An Examination of Internal Audit Function Size: Evidence from U.S. Government and Nonprofit Sectors

Garven, Sarah A.; Scarlata, Audrey N.

doi:10.2308/CIIA-2019-505

SUMMARY

We examine factors associated with internal audit function (IAF) size in U.S. government and nonprofit (GNP) entities. Our results, based on responses from 345 GNP participants, indicate several factors related to organizational characteristics, IAF characteristics, IAF responsibilities, and information technology (IT) tools and audit activities that are associated with IAF size. Specifically, we find IAF size is positively associated with: (1) mandated IAFs, (2) activity related to audits of general IT risks, (3) use of a rotational staffing model, (4) degree of fraud detection responsibility, (5) conduct of performance audits, (6) extent of sophisticated audit technologies, (7) organization size, (8) opportunity to receive a bonus, and (9) age of the IAF. IAF size is negatively related to (1) extent of access to records and property appropriate for the performance of audits, (2) nonprofit organizations, (3) healthcare institutions, and (4) educational institutions. Additional analysis reveals variation between large and small organizations.

I. INTRODUCTION

Government and nonprofit (GNP) organizations are major economic forces in our society (Freeman, Shoulders, McSwain, and Scott 2018). Nonprofits (NPOs) employ over 10 percent of the workforce, receive over $330 billion in private contributions, hold more than $5 trillion in assets, and contribute over $900 billion to the U.S. economy (McKeever 2015; McKeever and Gaddy 2016). State and local governments report over $2.9 trillion in general revenues and employ over 14 million full-time and almost 5 million part-time employees (U.S. Census Bureau 2015a; U.S. Census Bureau 2015b). Collectively, the GNP sector accounts for over a third of all U.S. economy expenditures (Freeman et al. 2018). Despite the importance of GNPs to the U.S. economy, there has been limited investigation of their internal audit functions (IAFs) beyond examining the effects of their presence or absence in an organization.

Differing legal, political, and social environments exist between GNP organizations and for-profit entities (T. Patton, S. Patton, and Ives 2019). GNPs seek to provide services to their constituencies, rather than increase shareholders' wealth, and their resource providers (donors and taxpayers) do not expect to receive benefits commensurate to the resources they provide (Reck and Lowensohn 2016; Patton et al. 2019). GNPs must not only report on the inflows and outflows of these resources, but also demonstrate accountability for them (Patton et al. 2019). The GNP sector's focus on demonstrating efficiency and effectiveness in service delivery as well as ensuring compliance with donor restrictions and laws results in a much broader degree of accountability required for GNPs than for for-profits (Patton et al. 2019).

The lack of residual claimants in the GNP sector does not ensure that GNP organizations will be free from agency conflicts (Krishnan, M. Yetman, and R. Yetman 2006; Vermeer, Styles, and Patton 2010). Government officials and nonprofit management may not always act in their constituents' best interests, thus necessitating the use of monitoring mechanisms to reduce agency losses (Krishnan et al. 2006; Vermeer et al. 2010). As noted by Vermeer (2008), the need for monitoring may be even more critical in the GNP sector due to the absence of shareholder oversight. It is unlikely that donors and taxpayers invest the same level of vigilance in monitoring as do shareholders (Vermeer 2008).

Given the significance of the GNP sector to the U.S. economy as well as the increasing call for accountability (Garven, Beck, and Parsons 2018; Aikins 2013), it is important to consider the sector's response to monitoring demands. One such response is to invest resources into the IAF (Carcello, Hermanson, and Raghunandan 2005a; Vermeer, Raghunandan, and Forgione 2006). Such a response demonstrates a high level of commitment to preserving the public's trust that donations and tax dollars are being used for their intended purpose and to ensure the entity is accomplishing its objectives. As suggested by Anderson, Christ, Johnstone, and Rittenberg (2012), a greater commitment to corporate governance will likely result in a greater investment in the IAF.

A considerable amount of research has examined factors associated with organizations' investment in the IAF (measured by IAF staff or budget size) in the U.S. for-profit sector (Carcello et al. 2005a; Barua, Rama, and Sharma 2010; Carcello, Hermanson, and Raghunandan 2005b; Anderson et al. 2012) and the for-profit sector of other countries (Goodwin-Stewart and Kent 2006; Gronewold and Heerlein 2009; Sarens and Abdolmohammadi 2011; Alhajri 2017). Due to extensive differences between the GNP and for-profit sectors (including purpose, monitoring needs, and stakeholders), the GNP sector is a unique environment in which to study investment in internal auditing. We extend prior IAF investment research by examining four sets of factors associated with IAF staff size in the U.S. GNP sector. These factor sets include organizational characteristics, IAF characteristics, IAF responsibilities, and information technology (IT) tools and audit activities.

