INTERNAL AUDIT FUNCTION CHARACTERISTICS AND THE QUALITY OF INTERNAL CONTROL SYSTEMS: MODERATING THE EFFECT OF ENTERPRISE RESOURCE PLANNING SYSTEM MATURITY

Hani Shaiti¹⁺--- Yahya Al-Matari²

^1,2Accounting Department, School of Business, King Faisal University, Kingdom of Saudi Arabia.

Keywords:Internal audit function, internal control quality, ERPs, Saudi Arabia.

JEL Classification: M00, L86.

ARTICLE HISTORY: Received:: 29 June 2020, Revised:4 August 2020, Accepted:7 September 2020, Published:21 September 2020

Contribution/ Originality: This study is one of very few studies to investigate the impact of the internal audit function (independence and competence) on ICSQ in SMEs, as well as assessing the moderating effect of ERP maturity on this relationship.

1. INTRODUCTION

Recently, fraudulent financial reporting and an increasing number of financial scandals have heightened consideration of the requirement for viable corporate governance among researchers and academics (Endaya & Hanefah, 2016; Khlif & Samaha, 2014; Oussii & Boulila, 2018; Sultana, Singh, & Van Der Zahn, 2015). Therefore, regulators and researchers have increasingly advanced the essential task of applying internal controls to ensure the dependability of financial reporting processes (Bedard & Graham, 2011; Khlif & Samaha, 2016; Lin, Wang, Chiou, & Huang, 2014; Salehi & Bahrami, 2017). As indicated by Krishnan (2005), a compelling internal control system (ICS) represents a significant factor in accomplishing high-quality budgeting.
ICSs are procedures and policies implemented by top-level managerial and administration staff and other employees. They are intended to offer a practical affirmation of the accomplishment of objectives with regard to the viability and effectiveness of procedures, the productivity of financial detailing, and the consistency of pertinent laws and guidelines (COSO, 2011). An internal audit intends to improve firm performance by assessing risk management and internal controls (Ndimitu, Mwangi, Kisaka, & Mwangi, 2018; Unegbu & Kida, 2011).

Although it is still perceived that the management of a company is ultimately responsible for maintaining an organization's ICS, the job of internal auditors is to help management discharge these obligations (Institute of Internal Auditors (IIA), 2017).

Studies testing the relationship between a company’s IAF attributes and ICSs are often limited to SMEs, even though IAFs play a vital role in overseeing internal control processes (Al-Matari, Mohammed, & Al-Matari, 2017; Oussii & Boulila, 2018). Fadzil, Haron, and Jantan (2005) and Lin, Pizzini, Vargus, and Bardhan (2011) confirmed that IAF activities and practices are negatively influenced by the disclosure of weaknesses in a company’s internal controls. On the other hand, studies carried out by Chang, Chen, Cheng, and Chi (2019) and Oussii and Boulila (2018) found that, altogether, internal control quality is decidedly connected with IAF.

This study focuses on Saudi SMEs as an emerging market for several pertinent reasons. Principally, many of the previous research studies on ICS have focused on developed economies. As a result, emerging countries and semi-developed countries, such as the Arab nations, are overlooked, especially Saudi Arabia.

SMEs play a significant role in the Gulf Cooperation Council (GCC) region, including Saudi Arabia. The Board of Directors of the General Authority for SMEs in Saudi Arabia identifies an SME as a business with fewer than 250 employees and a revenue below US$53 million (The General Authority for Small & Medium Enterprises, 2016). Like other countries, Saudi SMEs face difficulties in their operations due to the nature of their ownership, which are predominantly family entities that are managed and controlled by the owners (Zureigat, 2014). However, Saudi SMEs face further issues in areas such as financing, independency and business environments. Moreover, inadequate management, low skill levels, and underdeveloped information systems are other issues that pose a challenge for Saudi SMEs (Sadi & Henderson, 2011; Zureigat, 2014). These challenges require a robust system that can integrate the company’s functions and improve the skills of management employees, such as ERP systems.

ERP systems are commercial software packages that provide cross-organization integration through entrenched business processes; in general, ERPs consist of several modules, such as finance, operations and logistics, procurement, human resources, sales, and marketing (O'Leary, 2000). In addition to the general benefits of ERP systems on an organization, they can also improve an organization's ICS. ERPs provide managers with direct and easy access, as well as supporting the control of user access and facilitating the separation of duties (Turner & Owhoso, 2009). They provide timely and complete information, especially for the purpose of making managerial decisions (Huang, Hsieh, Tsao, & Hsu, 2008). As a result, ERPs can moderate the relationship between IAF characteristics and ICSs.

The rest of this study is organized as follows: Section 2 describes the foundations of the internal audit and internal control guidelines in Saudi Arabia; Section 3 focuses on related literature and the research hypotheses; Section 4 presents the research methodology; Section 5 covers the fundamental observational outcomes; and the conclusions and future research directions are discussed in Section 6.

2. INTERNAL AUDITS AND INTERNAL CONTROL SYSTEM REGULATIONS IN SAUDI ARABIA

It is essential to comprehend the institutional foundations and regulatory prerequisites of Saudi Arabia, the country of origin of the unique dataset in the present study. Analysts should be presented with the regulatory conditions in Saudi Arabia, and the subtleties of the applicable ICSs and internal audit requirements in Saudi Arabia should be outlined.

Currently, the Saudi Capital Market Authority (CMA) plays a vital role in creating and managing the Saudi Stock Exchange by issuing essential guidelines and instructions to enable organizations to improve their performance. Additionally, certifying financial specialists is one of the most significant tasks for the authority, which prompts the production of safety and security in the Saudi market. Nevertheless, countless investors view this role as negative, especially during the recent financial crisis in the Saudi market, which raises the issue of its capacity to protect investors and restrict illegal activities.

