Académique Documents
Professionnel Documents
Culture Documents
Uppsala University
Department of Business Studies
Program: Master in Accounting, Auditing and Analysis
Supervisor: Karin Brunsson
Date of submission: 2013-05-29
Abstract:
Purpose: the purpose of the thesis is to find out how Lithuanian commercial banks position their
internal audit function within their organizational structure to overcome the tension of working with
the management and keeping the distance to be able to report on them at the same time; and is
internal audit function considered as one of the cornerstones of corporate governance. Moreover,
comparison of banks is made to inspect any patterns, differences and similarities concerning the
origin of the capital.
Method: to answer the research question a qualitative approach was chosen: analysis of audited
financial reports in the period of 2008-2011, organizational statutes and all available public
information in 7 Lithuanian commercial banks is performed. Moreover email-interviews were held
with all chief internal auditors.
Findings: the internal audit function in Lithuanian commercial banks is not considered as one of the
cornerstones of corporate governance the function only participates in the corporate governance
through the audit committee. Threats for independence are mitigated by giving the responsibility to
the audit committee to appoint and dismiss the chief internal auditor and to approve the annual audit
plan; and by composing the audit committee with at least one financial expert. Moreover, there is
no clear pattern or distinction between internal audit positioning in foreign-capital and Lithuaniancapital banks.
Concluding remarks: the need for improved controls is a very important issue in the public debate.
The position that internal auditors are put in nowadays is very challenging internal auditors are
expected to provide both assurance and consulting services and maintain their independence at the
same time and organizations handle it differently.
Table of contents
THE NEED FOR INTERNAL AUDIT FUNCTION .......................................................................... 4!
Problematization .............................................................................................................................. 5!
The aim and the construct of the study ............................................................................................ 7!
CONCEPTUAL FRAMEWORK ........................................................................................................ 8!
Difference in internal and external auditors ..................................................................................... 8!
Corporate governance structure and internal auditors role in it ..................................................... 9!
Internal audit characteristics .......................................................................................................... 10!
In-house vs. outsourced internal audit activities ........................................................................ 12!
Development of the internal audit function ............................................................................... 13!
The internal audit function and the audit committee ..................................................................... 13!
The internal audit function and management ................................................................................. 16!
Independence, objectivity and recommended reporting lines ........................................................ 18!
Internal auditors reporting lines ................................................................................................ 20!
THE RESEARCH QUESTION ......................................................................................................... 22!
INTERNAL AUDIT IN LITHUANIA: development, importance of the function and the current
state ............................................................................................................................................. 23!
RESEARCH METHOD: sampling, validity and the method explanation ........................................ 26!
DATA ANALYSIS ............................................................................................................................ 29!
CONCLUDING REMARKS ............................................................................................................. 33!
Discussion, Limitations and Suggestions for future research .................................................... 34!
REFERENCES................................................................................................................................... 35!
Problematization
Audit services are intangible in their nature; therefore, it is difficult to evaluate them and there is the
need to clearly define them. Internal audit activities should follow the Institutes of Internal
Auditors (IIA) standards. The IIA, established in 1941, is a guidance setting body for internal audit
activities. The current definition of internal auditing, provided by the IIA (2003), is as follows:
Internal auditing is an independent, objective assurance and consulting activity designed to add
value and improve an organization's operations. It helps an organization accomplish its
objectives by bringing a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance processes.
Assurance services are independent services that shall improve the quality of information for
decision makers. The scope of assurance service is: to evaluate risk exposures in governance,
operation and information systems; assess the effectiveness and efficiency of operations; safeguard
the assets and perform financial, compliance and system security audits. The scope of consulting
service is to provide operational advice to the management. The consultancy role includes analysis
of situation, risk analysis and evaluation, developing potential solutions to the problems and
training programs for other employees of the organization (IIA, 2003; HM Treasury, 2010). Internal
auditors should be important providers of independent evaluations of internal control and risk
management hence, assurance which is, or can be, combined with more practice-oriented
management assistance hence, consulting (Sarens and De Beelde, 2006). This definition now
requires internal auditor to assume a consultants role and be a participant while straying away from
the traditional independent reviews (Haron et al., 2012). They now appear also as a team of
administrative help.
