INTERNATIONAL INTERNAL AUDIT STANDARDS (IIA) AND THE GEOGRAPHICAL LOCATION OF INTERNATIONAL GROUPS: AN APPLICATION TO THE INFORMATION TECHNOLOGY SECTOR

How to cite this paper: Feghali, K., & Hallak, J. (2019). International internal audit standards (IIA) and the geographical location of international groups: An application to the information technology sector. Risk The international standards for internal audit (IIA) created by the Internal Audit Institute in the United States are presently one of the most important bases for the practice of the internal audit profession. In this research, we assess the use of these principles in international groups through empirical studies, adopting an objective evaluation of the application of the standards. This multivariate statistical study was conducted in 2017 on more than 22 countries covering Africa, Middle East and Europe. Data was collected through a validated questionnaire covering two topics: general company information, and international internal audit standards applicability and relevance. Statistical analysis was performed using SPSS-22 software (IBM, New York, USA). Results showed that audit quality components, information technology and accounting and finance have a favorable correlation with the international standards. In conclusion, these findings suggest such standards are expected to enhance the internal audit practice. As such, international companies should consider applying these standards in their core practice promote the application of the standards through complying their audit practice strategies to the regulations.


INTRODUCTION
Despite the continuous evolution of the accounting regulations, internal audits still lack a standardized form that can be applied uniformly throughout different organizations and geographical areas. Almost every day, there are new recommendations to adjust the practice of existing standards or the identification of new rules that aim to improve and even ensure the correct allocation of accounting information.
Over the course of years, the internal audit became an essential management tool. In fact, it bypasses the usual boundaries of management to cover risk assessment and financial survival. The internal audit department should maintain a close relationship with the audit committee 1 or its specialized committees by giving them a deeper look at the effectiveness of the risk management and internal control systems. By the knowledge the internal auditor has of the organization, his capacity for discernment and relevance of his diagnoses and proposals, the internal auditor is creating added value for the organization. Today, with the great development and growth experienced by large companies and groups and their expansions to all continents and regions of the world (Africa, Europe, America, etc.), as well as the creation of the new subsidiaries, in addition to the major merger and acquisition transactions that have taken place in Europe in the last ten years, the internal audit has begun to take on its importance in the large multinational and international external audit activity.
Tsai et al. (2017) aimed to identify the factors that determine the performance of the internal audit in the context of the work environment of the internal auditors. This includes the implementation of Enterprise Risk Management (ERM), the Enterprise Resource Planning (ERP) system, the use of audit programs, and information technology in internal auditing (Abdulmunim, 2018).
According to Gleim (2011) and Vallabhaneni (2013), Internal auditing is defined as an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
This study evaluates the application of internal audit standards (IIA) to the geographic location of the entities and departments of an international group. In the first part of this study, we focus on the theoretical background for the implementation of the IIA. We then examine the applicability of these norms to several case studies in the African region, Europe and West Indies-based organizations. The company group will be designated by "Internal Group" for confidentiality requirements. The study will present objective metrics for outcome analysis. Through these observations, we identified several anomalies relating to the application of internal auditing standards that opened the door to many questions, which, in our opinion, deserve answers that are grouped by the following questions: 1 Are international internal audit standards well respected at the level of different departments of an international group? 2 Does the proper application of these standards affect internal audit quality?
The study methodology is summarized in Figure 1. In Section 2 of this article, we review some of the relevant literature related to our topic. Methodology and results are analyzed in Section 3 and 4 respectively.

LITERATURE REVIEW
In this part, we summarize existing literature on the internal audit standards by providing a thorough systematic review (Okoli & Schabram, 2010) that highlights the theoretical aspect of the internal audit standards. We also introduce our hypothesis and its novelty compared to previously published landmarks reports.