As a result of the many endeavors over the last 30 years to professionalize the IAF, the Council of Ministers set a goal to develop the Saudi Organization for Certified Public Accountants (SOCPA) (2011). This came as an outcome of Resolution No 235 (2004), which required all organizations to build an IAF. In addition, the subsequent Resolution No 129 (2007) included additional direction and resolved certain issues, including: the necessity and aims of internal audits, the enrolment of the head of internal auditing and auditing staff, the duties of the head of internal auditing, the extent of the work, internal audit reports, relationships between different gatherings, and the adherence to proficient empirical principles. Article 75 of the CMA presents the duties of the internal audit unit, the department of the ICS unit, office surveys, and the screening of the execution of the ICS, which confirm that the company and its representatives agree to relevant laws, guidelines and directions, as well as the company's policies and procedures.

The requirement of companies to establish internal procedures and controls is set out in the CMA. Article 73 describes the board’s responsibility to survey the policies and procedures relating to risk management, the usage of arrangements with regard to the company's governance guidelines endorsed by the company, and compliance with important laws and guidelines. Further details are found in Article 74, which states that companies should build units or divisions for appraisals, the management of risk, and internal auditing; it also states that companies should utilize external entities to perform the duties and competencies of units or branches with regard to risk evaluation, management, and internal controls.

3. LITERATURE REVIEW

3.1. Internal Audit Independence and Objectivity

An internal audit features a standard of 1100 proposals: "Internal audit action must be independent, and internal auditors must be objective in playing out their work" (IIA, 2017, p. 3). An internal auditor’s objectivity implies that "they should have a fair, fair-minded frame of mind, and maintain a strategic distance from any irreconcilable circumstance" (IIA, 2017). Earlier research demonstrates that the IAF’s authoritative status, represented by the detailing lines of the IAFs, is one of the most fundamental elements that affects external auditors’ reliance and decisions about internal controls (Bame-Aldred, Brandon, Messier, Rittenberg, & Stefaniak, 2013; Desai, Roberts, & Srivastava, 2010; Gray & Hunton, 2011). As indicated by Soh and Martinov-Bennie (2011), instructive lines for the IAF to the audit panel "are seen to be vital in adding to IAF adequacy by guaranteeing autonomy and objectivity". Goodwin and Yeo (2001) have reported that the audit committee's inclusion in the arrangement or evacuation of the Chief Audit Executive (CAE) ought to urge internal auditors to carry out their work without bias, thereby prompting a higher quality of internal control. In Malaysia, Fadzil et al. (2005) researched the relationship between the IAF’s conformity with internal audit models and the quality of internal control. Their findings demonstrated that internal auditors' objectivity profoundly influences the quality of the internal control system. Furthermore, the study demonstrates that, essentially, the administration of IAFs, the execution of the auditing work, the audit programming, and the audit revealing impact the risk appraisal aspect of the ICS. Lin. et al. (2011) stated that "a goal IAF is less inclined to be impacted by the management in assessing controls and announcing internal control issues to the audit committee group."

Similarly, Bedard and Graham (2011) found that auditors could better identify extreme internal control shortcomings if they reported straight to the audit panel, instead of the senior administration. Pizzini, Lin, and Ziegenfuss (2015) found that a relationship between the CAE and the audit committee correlates to a decrease in the auditing report lag, as it helps members of the senior administration to maintain robust arrangements in terms of internal control over financial reporting. In light of this, we anticipate that internal audit independence and objectivity will emphatically influence the ICSQ. In light of these assertions, our hypothesis is as follows:

H1. There is a positive association between internal audit independence, objectivity, and internal control quality.

3.2. Internal Audit Competence

The competence of the internal auditor primarily alludes to the auditor's capacity to perform actions correctly and as per proficient principles (International Auditing and Assurance Standards Board (IAASB), 2012). The IIA describes ability as "the limit of an individual to play out an occupation or errand properly, being a ton of described learning, aptitudes and direct" (IIA, 2017). Standard 1200 stipulates that internal auditors must have the knowledge, aptitude, and capabilities expected to carry out their individual obligations. Collectively, the internal audit activity must have or must acquire the knowledge, abilities and skills needed to fulfill its obligations (IIA, 2017).

In support of the IIA's case, earlier studies found that the skills of internal auditors add to the viability of the IAF and the quality of finance-related revealing (Al-Twaijry, Brierley, & Gwilliam, 2003; Alzeban & Gwilliam, 2014; Lin. et al., 2011; Prawitt, Smith, & Wood, 2009). Moreover, several investigations perceived the strength of the internal auditors as a basic component in terms of improving the organization’s activities (Ali & Owais, 2013; Mihret & Woldeyohannis, 2008) or adding to the viability of the organization as a whole (Dittenhofer, 2001).

Additionally, the International Standard on Auditing (ISA) 610 states that, when deciding whether the work of the IAF is going to be sufficient in terms of the motivation behind the audit, external auditors consider multiple variables, including the particular competence of the internal auditors. In line with this thinking, earlier scholastic studies generally concluded that internal auditors require competencies and training (Albrecht, Howe, Schueler, & Stocks, 1988; Arena & Azzone, 2009; Maletta, 1993; Mihret, James, & Mula, 2010; Rittenberg & Anderson, 2006; Schneider, 2003; Soh & Martinov-Bennie, 2011). For example, Rittenberg and Anderson (2006) highlighted involvement and affirmation as the most significant characteristics of a certified internal auditor.

In Malaysia, Fadzil et al. (2005) found that internal auditors’ expert capabilities fundamentally influence the examining element of the ICS. Consistent with this finding, Suwaidan and Qasim (2010) announced that external auditors in Jordan regard the objectivity, skills, and execution of internal auditors as significant variables that may affect their decisions with regard to IAF work.

Through an analysis of 782 US CAEs in the CBOK (2006) database, Sarens, Abdolmohammadi, and Lenz (2012) found a positive relationship between the active work of the IAF in corporate governance and CAE experience and capability. Lin. et al. (2011) examined the role of the IAF through the disclosure of certain deficiencies in its internal controls. These results have demonstrated that such deficiencies are adversely correlated to the training level of the internal auditors.