Holt (2012) mentions that some chief internal auditors are now anxious to return to the traditional
oversight role and assurance activities, claiming that failure to address strategic, compliance and
operational risks undermines effectiveness of internal auditing, diminishes their value to
stakeholders and exposes organization to higher operational and financial risks in the future. Holts
statement somehow implies that internal auditors cannot do both and that adding consulting
activities leaves no, or much less, time for assurance services. Allocating more resources for
internal audit and expanding internal audit department within the organization can probably solve
this problem, according to Anderson et al. (2012). It is important to note that consulting services
were added but did not replace assurance services.
The problem that internal audit definition, provided by the IIA, creates is that there is no absolute
distinction between consultancy work and assurance work. It is also possible that assurance work
may create the need for consultancy work as well as having an in-built consultancy element by
making recommendations. Similarly, HM Treasury (2010) write that consultancy work enriches and
makes a contribution to the overall assurance that can be delivered.
In practise it is a very difficult task, when internal auditors are expected to serve management and
control it at the same time. This, however, does not just create an expectation gap, but somehow
fades away the illusory mask of independence that auditors are supposed to wear (Norman et al.,
2010). Management evaluates internal audit performance and can promote internal auditors to the
5
CONCEPTUAL FRAMEWORK
This section of the paper provides the constructed overview of prior research findings on internal
audit, which also informs and guides towards the research problem. It is not just the informative
literature review, which, as Maxwell (2008) puts it, would be focused on covering the field. It is
rather focusing specifically on the research that is particularly relevant to the study.
Internal auditors train and educate the others to do a better job instead of doing it themselves
(in a sense, internal auditors can be called the invisible heroes). External auditors get the
responsibility to do the checking on internal audit activities, amongst other check-ups.
Internal auditors cannot be independent from the entity (they are hired by the company) and
have their objectives set by the entity, whereas external auditors can and have to be
independent and have their objectives set by the regulators.
Internal auditors serve the entity; external auditors express an opinion on the financial
statements of the entity.
External auditors reliance on an internal audit function is very complicated and context specific
(Abbott et al., 2012). When external auditors conduct the audit they need to study and evaluate not
only the internal control system but also the internal audit function, in order to determine internal
audit activities of convenience for the purpose of planning the audit procedure (Haron et al., 2012).
SAS No. 65 (i.e. Statement on Auditing Standards The Auditors Consideration of the Internal
Audit Function in an Audit of Financial Statements) directs external auditor to consider continuing
education of internal auditors (Abbott et al., 2012). The standard also directs the external auditor to
evaluate the internal audit functions oversight status. In some cases the external auditor takes direct
assistance from internal auditors, but before using internal auditors provided reports the external
auditor has to make sure if the internal audit function is objective; if it has sufficient technical
competence; if work is carried out with professional care and that communication will be effective
(Abott et al., 2012).
Both external and internal auditors provide assurance, but to different parties: an external auditor
provides assurance to shareholders, whereas internal auditor to the board (via the audit
committee) (Christopher et al., 2009). The reason for assurance gap is that internal auditors belong
8
11
12
During the review of internal audit functions program and budget, audit committee can
voice concerns over the amount of hours allocated to internal controls activities.
Audit committee can request the internal audit function to take actions to improve existing
internal control structure or increase the amount of coverage on higher-risk areas.
Chief internal auditor can communicate audit committees internal control concerns to CFO
and CEO.