Theoretical aspect
The institute of internal audit (IIA) is an "independent activity that provides objective assurance, a consultative activity designed to add value and improve the Organization's operations, helping it to achieve its objectives, through regulation and organization, Risk management, control systems, and management processes. (IIA, 2015) & (IIA, 2013). The conceptual framework of professional practices includes in all its parts the idea that internal audit is truly a global profession. Many internal audit functions have adopted the standards in their audit charters.
"Management is responsible for the design of the system of internal control. To monitor the system, its effectiveness is periodically tested. Management may elect to examine internal control or an internal evaluation might be mandated" (Colbert, 2008, p. 208). Telembeci (2015) also mentions that the internal audit standards should help to improve practices in the audited areas and reduce the potential of the conflict of interests.
"The internal audit activity should assess the risk exposure by measuring the degree of compliance with laws, regulations and effectiveness of controls as well" (Chambers, 2014, p.196).
In addition, Kranacher (2012) in an interview with IIA president Richard Chambers, mentioned that in the past, one of the essential focuses of the standards was on financial controls. Currently, there is a multiple sets of expectations: one of the challenges for internal auditors is to continually grow to meet these needs and expectations (Kranacher, 2012).
Fadzil, Haron, and Jantan (2005) proved in their article that management of internal audit department, by complying with the standards related to the professional proficiency, and objectivity will influence the monitoring aspect of the internal control system.
Generally, audit standards can be divided into three categories: attribution standards, performance, and implementation. The standards of attribution are related to the organizations' characteristics and those of the parties carrying out internal audit activities Gleim (2001) and Vallabhaneni (2013). As such, these standards apply to all the internal audit departments and to the internal auditors individually, for example, those in relation to independence and objectivity. We will present below some standards that are directly related to our research, as listed by the institute of internal auditors (Vallabhaneni, 2013), (see Table 1 in Appendix).

Previous studies
Many studies have previously addressed the application of internal audit standards (see Table 2 in Appendix).
In addition, many studies tried to investigate (Rezaee & Lander, 1993), the importance of the internal auditing activity to the management, since it provides an added value for the audit committee and high-level management. Moreover, Chambers, Selim, & Vinten (1987) described the role of the internal audit activity and its relation to the management strategies. They announced that the internal control system is an initial part of the internal auditing practices and they considered that the internal auditors should have the competency in the management control. Barrett (1986, p.20) notes: "Before proper and sound measurement of the internal auditing practices can be done, we have to have a clear understanding of the roles expected of internal auditing and its impact on the internal auditing practices or on the internal audit effectiveness". Based on the above literature review, our research was composed into four parts represented in Figure 1 (in Appendix).

Epistemological positioning and hypotheses
Epistemology is a branch of philosophy that studies the conditions of knowledge formation. It is known to be the philosophy of scientific practice (Piaget, 1967). Epistemology can be further defined by the relationship between the seeker and what can be known. This relationship can be independent or interdependent.
It is by formulating and testing different hypotheses that we will discover reality (Le Moigne, 2007). These will be validated or refuted at the end of our study. The choice of positivism engenders hypothetical-deductive reasoning, which translates into a question regarding the hypothesis that is supported and that it is about testing.
The hypothetical-deductive approach is based on hypothetical propositions in order to deduce logical effects (Mbengue & Vandangeon-Derumez, 1999). Based on this, we will use experimental data to test hypotheses. Indeed, observation is the best way to demonstrate that one variable is the cause of another variable. The decisive issue regards to control of the sources of variations other than those that we wish to measure.
To detect the application of international standards of internal audit within the international group, we will develop three hypotheses in our research. The hypotheses are related to the studied variables and enable us to define three dimensions, and by adopting various statistical analyses, we seek to confirm or refute the hypotheses of the study that we present below: H1: The internal audit quality function with respect to the attribution and performance standards within an international group -(H1 A): The internal audit quality is associated with respect to the attribution and performance standards within an international group; -(H1 B): The internal audit quality is not associated with respect of the attribution and performance standards within an international group H2: International auditing standards (attribution and performance) in relation to the practice of IT audit and ERP systems: -  Figure 2). The study of each of the main hypotheses (H1, H2, and H3) consists of testing the relationship between one of the independent variables and the dependent variable (IIA). However, before testing the hypotheses, the various descriptive statistics are presented and analyzed. In a second step, the validation of the scales of measurement is elaborated by means of a series of tests used in the testing of exploratory and confirmatory analyses. All these steps are described in the methodology section.