Recently, Pizzini et al. (2015) found that the negative connection between IAF quality and audit postponement is determined by the aptitude of the internal audit staff. It is expected that internal auditors’ specialized capabilities will improve the quality of IAF and, therefore, will lower the likelihood of serious ICS inadequacies. In essence, there is a correlation between IAF competence and ICSQ. Thus, it is hypothesized that:
H2: There is a positive association between IAF competence and ICSQ.

3.3. ERP System

Internal control scholars argue that the implementation of sophisticated IT is a necessary procedure to enhance the quality of ICS (Huang et al., 2008; Rikhardsson, Best, & Juhl-Christensen, 2006). ERP systems can provide the ICS with tools for gathering, examining and reporting information (Kumar, Pollanen, & Maheshwari, 2008). Huang et al. (2008) developed an ICS framework based on five components of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the Control Objectives for Information and related Technology (COBIT) objective related to certain IT processes as factors within the framework. They implemented the Delphi expert questioner to establish the ICS  factors for organizations that use ERP systems. From a sample of 123 businesses, they found that the most significant ICS factors are the “establishment of IT organization and their relation under the Control Environment dimension” (p. 102). Furthermore, Valipour, Moradi, and Fatheh (2012) implemented a case study confirming the fact that the implementation of ERP systems affects all COSO ICS  components.

There are different stages of the implementation process of the ERP system, ranging from the primary analysis of the implementation to the completed adoption and maturity of the system’s functions (Holland & Light, 2001). Mahmood and Becker (1985) found that the ICS organization maturity is significantly related to user satisfaction. They suggested that future studies could examine the extent of the relationship and the ways in which maturity is related to other measurements of success. ERP systems have tools that can enhance both IAF (competences and independence) and ICS. Therefore, we have drawn on these arguments to propose the following hypotheses:

H3: The maturity of ERPs has a significant influence on the relationship between IAF competences and the quality of ICS.
H4: The maturity of ERPs has a significant influence on the relationship between IAF independence and the quality of ICS.

Figure 1 presents the study’s theoretical framework, which displays the relationship between the variables.

Figure 1. Theoretical framework Notes: ERP maturity is the moderation variable.

4. RESEARCH METHODOLOGY

4.1. Research Instruments

4.1.1. The Dependent Variable

The dependent variable is the quality of the ICSQ, which is a mechanism that can be used to provide reasonable assurance with regard to the achievement of business objectives. The ICSQ was measured on a five-point Likert scale ranging from one (strongly disagree) to five (strongly agree), covering the five components of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). According to COSO (2011), what determines whether a particular ICS is “effective” or not is whether it can be a subjected to the presence and functioning of the framework’s components. Thus, a total of 17 indicators were used in this study, as illustrated in Table 3. These indicators have predominantly been implemented from the COSO (1992) framework and several other studies, such as those by Beasley, Clune, and Hermanson (2005) and Amudo and Inanga (2009).

4.1.2. The Independent Variables

The first independent variable is the independence and objectivity of the internal audit, which is measured on a five-point Likert scale ranging from one (strongly disagree) to five (strongly agree) and covering four items according to Cohen & Sayag, 2010), Drogalas, Alampourtsidis, and Koutoupis (2015), and Alzeban and Gwilliam (2014). More specifically, the measurement of independence is based on the internal audit’s report, the unrestricted access of internal auditors, and the participation of internal audits in the development of a company’s processes. As mentioned above, these items are in line with Standard 1100 of the International Professional Practices Framework (IPPF), entitled “Independence and Objectivity”.

The second independent variable is the competence of the internal audit team, which is also measured using a five-point Likert scale ranging from one (strongly disagree) to five (strongly agree) and covering four items. These items were derived from the studies of Drogalas et al. (2015), Al-Twaijry et al. (2003), Mousa (2005), Bota-Avram and Palfi (2009), Mihret et al. (2010), and Alzeban and Gwilliam (2014). These items are in line with the Standard 1200 of the IPPF.

The third independent variable is the ERP’s maturity, which is measured by the implementation stage of the ERP system. These stages of maturity have been categorized into three levels: between less than a year and two years, between three years and eight years, and more than nine years.

4.2. Sample Design and Data Collection

In the present study, a questionnaire was used to examine the relationship between IAF characteristics and ICSQ. SMEs with implemented ERP systems that are located in Saudi Arabia were the sample of this research. As there is no existing database for ERP systems in Saudi Arabia, a number of sources were used in this study, including previous experimental studies, websites, and contacting companies directly. The surveys were sent to CAEs (Abbott, Parker, & Peters, 2010; Carcello, Hermanson, & Raghunandan, 2005; Mat, Subramaniam, & Stewart, 2006; Oussii & Boulila, 2018; Pizzini et al., 2015; Prawitt et al., 2009), and follow-up mailings and phone calls were carried out, with the aim of increasing the response rate.

In total, 203 questionnaires were distributed, and 109 questionnaires were received. After discarding the incomplete questionnaires, 98 questionnaires were deemed fit for further analysis. According to Saunders, Lewis, and Thornhill (2009), “a response rate of approximately 35 per cent is reasonable […] for most academic studies that involve top management or organizations' representatives.”

Responses	First Requests	Second and Final Requests	Total
Usable Responses	52	46	98
Non-ERP Responses	5	2	7
Incomplete Responses	3	1	4
Total Number of Samples			203
Response Rate*			48%

Note: *The total number of responses/total number of the study sample (0.48= 98/203).

A response rate of 52% is acceptable because the organizations’ representatives were managers, directors of the internal audit department, or directors of the accounting department. Table 1 provides a demographic profile of the respondents.

4.3. Model

To test the empirical validity of our hypotheses, we estimated a balanced panel data model using the following regression analysis:

ICSQ = β0 + β 1 INDEP+ β 2 COMPET+ β 3 CHART+ β 4 ROA + β 5 ERP +Ɛ

The variables are defined below:

ICSQ = Quality of internal control system.
INDEP = Independence and objectivity of internal audit.
COMPET = Competence of internal auditors.
CHART = Internal audit charters.
ROA = Return on assets.
ERP = Enterprise Resource Planning system.