Prescriptions calling for a strengthening of audit committees role seem to be irrelevant for
Tremblay and Gendron (2011). Authors state that mandatory changes superficially implemented
and do not shift members thinking or doing. There are gaps between meanings of prescriptions
when interpreted by agents versus instigators. Members of audit committee are generally confident
about the effectiveness of the committee on which they sit. Moreover, the effective audit committee
is described as one where members are not afraid to raise serious and important issues: I am going
to ask that question even if I think you are the most honest CEO in the world (Tremblay and
Gendron, 2011). This denial of new prescriptions for the audit committee leads Anderson et al.
(2012) to a question whether regulators over-react. They might, but there is a pressure on regulators
15
Clearance that management is responsible for risk management (not managing it for them).
If internal auditor is responsible for any part of risk management there appears an
impairment of objectivity and there is a need to engage other assurance providers.
Document risk responsibilities of internal auditors in the audit charter.
In other words, internal audit should also avoid setting risk appetite; imposing risk management
processes; being the sole source for managements assurance that risks are effectively managed;
taking decisions on risk responses; and implementing risk responses on managements behalf.
These are managements responsibilities and should not be implemented by internal auditors.
17
18
Functional reporting line to the audit committee (and the whole board):
o Audit committee approves the internal audit charter (does not make it, but approves it);
o Approves internal audit risk assessment and audit plan;
20
It is important to note that these reporting lines and relationships are only recommendations and
currently there is no mandated form of internal audit audit committee relationship (Abbott et al.,
2012). Therefore, the oversight roles often vary from organization to organization depending on
their corporate governance structure and organizational culture.
The functional reporting line is argued to be the ultimate source of authority and independence
(Rolandas, cited in Mahzan et al., 2012, p. 77). However, Abbotts et al. (2010) findings suggest
that audit committee is a near equal partner with the management. Regulatory organizations (such
as the Institute of Internal Auditors and the Public Company Accounting Oversight Board) mostly
emphasize the benefits of audit committees oversight of the internal audit function, but Abbott et
al. (2010) points out the lack of research and discussion about anticipated outcomes that such
oversight brings out.
Abbotts et al. (2010) empirical findings led to the conclusion that when the budget oversight lies
with audit committee vis--vis management, it is in most cases steering internal audit function
towards more internal-controls-oriented activities. Management, on the other hand, may endeavour
internal audit for more attention to operational audits and other consulting-related activities (Abbot
et al, 2010) and that is a serious threat for internal auditors independence. Moreover, the internal
auditor perceives more personal threats when reporting high levels of risks directly to audit
committee relative to management. This leads the internal auditor to reduce assessed levels of fraud
risk when reporting to the audit committee. Independence of internal audit is critical when it comes
to fraud detection. Due to concerns of over-reaction of audit committee, internal auditors tend to
work-out issues with the management before meeting the audit committee (Norman et al 2010),
which is not a bad thing as long as internal auditor still reports it to the audit committee if the
management is not willing to accept recommendations. Additionally, private contacts allowing
chief internal auditor raise matters affecting management without its presence are also an effective
way to guarantee independence (Christopher et al, 2009).
21
22
Table 1: The timeline of important laws and events for internal audit in Lithuania (created by the author)
Year
1995
1997
2000
2001
2002
2003
2004
2005
2006
2008
According to Lakis (2002) the very beginning of internal audit in Lithuania is the year 1995, when
the board of the Bank of Lithuania approved the Procedures of internal audit function in
commercial banks and obliged Lithuanian commercial banks to establish an internal audit
function. Oddly, internal audit establishment in state-owned institutions was only a second step
following commercial banks. Another version is given by Mackevi"ius (2002), who claims that
internal audit in Lithuania was established in 1997 with a registration of Lithuanias Internal Audit
Association (Lietuvos Vidaus Audito Asociacija). The author also evaluated Lithuanias internal
audit level in 2000 by comparing it to the level that was reached by western countries (such as UK,
Germany and France) already in 1950-1960.
23
24
25
26
how big the internal audit department is in comparison to the total number of employees and
what drove the decision on the size of the department;
if internal audit staff works full-time or not;
their personal views on objectivity and independence (personal code of ethics);
personal reasons to become an internal auditor (to find out if they interested in the
profession itself or if it was a good stepping stone into the organization);
functions performed;
whether chief internal auditors participate in audit committees meetings;
who approves their budget and audit plan;
who approves their remuneration.
