirements, based on principles, including: • Statements regarding basic requirements for the professional practice of internal auditing and for evaluating its effectiveness that are applied at international, organisational and individual level.e) The way of drawing up the Balance Sheet; f) The verification of the way in which the accounting activity is carried out.
The insurance missions involve the objective evaluation of the evidences by the internal auditor in order to express an independent opinion or conclusions regarding an entity, an operation, a function, a process, a system or other aspects.The type and the coverage sphere of the insurance missions are set by the internal auditor.Generally, three participants are involved in the insurance missions: (1) the person or group directly involved in the entity, operation, function, process, system or any other aspect being audited -responsible for the process, (2) the person or group that organises the evaluationthe internal auditor, and (3) the person or group that uses the evaluation -the beneficiary of the mission (International Standards for the Professional Practice of Internal Auditing, 2012 Institute of Internal Auditors, p.5).
The counselling missions have an advisory character and they take place, generally, at the formal request of the beneficiary of the mission.The type and the coverage sphere of the counselling activities are set in common agreement with the beneficiary of the mission.Generally, two participants are involved in counselling missions: (1) the person or group that supplies the counselling -the internal auditor and (2) the person or group, that requests and benefits from counselling -the beneficiary of the mission.When carrying out counselling missions, the internal auditor has to be objective and he cannot assume managerial responsibilities (International Standards for the Professional Practice of Internal Auditing, 2012 Institute of Internal Auditors, p.5).

Evaluation of the priorities within the function of internal auditing
The frequent changes inside the entities are at the base of the new challenges that the internal auditing function is facing.It is not enough for the internal auditing departments to understand the new developments at the level of the organisations, these also have to examine in a systematic and rigorous the moving targets like possible risks, the existing processes that are continuously evolving and the new processes that appear as a result of the external changes.Additionally, the regulatory system and the compliance requirements lead to the increase of the scope and insurance responsibilities in internal auditing (Protiviti, 2013).
Therefore, today's internal auditors focus on some basic questions such as: • How can a new entrant, medium sized company make sure that the local teams do not yield to the corruption practices?
• How can a multinational company be sure that the data provided by their clients is well protected, even when it is in the hands of the employees that travel all around the world?
• How can the audit committee of an enterprise in full development know, that their data centre is protected from persons that illegally try to take over the control of the security system?
Such questions can easily occur to the executive directors of audit and their team.The evolutionary nature of the technology regarding the social networks inside companies outlines the ultrafast changes (accompanied by uncertainties) on which today's internal auditors have to concentrate (Protiviti, 2013).
Protiviti conducted a study in 2013, which had as a major subject the way in which internal auditing handles uncertainty, the manner in which it reacts to the frequent and fast changes of the processes of the economic entities, and the improvement of the collaboration with the other departments of the entity.Over 1.000 respondents have participated at the study, being included also the executive directors of audit, directors of internal auditing, managers and their teams.These professionals have evaluated in excess of 150 areas of competence and knowledge of internal auditing, in three standard categories of the study: general technical knowledge, knowledge regarding the auditing process and competences and abilities linked to the personnel.The participants practically represent all the industrial sectors.The key results of this study target (Protiviti, 2013): • The social networks remain a priority.Understanding the way in which the social networks function and develop is critical for the internal auditors in the future.These reflect the usage frequency of the social networks inside the company, as well as the inherent risks that accompany these networks.It is important to be mentioned that, the same risks and problems appear within other developing technologies that the economic entities are starting to use; • The changes from within the regulatory and drafting bodies attract attention.The future modifications as "Updated internal control COSO -Integrated framework" and the recent audit standard decrees of the Institute of Internal Auditors (IIA) -Standards 1110, 2010.A1, 2010.A2, and 2450 -provoke the internal auditors to keep up with the new requirements and the changes resulted in the audit practices and processes.; • The nature of fraud is changing -like the way in which the internal auditors relate to it.Since organisations rely more and more on the so-called "big data" (generated both internally and externally) in the decision making process, new forms of fraud target these specifics.The internal auditors are aware of the existence of these new risks of fraud and try to apply new top techniques (for example, the continuous analysis and monitoring of the data) as a part of preventing, screening and attenuation of frauds.
• There is a constant interest for technology-based audit.As in previous studies, the executive directors of audit and other professionals of internal auditing consider that data analysis instruments, computer assisted audit instruments, continuous auditing and monitoring approaches are essential for improvement of the missions.
• Internal auditors target a more strategic way of thinking and a more efficient collaboration.The need for enhancing strategic thinking reflects the increase in the regularity with which internal auditing is requested in understanding and analysing the risks before making the decisions.Persuasion, negotiation and administration of confrontations must be improved and it demonstrates a better understanding, by the internal auditors, of the need to work closer with their colleagues from the organisation in order to diminish the risks within the more complex processes of the work environment.