Characteristics		N	N%
Qualifications	High School	9	9%
and Background	Bachelor’s degree	68	69%
	Master’s degree	20	20%
	PhD	1	1%
Scientific Specialism	Degree in Accounting and Finance	86	88%
	Degree in Business Management	3	3%
	Degree or training in IS	5	5%
	Degree or training for RM	0	0%
	others	4	4%
Position	Director of accounting department	28	29%
	Director of internal audit department	32	33%
	Internal auditor	26	27%
	Assistant auditor	3	3%
	other	9	9%
ERP system	SAP	33	34%
	Oracle	45	46%
	PeopleSoft	1	1%
	Other	19	19%

5. DATA ANALYSIS AND FINDINGS

During the first stage of the research, the study used SPSS version 20 to process descriptive statistics and conduct a reliability analysis of the companies, as well as to assess the demographic characteristics of the sample and the internal consistencies of the constructs (Table 2). During the second stage of the research, PLS-SEM was adopted in order to assess the measurement error and test the relationships between the study’s constructs (Lee, Petter, Fayard, & Robinson, 2011). Two models of PLS-SEM were assessed (Hair., Sarstedt, Ringle, & Mena, 2012); the first was the measurement model, which identifies and assesses the latent variables at the level of observation. It also assesses reliability, e.g. internal consistency reliability, and validity, e.g. convergent and discriminate validity. The second model was the structure model, which tests the relationship between latent variables at a theoretical level (Hair. et al., 2012).

5.1. Measurement Model

For this study, the measurement model was evaluated for construct dimensionality, reliability and convergent validity. According to Hair, Anderson, Black, Babin, and CBlack (2010), the term “unidimensional” means that the measured factors are strongly associated with each other and represent a particular construct. The loading of the latent variables for the study’s constructs were checked, including the second order latent variables for internal control quality. All loadings were higher than the value recommended by Hair et al. (2012), except for two factors, which were removed. Therefore, the results confirmed the unidimensional nature of the study's constructs. In addition, the Cronbach’s alpha and composite reliability were calculated for each component in order to assess the consistency of its multiple-measures (Hair et al., 2010) . Table 3 presents the fact that all figures exceed the recommended value of 0.7 (Hair et al., 2010) .

In order to assess the convergent validity, the average variance extracted (AVE) was calculated, which reflects the overall amount of variance in the indicators, which is accounted for by the latent construct. Table 3 presents the fact that all figures exceed the recommended value of 0.5 (Hair, Hult, Ringle, & Sarstedt, 2013).

Variable	Constructs	Items	*Lading	**AVE	CA	CR
	Competence	IAs have an understanding of the nature of the company’s function. IAs have knowledge and experience in the industry to which the company belongs. IAs can identify areas of potential risk in the company. Others cannot influence internal auditors on audit matters.	0.935 0.830 0.791 0.864	0.733	0.917	0.916
	Independence	The IAs ensure all conflicts of interest are avoided. The results of the work of the IAs are reviewed prior to the issuance of the reports, in order to obtain reasonable assurance that the performance of the work has been performed objectively. The IAs do not accept any valuable gifts or services from any employee, client, supplier or co-worker.	0.867 0.914   0.780	0.732	0.890	0.891
	ERP maturity	Number of years the ERP system has been in place.	1	1	1	1
Quality of IC	Internal environment	Our entity has established responsibility for all board members. Our entity specifically identifies its risk. Our entity promotes professional ethics and values, as well as a code of conduct for every job.	0.765 0.788 0.861	0.835	0.942	0.965
	Risk assessment	Our entity analyses every risk. Our entity has a professional risk assessment technique. Our entity assesses the probability of every risk independently. Our entity assesses the cost impact of every risk independently.	0.909 0.877 0.870 0.888
	Control activities	Our entity regularly runs physical inspections of our entity’s resources and assets. Our entity’s managers continue to run functions to review performance reports. Our entity has a variety of control activities to check the accuracy, completeness, and authorization of transactions. Our entity uses IT controls.	0.821 0.892 0.853 0.853
	Information and communication	Our ICS effectively provides information to appropriate personnel so that they can carry out their responsibilities. Our ICS effectively communicates information in a timely manner. Our ICS has effective communication in a broad sense.	0.872 0.883 0.841
	Monitoring	Our ICS is thoroughly monitored. Our entity ensures that monitoring is accomplished through ongoing activities and evaluations. Our entity modifies the process of our ICS when necessary.	0.915 0.863 0.800

Notes: * The recommended value is 0.7 ** The recommended value is 0.5.

The next step was to assess the discriminant validity, in order to clarify whether each construct measure was sufficiently distinct from other construct measures (Hair et al., 2010). Two techniques can be used to measure discriminant validity: the Fornell-Larcker’s technique and the cross-loading technique. This study used the Fornell and Larcker (1981) technique. This method compares the AVE of each construct to the square of the coefficient of the correlation between the construct and any other construct; the AVE should be larger, which indicates an acceptable discriminant validity (Croteau & Bergeron, 2001). Table 4 presents the discriminant validity of the study’s constructs. The square root of the AVE of the study’s constructs are higher than the correlation between constructs in the same row or column. Thus, all constructs have an acceptable level of discriminant validity.

Constructs	Competence	Independence	ERP Maturity	Quality of Internal Control
Competence	.894
Independence	.873	.882
ERP Maturity	.023	.063	1
Quality of Internal Control	.753	.735	.139	.932

Note: The AVE of the study constructs are presented in Table 3.

Second-order constructs	First-order constructs	Weight	T-Value
Quality of ICS	Internal Environment	0.929	22.129**
	Risk Assessment	0.892	22.060**
	Control Activities	0.915	30.691**
	Information and Communication	0.828	19.840**
	Monitoring	0.937	23.297**

Notes: Critical t-values. **2.58 (P < 0.01).

Table 5 shows the weights of the first order latent variables on the designated second order latent variables, which indicates the fact that the ICSQ is a second-order latent variable with five significant first-latent variables, including internal environment, risk assessment, control activity, information and communication, and monitoring.