METHODOLOGY
To provide a complete and detailed description of our subject, quantitative research is essential. Therefore, to conduct our research, it is necessary to specify the sample studied. The sample is the set of elements that represents a population (Huberman & Miles, 1991). The population targeted in this study is that of the international group including the following actors: -Internal auditors of the group; -Accountants of subsidiaries by regions; -Branch accountants by region; -General managers of subsidiaries; -Some external auditors working with the group.
We attempted to cover all the subsidiaries and the regions where the entities of the group were implemented by sending our survey in August 2017 to 85 participants through convenience sampling (by region) from which we obtained 43 respondents. After receiving all the answers, the total time for data analysis was around 3 months.
Several categorical variables are used describing the respondent's profile of those who participated in our survey. Among these variables, we mention the following: -Respondent function; -The business area of the company; -Number of employees in the company, For the other types of variables, other independent variables are taken into account in this study and are ordered as follows: -Quality of the audit activity (QA); -Information technology system (IT); -Finance and Accounting (AF).
On the other hand, in this study, only one dependent variable is adopted. This is the International Internal Audit Standards (IIA).
The empirical part of this study is based on primary data collected from a sample of the companies' affiliates and internal auditors in this international group. This is a quantitative approach represented by a survey that we have chosen to use in our research since this method is an efficient mode for data collection. It offers the advantage of standardization and statistical comparison of the measurements. Finally, it helps preserve the anonymity of data sources. In addition, although our survey contains qualitative data, we used the Likert 2 scale for the answers in order to make them quantitative.

Survey general information
The survey was based on three problematic topics identified in our literature review: audit quality, information technology and the finance and reporting. Five levels of agreement were used for answer grading: (1) strongly disagree (2) disagree (3) moderately agree (4) agree (5) strongly agree.
The questionnaire was administered to 55 group subsidiaries (Summer 2016), of which 44 companies responded (Figure 3 in Appendix).
It is noted that the highest percentages correspond to Africa and the Middle East, which justifies the distribution of the largest numbers of subsidiaries in these two regions.

Statistical methods and data analysis
Before testing our hypotheses, we conducted an extensive principal component analysis (PCA) in order to validate the measurement scales, reduce the dataset to smaller dimensions and avoid multicollinearity. In our case, four factors have been assessed: the audit quality (QA), information technology (ERP), accounting and finance (AF) and the international internal auditing standards (IIA). In addition, for our case, the following techniques were used: -Multivariate techniques We study the variables taken globally by applying interdependence tests between the variables. The KMO, Bartlett Test and Cronbach Alpha for the validity of the scales are implemented and then PCA, principal component analysis, which is a factorial analysis for quantitative variables that serve to define the link between the tested variables and determine the proper variance and the total variance explained (Carmeli & Tishler, 2004) is used.
-Bivariate techniques We study the variables taken in pairs. We calculate the correlation coefficient and the regression test for each pair, which are composed of the quantitative variables obtained through the ANOVA test.
Therefore, to process the data and conduct a statistical analysis of the different variables related to our research, we used the SPSS software version 22 (2015) "Statistical Package for the Social Sciences" which is specialized for statistically processing data.
We summarize below the results based on the four tests that we applied in order to confirm or refute the research hypotheses.

SYNTHESIS OF THE RESULTS AND THE VALIDITY OF THE HYPOTHESES
In this section, we present all the tests we carried in our research starting with the Cronbach Alpha Index, which tests the data reliability. Then, the Meyer Olkin test is used to measure the validity of the collected information for the factor analysis. In addition, the principal component analysis (PCA) is discussed and finally, the regression analysis represented by the "Anova test" used to test the hypotheses of this study is discussed.