Perspectives of internal auditing
Internal auditing is becoming one of the bodies that can easily influence the added value of the entity.The basic function of internal auditing is to offer the necessary information to the Board of Directors.As we could previously observe, the Institute of Internal Auditors defines the main function of internal auditing as being the one of responsible executive managing and suitable insurance regarding risk and control management.A secondary function of internal auditing is the consolidation and improvement of risk management and of suitable controlling, through the promulgation of accounting principles, as well as those of corporate governance.

Figure no. 2. Key attributes of the function of auditing
Source: Own projection

The evolution of the internal auditing function in the context of corporate transparency
No. 3(147)/2017 447 The majority of the internal auditors admit the fact that they cannot hold their current status if they continue to stay in their comfort zone and supply the auditing committee information and points of view based on the traditional approach of internal auditing.The challenge of internal auditing consists in obtaining a unanimous consent regarding the necessity of enlarging the current role of internal auditing, simultaneous with the maintenance of an adequate level of performance.In order to enlarge the current role and to improve the work methods, the "auditors of the future" owe to develop their capabilities and actual processes.
In the study "State of the internal auditor profession -2010" conducted by PWC (2010) in the journal "Maximization of the internal auditing function", a concept which supports the need for eight key attributes of an efficient internal auditing function, is presented.
According to a study conducted by KPMG (2016) regarding the top 10 risks to which auditors should pay attention is: 1. increased requirements in the regulatory plan; 2. culture and leadership method; 3. reporting (according to the regulations); 4. stress tests; 5. cyber security; 6. relationship management with the service suppliers (as a result of outsourcing of certain activities and of the IT system maintenance); 7. continuous evaluation of risks 8. usage of data analysis/continuous auditing; 9. recruitment and retention of the auditors with experience; Therefore, we can observe from the papers by Protiviti, 2014 and 2016, that there is an increasing interest in IT technology.Thus, the internal auditor has to be an expert in not only the auditing activity, but also in the IT field.The auditor, through the work he executes, can appeal to the following IT elements (Stanciu, 2016): • electronic worksheets; • instruments for the management of the collected information; • data analysis instruments; • data mining instruments; • continuous auditing instruments; • mission planning instruments; • instruments for tracking the implementation of the recommendations; • Software applications for risk evaluation etc.
Regarding the future orientations in the area of internal auditing, the following can be observed (Protiviti, 2013): • social networks remain a priority (the organisational social networks continuously grow and develop, the evaluation and monitoring of the risks of social networks are or soon will be key elements within the auditing plans, the precise nature of the risk of organisational social networks are changing in a rapid rhythm); the changes within the regulatory and elaboration bodies of the norms draw attention (the function of the internal auditing recognises recently decreed auditing standards as being top priorities); the nature of the frauds is changing, as well as the way in which internal auditors perceive them (notable priorities include the prevention and detection of frauds, and the method of approaching risks linked to "cloud computing"); • There is a constant interest for technology based auditing (the usage of data analysis technologies represents a key priority, data analysis instruments and computer assisted auditing instruments continue to represent key area which need improvement); internal auditors target a more strategic thinking and a more efficient collaboration (internal auditing is looking to become a collaboration, proactive and strategic function for the organisations).The collaboration within the companies results in the increase of work productivity, a more efficient use of the resources, innovation and a decrease of the risk profile.Thus, pressure builds on internal auditing in order to increase collaboration and coordination with the other departments.Unfortunately, this enhancement of collaboration cannot be achieved immediately.It is important to remember that it is not enough for the effort to come from only one direction (from the internal auditing function), it is necessary that the other departments are proactive and strategic involved as well.A few of the benefits of intensifying collaboration observed by the directors of the internal auditing departments are a more rigorous evaluation of risks, a piercing visibility over key risks, trust among employees, orientation and efficiency.