Using responses from 345 GNP participants in the Common Body of Knowledge (hereafter, CBOK) 2015 Global Internal Auditor Practitioner Survey administered by the Institute of Internal Auditors Research Foundation, we provide evidence that GNP IAF size is associated with variables in all four sets of factors. These variables include organization size, IAF mandate, NPOs, organizations classified as healthcare and educational institutions, IAF age, opportunity to receive a bonus, use of a rotational staffing model, extent of access to records and property appropriate for the performance of audits, degree of fraud detection responsibility, conduct of performance audits, extent of activity related to audits of general IT risks, and extent of use of sophisticated audit technologies. We also examine large and small organizations separately and find, among larger organizations, organizational characteristics such as size and industry have a strong association with IAF size. For smaller organizations, more characteristics specific to the IAF itself, such as the opportunity to receive a bonus, use of a rotational staffing model, and extent of access to records and property appropriate for the performance of audits, have a strong association.

From an academic perspective, this paper adds to the internal audit, corporate governance, and GNP sector literature. Our model includes several factors of IAF size not previously examined, including degree of fraud detection responsibility, degree of fraud prevention responsibility, extent of access to records and property appropriate for the performance of audits, and opportunity to receive a bonus. Additionally, our examination of large and small organizations separately has not previously been done in the context of IAF size. From a practice standpoint, our results provide insights to organizations on factors that are associated with IAF size. Our descriptive results can assist GNP organizations in comparing their IAFs with those of others across the nation and our empirical model can be used as a benchmark for GNP management in evaluating the size of their IAFs. As a result, our results may serve to initiate a discussion among management about the adequacy of their IAF.

II. BACKGROUND AND THEORY DEVELOPMENT

In recent years, the IAF has become an important and useful corporate governance monitoring mechanism (Sarens and Abdolmohammadi 2011). It plays a critical role in the organization's success through its performance of assurance services, which serve in supporting the governance structure (Anderson et al. 2017). Additionally, the function adds value by identifying emerging risks and delivering business insights (KPMG 2017) and it serves all types of organizations, from private and publicly-traded companies to government and nonprofit organizations (Anderson et al. 2017).

GNP internal auditors are in a unique position and face unique challenges as compared to their counterparts in the for-profit sector. For example, studies find compensation for NPO executives and workers is substantially lower on average than their for-profit counterparts (Panel on the Nonprofit Sector 2005) and retaining audit staff in the public sector is problematic due to government pay scales and insufficient funding (compared to their non-public sector counterparts) (Piper 2015). Also, public sector internal auditors must balance satisfying the needs of their CEOs, boards of directors, regulators, and managers with being accountable to politicians and the public (Piper 2015). Nonprofit internal auditors, too, must not only serve the needs of their internal stakeholders, but also be accountable to donors and grantors, the IRS, the respective state from which their organization receives legal existence, and the public (Garven 2012).

Thousands of nonprofits compete for scarce resources and are commonly judged on what proportion of these resources are dedicated to providing programs that fulfill the organization's mission, i.e., the program ratio (Garven, Hofmann, and McSwain 2016). Resources spent on the IAF are considered administrative expenses. Although these resources are arguably key to helping the organization accomplish its mission, they do not directly contribute to increasing a nonprofit's program ratio. This may result in the reluctance of some NPOs to funnel considerable amounts of resources into the IAF. Governments, too, faced with “increasingly constrained public sector budgets” (Aikins 2017, 1), may also be reluctant to spend considerable resources on activities that do not provide direct service to citizens. As noted in a 2018 report by the Oregon Secretary of State, the IAF is one of the first functions agencies cut in many states experiencing financial difficulties (Richardson 2018). Thus, our study examines factors associated with GNP organizations' investment in IAF staff.