The Cronbach Alpha Index: Data reliability test
The value of the Cronbach Alpha index should be greater than 0.7 in order to measure the relation strength between the studied elements in terms of consistency. The Cronbach Alpha results are described in Table 3 (see Appendix).
-The audit quality (QA) For the case of audit quality, the Cronbach Alpha index was 0.895; therefore, since it is greater than 0.7, the variable (QA) is validated for the analysis and we retain all its components.
-Information technology system (IT) For the information technology, the Cronbach Alpha index is 0.798, and since it is greater than 0.7, the variable (IT) is validated for the analysis and we retain all its components.
-Accounting and Finance (AF) Similarly, for the finance and accounting variable, the index shows a value of 0.710, which is slightly greater than 0.7, so the variable (AF) is validated for the analysis and we retain all its components.
-International auditing standards (IIA) Finally, for the application of international auditing standards, the Cronbach Alpha index yields 0.941, which is greater than 0.7 and therefore (IIA) is validated for the analysis and we retain all its components.
Cronbach's Alpha is a statistical component with values that range between 0 and 1. This scale helps to assess homogeneity (internal consistency) of a certain variable or category composed of a set of items that all should contribute to understanding the same "underlying" entity (or dimension). After validating the reliability of our data used in the survey, it is essential to test the sample consistency and adequacy. Therefore, we proceed with the KMO test.

KMO test: The consistency of the variables used
The Kaiser-Meyer-Olkin "KMO" test indicates how well the set of variables used is a coherent whole. A KMO value could lead us to conclude whether an acceptable factorial solution that represents the link between the tested variables exists. If, for example, we obtain a result of 0.90 or higher, it means that there is an excellent fit of items; if the value ranged between 0.80 to 0.90, we can say that this is a good relation between the items and there is no need for any rectification; values from 0.70 to 0.80 are acceptable but a moderate adjustment is needed; values from 0.60 to 0.70 indicate a small adjustment; and finally, for values less than 0.50, the adjustment is insufficient and we should ignore the factor analysis unless we have a possibility of selection by retaining or removing items that are contributing to this result. The Kaiser-Meyer-Olkin test results are presented in Table 4 (see Appendix).
-The audit quality (QA) The KMO index of 0.798 indicates an adequate correlation between the items of the audit quality variable without any need for adjustment. The relationship between these statistical variables can then be assumed.

-Information technology system (IT)
We note that according to the Kaiser scale, the value (0.726) has a KMO that is in the "good" area and this reassures us that each of the variables considered has a certain degree of correlation with the others. Therefore, we can proceed to perform the PCA with all these variables.
-Accounting and Finance (AF) A KMO result slightly greater than 0.5 (0.583) means that there exists a plausible factorial solution that shows small but acceptable relationships between the variables, though several adjustments will be needed before proceeding to PCA.
-International auditing standards (IIA) The KMO index of 0.843 indicates an adequate correlation exists between the items of the (IIA) variable without any need for adjustment. The relationship between these statistical variables can then be assumed.
Based on the KMO test results, the four tested factors show values greater than the minimum acceptable scale (0.5), which means that all the variables of our study are adequate and could be subject to a factorial solution; therefore, we will proceed in the next subsection with the PCA test.

Application of the principal component analysis technique
Principal Component Analysis (PCA) is a factor analysis that studies the correlation between variables globally. This analysis makes it possible to design the composition of a set of variables and to present the dimensions underlying this set. It allows us to identify the most correlated variables with each other. The selection criterion used is for items with a component greater than 0.7; the others are systematically eliminated. The audit quality (QA) is presented in Figure 4 (see Appendix).
For the audit quality factor (QA), all the items that showed values greater than 0.7 have been retained, while the items removed from the study are as follows: -Regular meeting with the management: we can consider that removing this item is normal since the presence of an audit committee exists, and this committee is responsible for direct reporting to the management. -Annual audit plan: this item has been removed based on the respondent's answers, who confirmed the absence of a clear strategy related to the preparation of an annual internal audit plan. -Chief audit executive: we deleted this item from our study since we realized the absence of a chief responsible for the internal audit function. -Information technology system (IT) is presented in Figure 5 (see Appendix). In this case, we also retained the items that have a factor contribution greater than 0.7; the others were systematically removed: -Existence of an information technology department: we did not keep this factor in our study since the IT function of the international group was outsourced. -Auditors are competent in IT: based on the results, we found that the auditors of the group lacked experience in the information technology field which presents a serious risk to the group companies. -Accounting and Finance (AF) ( Figure 6).
All the items linked to the accounting and finance were retained since all the values are greater than 0.7, which lead us to conclude that the internal audit process related to the finance and accounting department is well organized. International auditing standards (IIA) are presented in Figure 7 (see Appendix).
Similar to the above, we retained all the IIA elements since they presented a factor contribution greater than 0.7. After obtaining these results, it seems very clear that the studied (IIA) items could have a great influence on the three variables represented by the internal audit quality (QA), the information technology (IT), and the accounting and finance (AF). Therefore, to obtain the final answer regarding whether our hypotheses should be accepted or rejected, we proceed with the ANOVA test which will help us to measure this influence.