27
28
DATA ANALYSIS
Even though Deloittes conducted survey in 2012 showed that in only 10 per cent of Lithuanian
companies reporting line was the audit committee and in 70 per cent of the companies chief internal
auditors reported directly to the CEO, commercial banks are operating under the laws and
regulations of the Bank of Lithuania. Since having an audit committee and an internal audit
function became obligatory for Lithuanian banks, their statutes and financial reports all mark that
chief internal auditor reports directly to the audit committee. In other words, officially their
functional reporting line is the audit committee.
In general all 7 Lithuanian commercial banks have almost identical statutes, which describe
corporate governance structure consisting of:
The supervisory council meets at least quarterly and has an oversight role over the board and the
CEO; therefore, the supervisory council approves board members. In turn, the head of the board is
also the CEO of the bank. The board meets at least once every month.
In addition to this, every bank has established an audit committee, which is also a part of the
corporate governance structure (appointing and remuneration committees can also be a part of it,
but are not mandatory). The supervisory council must ensure the existence of effective internal
controls and thus appoints the audit committee, approves its members and its charter. Audit
committee must ensure internal audits independence and is responsible for internal control
systems strengthening; effectiveness of internal audit function; determines internal audit operating
procedures; approves annual internal audit plans. At the same time audit committee plays an
intermediate role between corporate governance bodies and internal audit function. However, in
both foreign-capital and Lithuanian-capital commercial banks internal audit function is not
considered to be a part of corporate governance structure, which is quite a different situation from
e.g., Malaysia (Mahzan et al., 2010), Spain (Garca et al., 2010) and Italy (Arena and Azzone,
2007), where empirical findings show that internal audit function is considered as one of the
cornerstones of corporate governance.
While analysing audited financial reports of all banks most of the important information was found
in the external auditors notes. If the bank showed and explained how they comply with the
Corporate Governance Code (issued in 2006 by the Lithuanian Securities Commission) in financial
reports, external auditors also evaluated the internal audit function and its effectiveness. This shows
that external auditors only thought of internal audit function as an important one if the bank showed
it to be significant. However, these compliances only appeared in financial reports of AB SEB
bankas; AB DNB bankas and AB &iauli' bankas - the first two being foreign-capital banks and
the last one being Lithuanian-capital bank. Therefore, there is no significant difference, concerning
internal audit functions importance, depending on the origin of banks capital.
29
7
4
5
4
3
3
1
1
1
5-6 times
4-5 times
4-5 times
494
150
489
3
3
4
0.61%
2%
0.82%
3
5
5
4
3
5
5
7
3
3
4
3
1
1
2
2
4-5 times
4-5 times
4-5 times
4-5 times
329
1249
1955
1481
4
7
7
12
1.22%
0.56%
0.35%
0.81%
As a % of total
employees
No. of audit
committee
meetings per
year
7
4
4
No. of internal
audit staff
No. of financial
experts in the
audit committee
Total no. of
employees
No. of audit
committee
members
AB Citadele bankas
AB Swedbank
AB SEB bankas
AB DNB bankas
No. of Board
members
AB !iauli" bankas
AB bankas Finasta
UAB Medicinos Bankas
No. of
Supervisory
Council
members
Origin of capital
(L-Lithuanian;
F-Foreign)
AC
AC
AC
AC
AC
AC
CEO
CEO
CEO
Yes
Yes
Yes
Remuneration committee
AC
AC
AC
AC
AC
AC
AC
AC
AC
AC
AC
AC
AC
AC
Yes
Yes
Yes
Yes
CEO
Remuneration committee
Remuneration committee
AC
Origin of capital
(L-Lithuanian; FForeign)
Functional reporting
line
AB !iauli" bankas
AB bankas Finasta
UAB Medicinos Bankas
AB Citadele bankas
AB Swedbank
AB SEB bankas
AB DNB bankas
30
AB !iauli" bankas is the only Lithuanian commercial bank that has a separate section for internal
audit function and their working principles, in their financial reports, which shows the significance
of internal audit department in the bank. The other banks do not stress the importance of this
function too much throughout the years 2008-2011:
In UAB Medicinos bankas, AB DNB bankas and AB bankas Finasta internal audit
function appears only in 3 short lines of the report, describing the function very briefly,
stating that the chief internal auditor discusses the assessment made with management and
then reports to the audit committee.