Organizational Characteristics

The organizational characteristics we examine include: (1) organization size, (2) industry classification (education, healthcare, and other), (3) type of entity (nonprofit or governmental), and (4) whether an IAF is mandated. Larger GNP organizations are more complex and thus may be scrutinized by the public more (Vermeer et al. 2006; C. Edmonds, J. Edmonds, B. Vermeer, and T. Vermeer 2017), and hospitals and educational institutions are often subject to much more complexity and regulation in their operations as compared to other types of organizations (Vermeer et al. 2006). This increased complexity and scrutiny of operations may result in an increased level of audit work, as well as adoption of stronger monitoring mechanisms (Beattie, Goodacre, Pratt, and Stevenson 2001; Vermeer et al. 2006, Vermeer, Raghunandan, and Forgione 2009). Thus, we expect a positive association between organization size and GNP entities that are hospitals or educational institutions and IAF size.

As noted earlier, both governments and nonprofits may be reluctant to expend significant resources on the IAF as these expenditures are not service-related. For nonprofits, such expenditures lower their program ratio, a common measure of nonprofit efficiency, and research has found a positive association between the program ratio and donations (Weisbrod and Dominguez 1986; Posnett and Sandler 1989; Callen 1994; Tinkelman 1999; Okten and Weisbrod 2000; M. Yetman and R. Yetman 2013). Thus, nonprofits that are viewed as financially inefficient risk a loss of donations, upon which many depend. Governments, however, which depend on taxes, will normally continue operations even if they are deemed inefficient or ineffective (Freeman et al. 2018). Thus, the need to demonstrate financial efficiency may be stronger for nonprofits than governments. As such, we posit nonprofits may invest fewer resources into their IAFs compared to governments and we expect a negative association between nonprofit organizations and IAF size.

Certain organizations are required by law or regulation to have an IAF in place. For example, within the public sector, there is often a mandatory requirement to have an IAF, the banking and financial services industry has a general global requirement to have an IAF, and companies and parent companies listed on the New York Stock Exchange are required to maintain an IAF (Allegrini, D'Onza, Melville, Sarens, and Selim 2011; Sarens and Abdolmohammadi 2011). Because organizations mandated to have an IAF operate in highly regulated environments and typically face greater compliance risks, it is likely they will invest more in their IAF (Sarens and Abdolmohammadi 2011). Examining Belgian companies, Sarens and Abdolmohammadi (2011) find a mandate for the IAF is positively associated with IAF size. Consistent with prior research, we expect a positive association between IAF mandate and IAF size.

IAF Characteristics

The IAF characteristics we examine include: (1) extent of access to property and records appropriate for the performance of audit activities, (2) use of a rotational staffing model, (3) opportunity to receive a bonus, and (4) IAF age. An IAF's charter should “[authorize] access to records, personnel, and physical properties relevant to the performance of engagements” (Interpretation to IIA Standard 1000: Purpose, Authority, and Responsibility) (IIA 2016). Greater ease of access to such property and records will likely result in staffing efficiencies with the IAF being able to achieve its objectives with a smaller staff. Thus, we expect extent of access to relevant property and records to be negatively related to IAF size.

A staff rotation program involves staff being rotated through the IAF as part of training them for management in other parts of the organization. Benefits of this type of program include increasing the number of internal audit ambassadors throughout the organization and helping address any skills gaps (Deloitte 2016). Consistent with the findings of Anderson et al. (2012), we expect the use of a rotational staffing model to be associated with larger IAF size. As noted by Anderson et al. (2012), it is likely IAFs with this type of staffing strategy are larger due to having staff with little internal audit experience and experiencing constant turnover.

DeZoort, Houston, and Reisch (2000) note the opportunity for internal auditors to receive a bonus from the organization may serve as a recruitment and retention tool and could also result in cost savings. Successful recruitment and retention will help ensure IAFs are operating at full staffing capacity and using bonuses to supplement budgeted salaries could allow GNPs to hire more people into the IAF since they will have less in budgeted salaries and can then choose to pay the bonus when there is a surplus. On the other hand, DeZoort et al. (2000) also note that the opportunity to receive a bonus can increase the IAF's productivity and effectiveness; this increased productivity and effectiveness could result in staffing efficiencies, with fewer staff needed. Due to these competing possibilities, we do not make a directional prediction regarding the opportunity to receive a bonus and IAF size.