Measurement of influences of independent variables on dependent variables -ANOVA test
In the following, we proceed with the analysis of the regression model for the proposed hypotheses. We can define the regression as a statistical indicator that measures and assesses the strength of the relationship between a dependent variable (we normally use the letter Y as the reference) and other modifiable variables (known as independent variables, for example, X1, X2…).
In this kind of process, we must test the influence of independent variables on the dependent variable; therefore, we have applied the "Anova test". Then, to test if the independent variables have an effect on the dependent variable, we must obtain a degree of significance greater than α (0.05).
For the case considered in our research, we choose the international standards as independent variables to study their effect on each of the dependent variables, the quality of the audit (QA), the information technology (IT) and the finance and the accounting (FA); this will help us to confirm or reject the three principal hypotheses of our research.
ANOVA test between variables (IIA) and (QA): is presented in Table 5 (see Appendix).
The regression test (ANOVA) showed a Sig less than 0.05 for most components of the quality variable (QA) except for the audit charter and the approved audit plan, which means that there is an influence between the quality and the application of international standards.
Regarding the attribution internal audit standards related to the objectivity and independence, the internal auditors should respect the risk assessment referential that is settled by the top management and participate in the risk assessment and control system implementation; therefore, the internal auditors should have direct access communication with the management via the audit committee or other independent channels. In addition to and in compliance with the standards related to the due diligence and competency, it is preferred to obtain the certification of internal auditors (CIA) in order to enhance the quality of the internal audit function within the group. However, the absence of an approved internal audit plan and a signed charter with the top management could affect the quality of work of the internal audit department within the group, which contradicts the standards.
Therefore, we can conclude that (H1A) was validated and the (H1B) was rejected by the empirical tests of our research: if the auditing standards have been well respected in the group, it will improve the quality of the audit at this group level.
After testing the first hypotheses, we proceed to check if there is any influence of the standards on the IT function of the international group in the following.
ANOVA test between variables (IIA) and (IT) is presented Table 6 (see Appendix).
The majority of the values have a Sig less than 0.05, which shows that there is an influence of the international standards of audit (IIA) on the variable (IT), the information technology system. If the auditing standards related to IT management and the management of the ERP system have been well respected in an international group, they will contribute to increasing the security of the group's information, as well as ensuring the competence of the auditors during their audit. Participating directly in the IT management process to maintain objectivity can be accomplished by writing their reports according to standards. Therefore, we can conclude that (H2A) has been validated and the (H2B) will be rejected.
Finally, we study the third hypotheses by testing the influence of the standards on the accounting and finance function.
ANOVA test between variables (IIA) and (FA) is presented in Table 7 (in Appendix).
The majority of the values have a Sig less than 0.05, which shows that there is an influence of the international auditing standards (IIA) and the variable (FC) finance and accounting.
Auditing standards that have been well applied in the practice of financial and accounting auditing will help ensure the reliability of the financial statements as well as the accounting work within the group. In addition, the internal audit work alone does not fully guarantee the rigidity of the process because the internal auditors also need the support of external auditors who, by standards, must coordinate their work between them. However, to comply with the due diligence and competency required by auditing standards, the internal auditors must have good knowledge in the accounting and finance field, especially in regard to the financial reporting and taxation for a group. In addition, the internal auditors should ensure that the processes are well established within the finance department in terms of the segregation of duties and compliance with local accounting rules and tax systems. Therefore, we can conclude that (H3A) is confirmed by the empirical tests of our research and (H3B) is rejected.