5.2. Structural Model

After evaluating the measurement model in the previous section and providing evidence regarding the reliability and validity of the constructs’ measures, the next step was to evaluate the structural model. According to Chin (2010), the structural model can be assessed using the R² (the coefficient of determination), beta, Q² (predictive relevance) and f-square (the effect sizes). In addition, re-sampling methods (bootstrapping with a re-sample of 1000) can be used to test the significance of the path coefficient estimates.

The R² of the dependent construct is a predictive power used to evaluate the structural model; it is normally the first value that researchers examine (Chin, 2010). The R² value in the partial least squares (PLS) symbolizes the proportion of the total variance of a construct explained by the model (Hair. et al., 2012). For the current study, the value of R² of the dependent construct (ICSQ) is 0.646 (See Figure 2), which means that the independence and competence of the internal audit explains 64.6% of the variance in the ICSQ. Compared to other studies in the accounting field, such as studies by Chenhall (2005), Hartmann (2005), and Naranjo-Gil & Hartmann (2006), this R² value falls within an acceptable range.

In addition, in order to assess the significance of the path coefficients, the t-statistics for each coefficient can be used as a basis for testing the proposed relationship between constructs. In order to report the significance of the path coefficients in PLS-SEM, non-parametric techniques of re-sampling should be used (Barroso, Carrión, & Roldán, 2010). The current study used bootstrapping in order to uncover that the independence of the internal audit positively and significantly affected the ICSQ (β = 0.300; p < 0.01). Moreover, the competence of the internal audit positively and significantly affected the ICSQ (β = 0.511; p < 0.01). Thus, H1 and H2 are both supported (see Table 6 ).

Hypotheses	Beta	T-Value	Decision	F-Square
H1.Competence à ICSQ	0.511	3.821	Sig.	0.07
H2.Independence à ICSQ	0.300	2.675	Sig.	0.054
H3.Competence x ERPs maturity à ICSQ	-0.25	1.904	Sig	0.036
H4. Independence x ERPs maturity àICSQ	0.08	0.547	Non-Sig	0.003
R2					0.646
Q2					0.469

Notes: Critical t-values: *1.645 (P<0.1);**2.58 (P < 0.01).

As well as looking at the coefficient of the determination (R²) technique to assess the structure model, other techniques, such as effect sizes (f²) and predictive relevance (Q²), may also be considered (Chin, 2010). Although the p value shows the significance of the relationships, it does not show the extent of an effect, which means that the interpretation of the data and, consequently, the results, are incomplete. Therefore, both the substantive significance (f²) and statistical significance (p) have to be reported. According to Cohen’s (1988) guidelines, the f² value of 0.02, 0.15, and 0.35 suggest small, medium, and large effects, respectively. Table 6 presents the fact that all the relationships had a small effect. In addition, the Q² technique can also be used to assess the structural model (Chin, 2010). Based on the blindfolding procedure, Q² can assess the model’s predictive capability by using SmartPLS. In this study, Q² was calculated using cross-validated redundancy procedures. In general, a Q² greater than zero means that the model has predictive relevance, whereas a Q² less than zero means that the model lacks predictive relevance. Table 6 shows the positive Q² results for ICSQ, which indicate an acceptable predictive relevance.

Figure 2. Model of the structure Notes: Critical t-values. *1.645 (P<0.1);**2.58 (P < 0.01).

5.3. Moderation Analysis

This study hypothesized that the maturity of the ERP system will have a moderating effect on the relationship between IAFs (independence and competence) and ICSQ. The moderation analysis was assessed by applying the PLS product-indicator approach. As stated by  Chin, Marcolin, and Newsted (2003) , the PLS approach can provide a more accurate estimation by calculating the error that reduces estimated relationships and improves the validation of theories. To test the possibility of the moderating effect, the IAFs (independence and competence) as predictors and the ERP’s maturity as moderator were multiplied, in order to create an interaction construct (IA independence x ERP maturity & IA competence x ERP maturity) and predict ICSQ. As Table 6 shows, the estimated standardized path coefficients for the effect of the IA competence x ERP maturity on ICSQ (β = -0.25; p < 0.1) was negatively significant, whereas the IA independence x moderator on ICSQ (β = 0.080; p < 0.1) were non-significant. This indicates that, that even with internal auditors with low capabilities, the ICSQ will be high if the company’s ERP is mature, as shown in Figure 3. However, ERP maturity does not moderate the relationship between independence and ICSQ. Therefore, H3 is validated and H4 is not validated.

Figure 3. Moderator effect Note: ERP maturity is the moderator variable

6. DISCUSSION AND CONCLUSION

This study examined the influence of IAFs and the ICSQ. A regression analysis was carried out in order to test the hypothesized relationships between the study’s variables. Based on results shown in Table 6, the f-value is significant and the adjusted R² is 65%.

The internal audit independence (INDEP) is significantly related to the ICSQ (β = 0.300, t =2.675, p <0.1); hence, hypothesis one is supported. This result is in contrast with the findings of Fadzil et al. (2005), which found an insignificant relationship between internal audit INDEP and ICSQ.

Internal audit competence (COMPET) was also found to be significantly associated with the ICSQ (β = 0.511, t =3.821, p <0.1); hence, hypothesis two is supported. This result is consistent with the suggestions provided in prior empirical studies (Lin. et al., 2011; Oussii & Boulila, 2018).

The findings show that the variables of the IAFs significantly influence the ICSQ. Specifically, internal audit COMPET has been found to be the most significant variable that influences the ICSQ, followed by the internal audit INDEP.

Our findings also show the importance of the ERP system in enhancing the relationship between IAF COMPET and ICSQ. Based on the researcher’s knowledge, no study has investigated the role of ERP maturity as a moderator for the relationship between IAF COMPET and ICSQ. In addition, this study makes a methodological contribution to the literature by using a PLS-SEM technique to analyze the proposed model.