Source: Protiviti (2013), Internal Audit Capabilities and Needs Survey Report -Assessing the Top Priorities for Internal Audit Functions
The independence of internal auditing represents a delicate subject in the internal auditing department's directors' vision, due to the close relationship that exists between independence and collaboration.Even though the internal auditing function is traditionally an independent function, some of the interview respondents consider that the independence can be overstated to the extent that it makes them feel as strangers inside the companies they work for.Regarding the collaboration with the other departments, they say that they have to make compromises linked to independence for the benefit of the whole organisation.The internal auditors are employees of the companies and they have to act in the interest of the company so they cannot be independent.The others state that the independence of the internal auditing function is not compromised by the regular collaboration with the other departments, the real challenge being exactly in the collaboration.
The road, which the internal auditing function is taking, is pretty clear.Surprises can appear, obstacles that would affect the visibility, however the saving key element consists in the cooperation and coordination of internal auditing with the rest of the members and processes from the company.In conclusion, the development, the efficiency and the effectiveness of internal auditing will influence the future performances obtained by the organisations.

Conclusion
The global economic environment is continuously changing.The organisations are interested in increasing their performance, a desire that is not possible if their internal auditing department is not keeping up the pace with the fast rhythm of development of the economic entities.What does it mean to keep up the pace?It means to identify the potential risks, the evolution of the processes and the results of the changes from the external environment.There is a direct relation between the company's performance and the internal auditing function, the performance being the effect and the internal auditing function being one of the causes.
In the last decades, important changes took place in what concerns the attention given to the evaluation of the benefits, effectiveness and performance of internal auditing.Therefore, internal auditing registers a continuous evolution, determined by the dynamic environment in which it operates.
The expectations of the management and of the investors have become higher, therefore practical requirements from the auditors are further important, the managers expecting auditors to provide more than only credible assurance and efficient auditing missions, because they want to be able to turn to the internal auditing for strategic initiatives.The quality of good practices is determined by the level in which the internal auditors correctly anticipate the evolution of the risks and requirements of the auditing committee and of the management, concentrating their attention on the areas that are the most exposed to risk, and offering recommendations for improving the processes and attaining the strategic objectives.
The priority of the internal auditors remains the risk evaluation and the internal control.Additionally, the internal auditor has to collaborate with the auditing committees and the external audit for identifying the risks.Moreover, in the last period, more emphasis is put on advanced IT knowledge, which involves a rigorous approach regarding IT risks, through integrating them with the business risks.

Figure no. 1 .
Figure no. 1. Evolution of internal auditing

•
Interpretations, which clarify terms or concepts from the Statements (International Standards for the Professional Practice of Internal Auditing, 2012 Institute of Internal Auditors, p. 4) The scope of internal auditing has to be the achievement of the activity objectives of the entity, through (Ţingău, 2007: 62-66): a) The protection of the entity's assets -to ensure a faithful image of the patrimony; b) Ensuring the faithfulness and accuracy of accounting information -an obligation for the administrator of the patrimony; c) The way in which accounting is organised; d) The organisation and execution of the stocktaking;