Sarens, Allegrini, D'Onza, and Melville (2011) test whether IAF size is significantly different between three clusters of IAFs based on age and find that the size of the IAF is positively related to the age of the IAF. They suggest that the longer the IAF has existed, the more time the IAF has had to prove it is a value-added function, and thus the more time the organization has benefited from the IAF's services and supported expanding the IAF (Sarens et al. 2011). Based on this argument, we expect a positive association between IAF age and IAF size.

IAF Responsibilities

The IAF responsibilities we examine include: (1) degree of fraud prevention responsibility, (2) degree of fraud detection responsibility, and (3) conduct of performance audits. Fraud is one of the top risks organizations face (Anderson et al. 2017) and internal auditors “are increasingly being asked to play a key role in preventing, deterring, and detecting fraud in for-profit, governmental, and nonprofit organizations globally” (Anderson et al. 2017, 8–28). Fraud prevention and detection activities conducted by internal audit may include whistleblower hotline monitoring, fraud investigation, fraud awareness training, audits of internal controls related to fraud prevention or detection, and fraud risk assessment facilitation (Araj 2015). As these activities require a significant time commitment and redirect internal audit resources away from other important audit activities (Araj 2015), we expect organizations heavily involved in fraud prevention and detection to be associated with larger staffs, possibly even having dedicated fraud specialists on staff. Thus, we expect a positive relationship between an IAF's responsibilities related to the prevention and detection of fraud and IAF size.

Deloitte's “Internal Audit Insights 2018” report identifies operational risk assurance as a high-impact area of focus for IAFs. The report notes operational (or performance) audits “focus mainly on nonfinancial assets and processes” and “aim to determine how performance aligns with management's expectations, identify areas to be investigated, and propose enhancements” (Deloitte 2018, 13). The report further mentions the orientation of many internal auditors is toward financial processes and performance, and IAFs should dig deeper into assessing operational efficiency, effectiveness, and risk management. Anderson et al. (2012) note audit committees and management often want the IAF to be involved in more than financial statement compliance and mention that prior literature (Anderson and Svare 2011; IIA 2009) suggests more involvement is needed from IAFs with respect to providing reviews of operations. Similar to conducting fraud detection and prevention activities, conducting performance audits also requires a large time commitment and redirects internal audit resources away from other important audit activities. Thus, we expect organizations heavily involved in conducting performance audits to be associated with larger staffs and posit a positive relationship between an IAF's responsibility related to conduct of performance audits and IAF size.

IT Tools and Audit Activity

The IT tools and audit activities we examine include: (1) extent of use of sophisticated audit technologies, (2) extent of activity related to audits of general IT risks, and (3) extent of activity related to audits of IT privacy and security compliance. As noted in the CBOK report “Staying a Step Ahead: Internal Audit's Use of Technology,” internal auditors are now under pressure to adapt to new technologies (Cangemi 2015). From one perspective, greater usage of sophisticated audit technology should result in increased efficiencies (Anderson et al. 2012; Cangemi and Singleton 2003; KPMG 2017; PWC 2018) which then would result in the need for fewer staff (Anderson et al. 2012). A competing possibility, noted in Anderson et al. (2012), is that a large investment in auditing technology may indicate an organization has a stronger commitment to internal audit and desires greater coverage, thus broadening the range of internal audit responsibilities and tasks covered. Thus, one might expect a greater investment in technology to be associated with a larger IAF. Due to differing possibilities, we make no directional prediction regarding extent of use of sophisticated audit technologies and IAF size.

Similar to Anderson et al. (2012) we look at two types of IT audit activity: general and security-specific. On one hand, as IT-related audits may require specialized skills and expertise beyond that of internal auditors performing other audit activities (Anderson et al. 2012), we might expect a positive association between extent of IT-related audit activity and IAF size. On the other hand, due to the supply of skilled IT auditors unable to keep pace with the demand (Anderson et al. 2017), GNP IAFs may find themselves forced to “do more with the same (or with less)” (Deloitte 2016, 27), ask for assistance from other departments, or hire external service providers who have the needed IT competencies (Anderson et al. 2017). Given competing viewpoints, we make no directional prediction regarding extent of IT audit activity and IAF size.

III. RESULTS

Data and Sample

Our data, taken from the results of the Common Body of Knowledge (CBOK) 2015 Global Internal Audit Practitioner Survey, are provided by the Institute of Internal Auditors Research Foundation (IIARF). The CBOK is the largest study of the internal audit profession in the world. An online survey link was emailed to IIA members and posted on the IIA's website, with survey responses collected from February 2, 2015 until April 1, 2015 (Araj 2015). Approximately 14,500 practitioners across 150 North American chapters as well as 166 countries participated in the survey (IIA 2015).

