Internal audit, alternative internal audit structures and the level of misappropriation of assets fraud


  • doi: 10.1111/j.1467-629x.2007.00247.x

  • We thank Katherine Geddes for her invaluable research assistance on this project. Thanks also to Jean Bédard, Allen Craswell, Jere Francis, Carl Hollingsworth, Nava Subramaniam, David Wood, Gang Wu, and participants at the 2006 International Symposium on Audit Research Conference, the 2007 American Accounting Association Auditing Mid-year Meeting, and the 2006 Accounting and Finance Association of Australia and New Zealand Conference. We are also grateful for the financial support of the Faculty of Economics and Commerce at the University of Melbourne and an Australian Research Council Linkage grant. Finally, and importantly, thanks to the organizations who replied to our survey and to KPMG for providing access to its data on fraud.


In recent years, the importance of good corporate governance has received significant public and regulatory attention. A crucial part of an entity's corporate governance is its internal audit function. At the same time, there has been significant public concern about the level of fraud within organizations. The purpose of this study is to assess whether organizations with an internal audit function are more likely to detect and self-report fraud than those without. In this study, we use a unique self-reported measure of misappropriation of assets fraud for the first time. The fraud data are from the 2004 KPMG Fraud Survey, which reported fraud from 491 organizations in the private and public sector across Australia and New Zealand. The internal audit data are from a separate mail survey sent to the respondents of the KPMG Fraud Survey. We find that organizations with an internal audit function are more likely than those without such a function to detect and self-report fraud. Furthermore, organizations that rely solely on outsourcing for their internal audit function are less likely to detect and self-report fraud than those that undertake at least part of their internal audit function themselves. These findings suggest that internal audit adds value through improving the control and monitoring environment within organizations to detect and self-report fraud. These results also suggest that keeping the internal audit function within the organization is more effective than completely outsourcing that function.