This study emphasizes the important role of the internal audit as an effective mechanism of corporate governance, as it demonstrates the fact that IAF competence and independence are important aspects of corporate governance that lead to ICSQ. Therefore, it is possible to suggest that regulators in Saudi Arabia should focus more on these aspects when conducting their observations. Similar to all other studies, this study is not without its limitations, as it only deals with two characteristics of internal audits and one moderator. Future studies may include other factors that may reveal further insights.

Funding: The authors acknowledge the Deanship of scientific Research at King Faisal University for the financial support under Nasher Track (Grant No. 186001).

Competing Interests: The authors declare that they have no competing interests.

Acknowledgement: Both authors contributed equally to the conception and design of the study.

REFERENCES

Abbott, L. J., Parker, S., & Peters, G. F. (2010). Serving two masters: The association between audit committee internal audit oversight and internal audit activities. Accounting Horizons, 24(1), 1-24. Available at: https://doi.org/10.2308/acch.2010.24.1.1 .

Al-Matari, Y. A., Mohammed, S. A. S., & Al-Matari, E. M. (2017). Audit committee activities and the internal control system of commercial banks operating in Yemen. International Review of Management and Marketing, 7(1), 191-196.

Al-Twaijry, A. A., Brierley, J. A., & Gwilliam, D. R. (2003). The development of internal audit in Saudi Arabia: An institutional theory perspective. Critical Perspectives on Accounting, 14(5), 507-531. Available at: https://doi.org/10.1016/s1045-2354(02)00158-2 .

Albrecht, W. S., Howe, K. R., Schueler, D. R., & Stocks, K. D. (1988). Evaluating the effectiveness of internal audit departments. Altamonte Springs: Institute of Internal Auditors, FL.

Ali, O. A., & Owais, W. O. (2013). Internal auditors’ intellectual (knowledge) dimension in creating value for company’s empirical study of Jordanian industrial public shareholding companies. International Business Research, 6(1), 118-129. Available at: https://doi.org/10.5539/ibr.v6n1p118 .

Alzeban, A., & Gwilliam, D. (2014). Factors affecting the internal audit effectiveness: A survey of the Saudi public sector. Journal of International Accounting, Auditing and Taxation, 23(2), 74-86. Available at: https://doi.org/10.1016/j.intaccaudtax.2014.06.001 .

Amudo, A., & Inanga, E. L. (2009). Evaluation of internal control systems: A case study from Uganda. International Research Journal of Finance and Economics, 27(1), 124-144.

Arena, M., & Azzone, G. (2009). Identifying organizational drivers of internal audit effectiveness. International Journal of Auditing, 13(1), 43-60. Available at: https://doi.org/10.1111/j.1099-1123.2008.00392.x .

Bame-Aldred, C. W., Brandon, D. M., Messier, W. F., Rittenberg, L. E., & Stefaniak, C. M. (2013). A summary of research on external auditor reliance on the internal audit function. Auditing: A Journal of Practice, 32(Supplement 1), 251-286.

Barroso, C., Carrión, G. C., & Roldán, J. L. (2010). Applying maximum likelihood and pls on different sample sizes: Studies on servqual model and employee behavior model. In: Vinzi, V. E., Chin, W. W., Henseler, J. & Wang, H. (Eds.), Handbook of Partial Least Squares, Concepts, Methods and Applications. Berlin: Springer.

Beasley, M. S., Clune, R., & Hermanson, D. R. (2005). Enterprise risk management: An empirical analysis of factors associated with the extent of implementation. Journal of Accounting and Public Policy, 24(6), 521-531. Available at: https://doi.org/10.1016/j.jaccpubpol.2005.10.001 .

Bedard, J. C., & Graham, L. (2011). Detection and severity classifications of Sarbanes-Oxley Section 404 internal control deficiencies. The Accounting Review, 86(3), 825-855. Available at: https://doi.org/10.2308/accr.00000036 .

Bota-Avram, C., & Palfi, C. (2009). Measuring and assessment of internal audit‟s effectiveness. Ann Faculty Economics, 3(1), 784-790.

Carcello, J. V., Hermanson, D. R., & Raghunandan, K. (2005). Factors associated with US public companies' investment in internal auditing. Accounting Horizons, 19(2), 69-84. Available at: https://doi.org/10.2308/acch.2005.19.2.69 .

Chang, Y.-T., Chen, H., Cheng, R. K., & Chi, W. (2019). The impact of internal audit attributes on the effectiveness of internal control over operations and compliance. Journal of Contemporary Accounting & Economics, 15(1), 1-19. Available at: https://doi.org/10.1016/j.jcae.2018.11.002 .

Chenhall, R. H. (2005). Integrative strategic performance measurement systems, strategic alignment of manufacturing, learning and strategic outcomes: An exploratory study. Accounting, Organizations and Society, 30(5), 395-422. Available at: https://doi.org/10.1016/j.aos.2004.08.001 .

Chin, W. W. (2010). How to write up and report pls analyses. In: Vinzi, V. E., Chin, W. W., Henseler, J. & Wang, H. (Eds.), Handbook of Partial Least Squares, Concepts, Methods and Applications. Berlin: Springer.

Chin.., W. W., Marcolin, B. L., & Newsted, P. R. (2003). A partial least squares latent variable modeling approach for measuring interaction effects: Results from a Monte Carlo simulation study and an electronic-mail emotion/adoption study. Information systems research, 14(2), 189-217. Available at: https://doi.org/10.1287/isre.14.2.189.16018.

Cohen, A., & Sayag, G. (2010). The effectiveness of internal auditing: An empirical examination of its determinants in Israeli organisations. Australian Accounting Review, 20(3), 296-307. Available at: https://doi.org/10.1111/j.1835-2561.2010.00092.x .

Cohen., J. (1988). Statistical power analysis for the behavioral sciences (2nd ed.). Hillsdale, NJ: Lawrence Erlbaum Associates, Inc.

COSO. (1992). Internal control-integrated framework. New York: Committee of Sponsoring Organisation of the Treadway Commission

COSO. (2011). Coso internal control - integrated framework update project, New York Committee of Cponsoring Organisation. Retrieved from: http://www.coso.org/ .