AB Citadele bank does not mention neither the audit committee nor the internal audit
function in their financial reports. However, the email-interviews revealed that the audit
committee approves almost everything for this function: audit plan, budget, charter, and
functions. The audit committee has one independent member and the others are from the
mother bank.
Both AB Swedbank and AB SEB bankas only start mentioning internal audit in their
financial reports of 2010. The audit committee defines internal audit responsibilities and
functions, approves the internal audit charter and approves the chief internal auditor, who
reports directly to the audit committee.
All banks have an in-house internal audit function, which according to Arena and Azzone (2007) is
the most common case in banks. These in-house departments mainly focus on operational audits:
reviews functioning of operational procedures and managements activities and there is a clear
functional reporting line to the audit committee, who approves internal audits annual plan.
However the administrative reporting line to the management differs among the banks. It is mainly
established through the budget approval, human resource administration and remuneration of chief
internal auditor.
Although the statute states that in all banks audit committees only give recommendations on
selecting chief internal auditor and approving internal audit departments budget, the interviews
revealed a somewhat different situation. As it is shown in table 3, in all Lithuanian-capital
commercial banks it is the CEO (hence, the management) who approves internal audits budget
this is in line with the suggested best practise from the Institute of Internal Auditors. In contrary, in
all foreign-capital commercial banks it is the audit committee who approves internal audits budget.
This refers to Abbotts et al. (2012) raised problem that even though there is an official oversight by
the audit committee, there is a variety in the nature of active oversight by the audit committee and
unofficial oversight by the management.
Both of these choices create possible threats for internal audits independence, which were
discussed by Christopher et al. (2009) and Abbott et al. (2010). When CEO approves the budget,
restrictions can result in reduced control activities CEO may be reluctant to approve additional
resources that do not generate immediate cost savings. On the other hand, when the audit committee
approves the budget, there is the threat that resources will be allocated solely on assurance
activities. Further research would be needed to find out the reasons for this distinction, but for this
study it is clear that there is a distinction, based on the origin of the capital.
31
32
CONCLUDING REMARKS
The need for improved controls is a very important issue in the public debate regarding corporate
governance in European listed firms, including Lithuanian commercial banks. Internal auditors are
expected to provide both assurance and consulting services and maintain their independence at the
same time. The valuable knowledge spill-over effect to the assurance role outweighs the potential
loss of independence, which can arise as a consequence of internal auditors involvement in
consulting activities. On the other hand objectivity impairments due to consulting activities may
undermine monitoring benefits that internal auditors provide.
The position that internal auditors are put in nowadays is very challenging and organizations handle
it differently. Therefore, the aim of the study was to find out how Lithuanian commercial banks
position the internal audit function within organizations in order to overcome the tension of
working together with management and keeping the distance at the same time to be able to assure
the board that the management is working in the best interest of the organization. And the research
question accordingly was: how is internal audit function in Lithuanian commercial banks
positioned in the organizational structure and is it considered as one of the cornerstones of
corporate governance?