Of the approximately 14,500 practitioners that participated in the survey, 3,647 were from GNP organizations. Since U.S. GNP organizations are the focus of our study, we narrow our sample to U.S. respondents. Thus, we removed 2,881 non-U.S. observations. Because we only wish to include observations in which the respondent indicated he/she works as an internal auditor within the organization where employed, 17 additional observations were removed. An additional 404 observations were dropped due to missing responses, resulting in a final sample of 345 (see Table 1).^¹

TABLE 1

View large

Empirical Model

We estimate the relationship between various organizational characteristics, IAF characteristics, IAF responsibilities, and IT tools and audit activities on IAF size as follows:

$\def\upalpha{\unicode[Times]{x3B1}}$$\def\upbeta{\unicode[Times]{x3B2}}$$\def\upgamma{\unicode[Times]{x3B3}}$$\def\updelta{\unicode[Times]{x3B4}}$$\def\upvarepsilon{\unicode[Times]{x3B5}}$$\def\upzeta{\unicode[Times]{x3B6}}$$\def\upeta{\unicode[Times]{x3B7}}$$\def\uptheta{\unicode[Times]{x3B8}}$$\def\upiota{\unicode[Times]{x3B9}}$$\def\upkappa{\unicode[Times]{x3BA}}$$\def\uplambda{\unicode[Times]{x3BB}}$$\def\upmu{\unicode[Times]{x3BC}}$$\def\upnu{\unicode[Times]{x3BD}}$$\def\upxi{\unicode[Times]{x3BE}}$$\def\upomicron{\unicode[Times]{x3BF}}$$\def\uppi{\unicode[Times]{x3C0}}$$\def\uprho{\unicode[Times]{x3C1}}$$\def\upsigma{\unicode[Times]{x3C3}}$$\def\uptau{\unicode[Times]{x3C4}}$$\def\upupsilon{\unicode[Times]{x3C5}}$$\def\upphi{\unicode[Times]{x3C6}}$$\def\upchi{\unicode[Times]{x3C7}}$$\def\uppsy{\unicode[Times]{x3C8}}$$\def\upomega{\unicode[Times]{x3C9}}$$\def\bialpha{\boldsymbol{\alpha}}$$\def\bibeta{\boldsymbol{\beta}}$$\def\bigamma{\boldsymbol{\gamma}}$$\def\bidelta{\boldsymbol{\delta}}$$\def\bivarepsilon{\boldsymbol{\varepsilon}}$$\def\bizeta{\boldsymbol{\zeta}}$$\def\bieta{\boldsymbol{\eta}}$$\def\bitheta{\boldsymbol{\theta}}$$\def\biiota{\boldsymbol{\iota}}$$\def\bikappa{\boldsymbol{\kappa}}$$\def\bilambda{\boldsymbol{\lambda}}$$\def\bimu{\boldsymbol{\mu}}$$\def\binu{\boldsymbol{\nu}}$$\def\bixi{\boldsymbol{\xi}}$$\def\biomicron{\boldsymbol{\micron}}$$\def\bipi{\boldsymbol{\pi}}$$\def\birho{\boldsymbol{\rho}}$$\def\bisigma{\boldsymbol{\sigma}}$$\def\bitau{\boldsymbol{\tau}}$$\def\biupsilon{\boldsymbol{\upsilon}}$$\def\biphi{\boldsymbol{\phi}}$$\def\bichi{\boldsymbol{\chi}}$$\def\bipsy{\boldsymbol{\psy}}$$\def\biomega{\boldsymbol{\omega}}$$\def\bupalpha{\bf{\alpha}}$$\def\bupbeta{\bf{\beta}}$$\def\bupgamma{\bf{\gamma}}$$\def\bupdelta{\bf{\delta}}$$\def\bupvarepsilon{\bf{\varepsilon}}$$\def\bupzeta{\bf{\zeta}}$$\def\bupeta{\bf{\eta}}$$\def\buptheta{\bf{\theta}}$$\def\bupiota{\bf{\iota}}$$\def\bupkappa{\bf{\kappa}}$$\def\buplambda{\bf{\lambda}}$$\def\bupmu{\bf{\mu}}$$\def\bupnu{\bf{\nu}}$$\def\bupxi{\bf{\xi}}$$\def\bupomicron{\bf{\micron}}$$\def\buppi{\bf{\pi}}$$\def\buprho{\bf{\rho}}$$\def\bupsigma{\bf{\sigma}}$$\def\buptau{\bf{\tau}}$$\def\bupupsilon{\bf{\upsilon}}$$\def\bupphi{\bf{\phi}}$$\def\bupchi{\bf{\chi}}$$\def\buppsy{\bf{\psy}}$$\def\bupomega{\bf{\omega}}$$\def\bGamma{\bf{\Gamma}}$$\def\bDelta{\bf{\Delta}}$$\def\bTheta{\bf{\Theta}}$$\def\bLambda{\bf{\Lambda}}$$\def\bXi{\bf{\Xi}}$$\def\bPi{\bf{\Pi}}$$\def\bSigma{\bf{\Sigma}}$$\def\bPhi{\bf{\Phi}}$$\def\bPsi{\bf{\Psi}}$$\def\bOmega{\bf{\Omega}}$\begin{equation}IAF\_SIZE = {\beta _0} + {\beta _1}ORG\_SIZE + {\beta _2}IND\_EDUC + {\beta _3}IND\_HLTH + {\beta _4}NPO + {\beta _5}MANDATE + {\beta _6}ACCESS + {\beta _7}ROTATE + {\beta _8}BONUS + {\beta _9}IAF\_AGE + {\beta _{10}}PREV\_FRAUD + {\beta _{11}}DET\_FRAUD + {\beta _{12}}PERF\_AUDIT + {\beta _{13}}IT\_TOOLS + {\beta _{14}}IT\_GENRISK + {\beta _{15}}IT\_SECURITY + \varepsilon \end{equation}