Croteau, A.-M., & Bergeron, F. (2001). An information technology trilogy: Business strategy, technological deployment and organizational performance. The Journal of Strategic Information Systems, 10(2), 77-99. Available at: https://doi.org/10.1016/s0963-8687(01)00044-0 .

Desai, V., Roberts, R. W., & Srivastava, R. (2010). An analytical model for external auditor evaluationof the internal audit function using belief functions. Contemporary Accounting Research, 27(2), 346-346. Available at: https://doi.org/10.1111/j.1911-3846.2010.01016.x .

Dittenhofer, M. (2001). Internal auditing effectiveness: An expansion of present methods. Managerial Auditing Journal, 16(8), 443-450. Available at: https://doi.org/10.1108/eum0000000006064 .

Drogalas, G., Alampourtsidis, S., & Koutoupis, A. (2015). Value-added approach of internal audit in the hellenic police. Corporate Ownership Control, 11(4), 692-698.

Endaya, K. L., & Hanefah, M. M. (2016). Internal auditor characteristics, internal audit effectiveness, and moderating effect of senior management. Journal of Economic and Administrative Sciences, 32(2), 160-176. Available at: https://doi.org/10.1108/jeas-07-2015-0023 .

Fadzil, F. H., Haron, H., & Jantan, M. (2005). Internal auditing practices and internal control system. Managerial Auditing Journal, 20(8), 844-866. Available at: https://doi.org/10.1108/02686900510619683 .

Fornell, C., & Larcker, D. F. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18(1), 39-50. Available at: https://doi.org/10.2307/3151312 .

Goodwin, J., & Yeo, T. Y. (2001). Two factors affecting internal audit independence and objectivity: Evidence from Singapore. International Journal of Auditing, 5(2), 107-125. Available at: https://doi.org/10.1111/j.1099-1123.2001.00329.x .

Gray, J., & Hunton, J. E. (2011). External auditors’ reliance on the internal audit function: The role of second-order belief attribution. Unpublished Working Paper Discussed at Bentley University, Massachusetts.  

Hair, J. F., Anderson, R., Black, B., Babin, B., & CBlack, W. (2010). Multivariate data analysis. New Jersey: London Upper Saddle River.

Hair, J. F., Hult, T. M., Ringle, C. M., & Sarstedt, M. (2013). A primer on partial least squares structural equation modeling (Pls-Sem). London: Sage.

Hair., J. F., Sarstedt, M., Ringle, C. M., & Mena, J. A. (2012). An assessment of the use of partial least squares structural equation modeling in marketing research. Journal of the Academy of Marketing Science, 40(3), 414-433. Available at: https://doi.org/10.1007/s11747-011-0261-6 .

Hartmann, F. (2005). The effects of tolerance for ambiguity and uncertainty on the appropriateness of accounting performance measures. Abacus, 41(3), 241-264. Available at: https://doi.org/10.1111/j.1467-6281.2005.00181.x .

Holland, C. P., & Light, B. (2001). A stage maturity model for enterprise resource planning systems use. ACM SIGMIS Database: The Data Base for Advances in Information Systems, 32(2), 34-45.

Huang, S.-M., Hsieh, P.-G., Tsao, H.-H., & Hsu, P.-Y. (2008). A structural study of internal control for ERP system environments: A perspective from the Sarbanes-Oxley Act. International Journal of Management and Enterprise Development, 5(1), 102-121. Available at: https://doi.org/10.1504/ijmed.2008.015909 .

Institute of Internal Auditors IIA. (2017). Standards for the professional practice of internal auditing: The Institute of Internal Auditors Homepage. Northe Amrica: Institute of Internal Auditors.
International Auditing and Assurance Standards Board (IAASB). (2012). Handbook of international quality control, auditing review, other assurance, and related services pronouncements. Retrieved from: https://www.ifac.org/system/files/publications/files/2012%20IAASB%20Handbook%20Part%20I_Web.pdf .

Khlif, H., & Samaha, K. (2014). Internal control quality, Egyptian standards on auditing and external audit delays: Evidence from the Egyptian stock exchange. International Journal of Auditing, 18(2), 139-154. Available at: https://doi.org/10.1111/ijau.12018 .

Khlif, H., & Samaha, K. (2016). Audit committee activity and internal control quality in Egypt. Managerial Auditing Journal, 31(3), 269-289. Available at: https://doi.org/10.1108/maj-08-2014-1084 .

Krishnan, J. (2005). Audit committee quality and internal control: An empirical analysis. The Accounting Review, 80(2), 649-675. Available at: https://doi.org/10.2308/accr.2005.80.2.649 .

Kumar, V., Pollanen, R., & Maheshwari, B. (2008). Challenges in enhancing enterprise resource planning systems for compliance with Sarbanes-Oxley Act and analogous Canadian legislation. Management Research News, 31(10), 758-773. Available at: https://doi.org/10.1108/01409170810908516 .

Lee, L., Petter, S., Fayard, D., & Robinson, S. (2011). On the use of partial least squares path modeling in accounting research. International Journal of Accounting Information Systems, 12(4), 305-328. Available at: https://doi.org/10.1016/j.accinf.2011.05.002 .

Lin, Y.-C., Wang, Y.-C., Chiou, J.-R., & Huang, H.-W. (2014). CEO characteristics and internal control quality. Corporate Governance: An International Review, 22(1), 24-42. Available at: https://doi.org/10.1111/corg.12042 .

Lin., S., Pizzini, M., Vargus, M., & Bardhan, I. R. (2011). The role of the internal audit function in the disclosure of material weaknesses. The Accounting Review, 86(1), 287-323. Available at: https://doi.org/10.2308/accr.00000016 .

Mahmood, M. A., & Becker, J. D. (1985). Effect of organizational maturity on end-users’ satisfaction with information systems. Journal of Management Information Systems, 2(3), 37-64. Available at: https://doi.org/10.1080/07421222.1985.11517736 .