CONCLUSION
This study contributes to the academic literature by providing a theoretical framework for understanding the impact of the application of international standards by highlighting the role of the various determinants accompanying this application. Although the subject of the impact of international standards has been addressed by a large number of studies, the literature lacks studies of this kind on the international level.
This research has presented a study to explain the impact of the application of international auditing standards on the performance of organizations and particularly on the function of internal audit within an international group. The internal and external environment of the group must be taken into consideration. We always need to pay attention to the important and critical role that can be played by the three essential determinants and success factors: the quality of auditing, IT, finance and accounting. The results of this study indicate and confirm that the three variables are influenced by the application of internal auditing standards. The results obtained can help groups to identify the critical factors related to the defense of their audit department in the organizational environment and their impact on organizational performance. Indeed, these results can serve as evidence and support for decision-making. These results show that success in applying international auditing standards to the internal auditors work at the departmental and regional levels of a group leads to better organizational performance.
In fact, the major contribution of this study compared to previous studies was the consideration of the case of the international group as an object of analysis regarding the influence of international standards and their compliance with the internal audit treatments by the department at the headquarter level and within a group, and from the perspective of quality auditing, security and operation of the computer system, and finance management and accounting as well. There are many previous works of research in this domain that have been conducted on the process of the internal audit itself (Beckmerhagen, et al., 2003) and on the internal audit as a means to gain compliance and to continuously improve systems (Kaye & Anderson, 1999). Audits have been studied both from the auditor and auditee point of view. Many of those studies have mainly been survey studies or case studies of a specific way of working in a particular company (Askey & Dale, 1994).
In each area of research or field of study, some obstacles may hinder or limit research plans. While this study contributes to testing the influence of the international standards on some of a company business topic, this study is not without limitations. First, this study does not take into consideration of other factors such as the ethnicity, political connection and cultural implication on audit quality (Zain, Abdul Wahab, & Foo, 2010). In addition, this study utilizes the old measure of audit standards, as suggested by (Goodwin-Kent & Stewart, 2006) more refined measures of independence, expertise and diligence of audit could be developed and used in the future studies.
In the current era of globalization where technology, economy, and information became rather multi-national, international standards are a necessity. Under this perspective, longitudinal studies should be implemented in the future to quantitatively assess the effects of the IIA standards before and after implementation. This implementation should also consider more specific directions to improve internal audit workflow by optimizing the internal control procedures. As such, the advancement of artificial intelligence is supposed to revolutionize every aspect of this process and audit/IT collaboration should be the  Related guidance Attribute standard 1000, "Purpose, Authority and Responsibility: the purpose, authority and responsibility of the internal audit activity must be defined in an internal audit charter".
Practice Advisory 1000-1, "internal audit charter" Implementation Standard 1000.A1 (Assurance Engagements) "The internal audit charter must include the nature of assurance services provided to the group" Implementation Standard 1000.C1 (Consulting Engagements) "The charter should clearly define the nature of consulting services". Attribute Standard 1100/1110, "Independence and Objectivity: the independency of the internal audit activity should be applied, and the objectivity of the internal auditors should be respected when executing their audit missions" Practice Advisory 1110-1, "Organizational Independence" Implementation Standard 1110.A1 (Assurance Engagements) "Nobody is allowed to interfere in the internal audit scope of activity, performing work and communicating results" Attribute Standard 1130," Impairments to independence or Objectivity: the internal auditors should report any impairment which affects their independence and objectivity".
Practice Advisory 1130-1 "impairments to independence or objectivity" Implementation Standard 1130.A1, (Assurance Engagements) "Internal auditors are not allowed to accept any mission in any field for which they had been previously responsible " Source  "Quality system auditors` attitudes and methods" Presents the results of a survey of the auditors of a number of large certification bodies regarding the opinions of registering companies to ISO 9000 (Beecroft, 1996) "Internal quality audits-obstacles or opportunities?" Defining the process of changing an organization into a more preventive and proactive body and what are the roles of the internal audit activity in such transformations. "The contribution of international auditing standards and arrangements for implementing national" Creating a standard to be used as a reference in implementing a management system for public institutions (Fadzil et al., 2005) "Internal auditing practices and internal control system" Studies were done on some companies to determine their compliance with the standards (Kranacher, 2012) "Promoting the Value of Internal Auditing " Interview with the IIA president