Data analysis lead to the conclusion, that the internal audit function in Lithuanian commercial banks
is not considered as one of the cornerstones of corporate governance. This function only comes into
the picture of corporate governance through the audit committee as an assurance providing body,
but is not considered as one of the most important bodies within the organization. Internal audit
function has a clear functional reporting line to the audit committee that is set in the banks statute;
all internal audit departments are in-house and put their main focus on operational audits; all
interviewed chief internal auditors always attend audit committee meetings. The need for ensured
independence seems to drive internal audit function away from consulting activities. Even though
collected data did not show that, this could also be explained by the possible presence of other
parties providing consulting services to the organization. Given responsibility to the audit
committee to appoint and dismiss the chief internal auditor and to approve the annual audit plan
mitigates independence threats from the management. The composition of the audit committee
(having at least one financial expert in the committee) also mitigates independence threats from the
audit committee.
Furthermore, because the sample could have been divided into two groups of Lithuanian-capital and
foreign-capital commercial banks, it provided a ground to inspect any patterns, caused by the
differences in the origin of the capital. The only clear distinction concerning the origin of the capital
was witnessed in the approval of the budget: the CEO approves internal audit functions budget in
Lithuanian-capital banks and the audit committee in foreign-capital banks. However, this difference
can also be just a coincidence, because no other factors showed any distinction based on the origin
of the capital. There is no clear pattern or clear distinction between internal audit positioning in
foreign-capital and Lithuanian-capital banks.
33
34
REFERENCES
Abbott, L. J., Parker, S. and Peters, G. F. 2010. Serving Two Masters: The Association between
Audit Committee Internal Audit Oversight and Internal Audit Activities, Accounting
Horizons, vol. 24, no. 1, pp. 124.
Abbott, L. J., Parker, S. and Peters, G. F. 2012. Audit fee reductions form internal audit-provided
assistance: the incremental impact of internal audit characteristics, Contemporary
Accounting Research, vol. 29, no. 1, pp. 94-118.
AB bankas Finasta, Annual reports 2008-2011 and Statute, Vilnius.
AB Citadele bankas, Annual reports 2008-2011 and Statute, Vilnius.
AB DNB bankas, Annual reports 2008-2011 and Statute, Vilnius.
AB Swedbank, Annual reports 2008-2011 and Statute, Vilnius.
AB SEB bankas, Annual reports 2008-2011 and Statute, Vilnius.
AB !iauli" bankas, Annual reports 2008-2011 and Statute, Vilnius.
Ahlawat, S. S. and Lowe, D. J. 2004. An examination of internal auditor objectivity: In-house
versus outsourcing, Auditing: A Journal of Practice and Theory, vol. 23, no. 2, pp. 147-158.
Ali#, M. And Rusjan, B. 2009. Managerial relevance of internal audit: Business benefits of using
ISO 9000 internal audit as a managerial tool, The TQM Journal, vol. 23, no. 3, pp. 284-300.
Anderson, U. L., Christ, M. H., Johnstone, K. M. and Rittenberg, L. E. 2012. A Post-SOX
Examination of Factors Associated with the Size of Internal Audit Functions, Accounting
Horizons, vol. 26, no. 2, pp. 167-191.
Arel, B., Beaudoin, C. A. and Cianci, A. M. 2012. The impact of ethical leadership, the internal
audit function, and moral intensity on a financial reporting decision, Journal of Business
Ethics, vol. 109, pp. 351-366.
Arena, M. and Azzone, G. 2007. Internal Audit Departments: Adoption and Characteristics in
Italian Companies, International Journal of Auditing, vol. 11, no. 2, pp. 91-114.
Christopher, J., Sarens, G. and Leung, P. 2009. A critical analysis of the independence of the
internal audit function: evidence from Australia, Accounting, Auditing and Accountability
Journal, vol. 22, no. 2, pp. 200-220.
Christopher, J. 2012. The adoption of internal audit as a governance control mechanism in
Australian public universities views from the CEOs, Journal of Higher Education policy
and Management, vol. 34, no. 5, pp. 529-541.
Deloitte Lithuania, 2012. Internal Audit Survey: Lithuanian Top 30. Vilnius.