Maletta, M. J. (1993). An examination of auditors' decisions to use internal auditors as assistants: The effect of inherent risk. Contemporary Accounting Research, 9(2), 508-525. Available at: https://doi.org/10.1111/j.1911-3846.1993.tb00895.x .

Mat, M. Z., Subramaniam, N., & Stewart, J. (2006). Internal auditors’ assessment of their contribution to financial statement audits: The relation with audit committee and internal audit function characteristics. International Journal of Auditing, 10(1), 1-18. Available at: https://doi.org/10.1111/j.1099-1123.2006.00306.x .

Mihret, D. G., James, K., & Mula, J. M. (2010). Antecedents and organizational performance implications of internal audit effectiveness. Pacific Accounting Review, 22(3), 224-252. Available at: https://doi.org/10.1108/01140581011091684 .

Mihret, D. G., & Woldeyohannis, G. Z. (2008). Value-added role of internal audit: An Ethiopian case study. Managerial Auditing Journal, 23(6), 567-595. Available at: https://doi.org/10.1108/02686900810882110 .

Mousa, F. R. (2005). Developing a model for evaluating the effectiveness of the internal audit function in Libyan organizations: Case study with special reference to oil companies. Ph.D. Thesis.  

Naranjo-Gil, D., & Hartmann, F. (2006). How top management teams use management accounting systems to implement strategy. Journal of Management Accounting Research, 18(1), 21-53. Available at: https://doi.org/10.2308/jmar.2006.18.1.21 .

Ndimitu, P. N., Mwangi, C. I., Kisaka, S., & Mwangi, M. (2018). Relationship between internal audit practices and performance of water service providers In Kenya. Archives of Business Research, 6(9), 91-104.

O'Leary, D. E. (2000). Enterprise resource planning systems: Systems, life cycle, electronic commerce, and risk. Cambridge, UK: Cambridge University Press.

Oussii, A. A., & Boulila, T. N. (2018). The impact of internal audit function characteristics on internal control quality. Managerial Auditing Journal, 33(5), 450-469. Available at: https://doi.org/10.1108/maj-06-2017-1579 .

Pizzini, M., Lin, S., & Ziegenfuss, D. E. (2015). The impact of internal audit function quality and contribution on audit delay. Auditing: A Journal of Practice & Theory, 34(1), 25-58. Available at: https://doi.org/10.2308/ajpt-50848.

Prawitt, D. F., Smith, J. L., & Wood, D. A. (2009). Internal audit quality and earnings management. The Accounting Review, 84(4), 1255-1280. Available at: https://doi.org/10.2308/accr.2009.84.4.1255 .

Rikhardsson, P., Best, P., & Juhl-Christensen, C. (2006). Sarbanes-Oxley compliance, internal control and Erp systems: Automation and the case of Mysap Erp. Accounting Research Group Working Paper No. 02.

Rittenberg, L. E., & Anderson, R. (2006). A strategic player, hiring and inspiring a chief audit executive. Journal of Accountancy, 202(1), 51-54.

Sadi, M. A., & Henderson, J. C. (2011). Franchising and small medium-sized enterprises (SMEs) in industrializing economies: A Saudi Arabian perspective. Journal of Management Development, 30(4), 402-412. Available at: https://doi.org/10.1108/02621711111126855 .

Salehi, M., & Bahrami, M. (2017). The effect of internal control on earnings quality in Iran. International Journal of Law and Management, 59(4), 534-546. Available at: https://doi.org/10.1108/ijlma-02-2016-0012 .

Sarens, G., Abdolmohammadi, M. J., & Lenz, R. (2012). Factors associated with the internal audit function’s role in corporate governance. Journal ofApplied Accounting Research, 13(2), 191-204.

Saudi Organization for Certified Public Accountants (SOCPA). (2011). Council of ministers approved the establishment of Saudi institute of internal auditors (Vol. 68): SOCPA. Retrieved from: https://socpa.org.sa/Socpa/Home.aspx?lang=en-us .

Saunders, M., Lewis, P., & Thornhill, A. (2009). Research methods for business students. Essex: Pearson Education Limited.

Schneider, A. (2003). An examination of whether incentive compensation and stock ownership affect internal auditor objectivity. Journal of Managerial Issues, 15(4), 486-497.

Soh, D. S., & Martinov-Bennie, N. (2011). The internal audit function: Perceptions of internal audit roles, effectiveness and evaluation. Managerial Auditing Journal, 26(7), 605-622. Available at: https://doi.org/10.1108/02686901111151332 .

Sultana, N., Singh, H., & Van Der Zahn, J. L. W. M. (2015). Audit committee characteristics and audit report lag. International Journal of Auditing, 19(2), 72-87.

Suwaidan, M. S., & Qasim, A. (2010). External auditors’ reliance on internal auditors and its impact on audit fees: An empirical investigation. Managerial Auditing Journal, 25(6), 509-525. Available at: https://doi.org/10.1108/02686901011054845 .

The General Authority for Small & Medium Enterprises. (2016). Retrieved from https://mci.gov.sa/en/mediacenter/news/pages/13-12-16-03.aspx .

Turner, L. D., & Owhoso, V. (2009). Use erp internal control exception reports to monitor and improve controls. Management Accounting Quarterly, 10(3), 41-50.

Unegbu, A. O., & Kida, M. I. (2011). Effectiveness of internal audit as instrument of improving public Sector management. Journal of Emerging Trends in Economics and Management Sciences, 2(4), 304-309.

Valipour, H., Moradi, J., & Fatheh, M. H. (2012). The impact of enterprise resource planning (ERP) on the internal controls case study: Esfahan steel company. European Journal of Social Sciences, 28(2), 228-238.

Zureigat, Q. (2014). Auditors’ decision to accept new SME clients in Saudi Arabia and auditors’ characteristics. International Journal of Business and Social Science, 5(1), 21-53.

Views and opinions expressed in this article are the views and opinions of the author(s), Asian Economic and Financial Review shall not be responsible or answerable for any loss, damage or liability etc. caused in relation to/arising out of the use of the content.