Regression variables are defined below. Pearson correlations are calculated in Table 2, Panels A and B. Only one correlation exceeds 0.50 (the correlation between IT_GENRISK and IT_SECURITY is 0.72) and an analysis of variance inflation factors (VIFs) in the model does not indicate problems with multicollinearity. All VIFs are less than ten, with a high of 2.32.

TABLE 2

View large

The variables are defined as follows (See Appendix A for original CBOK survey questions):

IAF_SIZE = natural log of full-time equivalent employees in IAF;
ORG_SIZE = natural log of employees in organization;
IND_EDUC = 1 if organization industry classification is Educational Services, 0 otherwise;
IND_HLTH = 1 if organization industry classification is Health Care and Social Assistance, 0 otherwise;
NPO = 1 if organization type is nonprofit organization (not related to government), 0 otherwise;
MANDATE = 1 if IAF is mandated, 0 otherwise;
ACCESS = IAF's extent of access to records and property appropriate for the performance of audits (1 = None of the time; 2 = Some of the time; 3 = Most of the time; 4 = All of the time);
ROTATE = 1 if there is a process to rotate staff through IAF, 0 otherwise;
BONUS = 1 if bonus opportunity, 0 otherwise;
IAF_AGE = natural log of age of IAF in years;
PREV_FRAUD = IAF's degree of responsibility related to preventing fraud (1 = None of the responsibility; 2 = Some of the responsibility; 3 = Most of the responsibility; 4 = All of the responsibility);
DET_FRAUD = IAF's degree of responsibility related to detecting fraud (1 = None of the responsibility; 2 = Some of the responsibility; 3 = Most of the responsibility; 4 = All of the responsibility);
PERF_AUDIT = 1 if IAF conducted performance audits in the past year, 0 otherwise;
IT_TOOLS = mean extent of activity for IAF related to use of 11 IT tools and techniques (1 = None, 2 = Minimal, 3 = Moderate, 4 = Extensive);
IT_GENRISK = extent of IAF activity related to audits of general IT risks (1 = None, 2 = Minimal; 3 = Moderate; 4 = Extensive); and
IT_SECURITY = mean extent of IAF activity related to audits of six IT security areas (1 = None, 2 = Minimal, 3 = Moderate, 4 = Extensive).

Descriptive Statistics

Table 3 provides descriptive statistics for the final sample. Internal audit size is measured as the log of the number of full-time equivalent employees and has a mean of 1.88 (or about 7 employees).

TABLE 3

View large