Garca, L. S., Barbadillo, E. R. and Prez, M.O. 2010. Audit committee and internal audit and the
quality of earnings: empirical evidence from Spanish companies, Journal of Management
and Governance, vol. 16, no. 2, pp. 305-331.
Glover, S. M., Prawitt, D. F. and Wood, D. A. 2008. Internal audit sourcing arrangement and the
external auditors reliance decision, Contemporary Accounting Research, vol. 25, no. 1, pp.
193213.
Gramling, A., Maletta, M., Schneider, A. and Church, B. 2004. Role of the internal audit function
in corporate governance: a synthesis of the extant internal auditing literature and directions
35
for future research, Journal of Accounting Literature, vol. 23, pp. 194-244.
Haron, M. S. B., Idiab, A. I. M. and Ahmad, S. B. H. 2012. Total quality management and its
relationship with the internal audit, Australian Journal of Basic and Applied Sciences, vol. 6,
no. 9, pp. 660-668.
Hjelm, C. L. and Schldstrm, K. 2012. In personal communication April 10, 2012.
HM Treasury. 2010. Good Practice Guidance: the consultancy role of internal audit. London.
Holt, T. P. 2012. The effects of internal audit role and reporting relationships on investor
perceptions of disclosure credibility, Managerial Auditing Journal, vol. 27, no. 9, pp. 878898.
Lakis, V. 2002. Audito raida Lietuvoje ir sistemos k!rimo problemos, Ekonomika: Mokslo
darbai, no. 58, pp. 106-210.
Lee, T. A., Clarke, F. and Dean, G. 2008. The dominant senior manager and the reasonably
careful, skillful and cautious auditor, Critical Perspectives on Accounting, vol.19, pp. 677711.
Limmroth, S. P. 2012. Internal audit and compliance as a combined function: lessons learned,
Journal of Health Care Compliance, vol. 15, no. 9, pp. 27-32.
Lithuanian Ministry of Financa. Law of the Republic of Lithuania on Audit. 3 July, 2008 No X-1676.
Mackevi"ius, J. 2002. Vidaus auditas: nauji aspektai ir tendencijos, Apskaitos, audito ir mokes!i"
aktualijos, no. 6, pp. 14-15.
Mahzan, N., Zulkifli, N, and Umor, S. 2012. Role and Authority: An Empirical Study on Internal
Auditors in Malaysia, Asian Journal of Business and Accounting, vol. 5, no. 2, pp. 69-98.
Makara, J. and Palubinskien#, S. 2005. Vidaus audito atsiradimo problemos Lietuvos $mon#se,
Jaun"j" Mokslinink" Darbai, vol. 1, no. 5, pp. 137-143.
Maxwell, J. A. 2008. Designing a Qualitative Study, in Bickman, L. and Rog, D. J. Applied
Social Research Methods (2nd edition). London: SAGE Publications, pp. 214-253.
Norman, C., Strand, R. and Rose, J. M. 2010. Internal audit reporting lines, fraud risk
decomposition, and assessments of fraud risk, Accounting, Organizations and Society, vol.
35, pp. 546-557.
Norman, C. S., Rose, J. M. and Seon Suh, I. 2011. The effects of disclosure type and audit
committee expertise on chief audit executives tolerance for material misstatements,
Accounting, Organizations and Society, vol. 36, pp 102-108.
Pedersen, T. 2011. Role of audit committees, Annual conference of the IIA Lithuania. Retrieved 2
March, 2013 from www.theiia.org.
Peursem, K. A. 2005. Conversations with internal auditors. The power of ambiguity, Managerial
Auditing Journal, vol. 20, no. 5, pp. 489-512.
Regoliosi, C. and dEri, A. 2012. Good corporate governance and the quality of internal auditing
departments in Italian listed firms. An exploratory investigation in Italian listed firms,
Journal of Management and Governance, December 2012.
Rup%ys, R. and Boguslauskas, V. 2007. Measuring performance of internal auditing: Empirical
evidence, Engineering Economics, vol. 5, no. 55, pp. 9-15.
36
37