Index

Abstract

Disclosure and transparency are essential for informed decision-making. Timely reporting and accurate financial information including risk related information are key facets of investor protection and market confidence. This study examines the impact of internal audit quality on disclosure on risk management and internal control. The empirical evidence is gathered using data extracted from the annual report of 200 listed companies in 2017. Results indicate that higher internal audit quality significantly and positively enhances greater disclosure on risk management and internal control. Other characteristics such as firm size, firm liquidity, and audit firm size were further analyzed and found that those characteristics were not significantly related to the disclosure on risk management and internal control. Hence, this study provides empirical evidence on the likelihood of internal audit quality in facilitating the oversight duties of the audit committee and the board with regards to greater disclosure on risk management and internal control.

Keywords: Internal audit quality, Disclosure, Internal audit, Risk management, Internal control.

JEL Classification: M42

Received: 23 October 2020 / Revised: 16 November 2020 / Accepted:4 December 2020/ Published: 21 December 2020

Contribution/ Originality

This study contributes to existing literature by examining the impact of internal audit quality on disclosure on risk management and internal control.


1. INTRODUCTION

Recurrence of corporate scandals around the world and Malaysia specifically raised the demand for transparent disclosure. Greater transparency on disclosure of risk and control is also spearheading by the uncertainties derived from business risks and economic crisis around the world. It is always in the best interest of the potential investors and stakeholders in knowing the state of risk and control practices in listed companies in a timely manner (Amran, Rosli, & Mohd Hassan, 2008). 

In Malaysia, listed companies are required to comply with Listing Requirements on disclosure on risk and control (Institute of Internal Auditors (IIA). 2017). The purpose of this requirement is to ensure that the company states the status of its risk management framework and internal control system. This is crucial as it would reflect the extent of management implementing its risk and control practices in developing and executing high-level strategies, major corporate decisions and managing overall operations and resources of the company. In other words, this disclosure would reflect how the company implements those systems in identifying and managing the business risks and its control measures are in place and working effectively.

Besides, the Malaysian Code on Corporate Governance (MCCG) is further revised in 2017 with more emphasis is given with respect to the role of internal audit and risk management. Effective risk management is among the key principles that form part of the highlighted features in MCCG 2017. Good practices of risk management are highly expected with more focus is established on large companies (i.e. top 100 market index or market capitalization with RM2 billion and above). Therefore, the latest MCCG is strengthening the effectiveness and independence of the internal audit. Similarly, it should dedicate more focus on the risk management process and facilitate the oversight duties of the board and audit committee.

This study contributes to the literature in many ways. A handful of prior studies examine the impact of governance characteristics, ownership structure and firm characteristics on disclosure practices (Amran et al., 2008; Haron, Jeyaraman, & Chye, 2010; Lin, Pizzini, Vargus, & Bardhan, 2011; Oussii & Taktak, 2018). However, in particular, little is known on the impact of internal audit quality on the extent of risk and control disclosure practices. Second, research on the influence of internal audit attributes on the extent of disclosure on risk and control practices is scant, with the exception of Lin et al. (2011) and Oussii and Taktak (2018). Lin et al. (2011) were conducted in the US which is a highly regulated environment, while Oussii and Taktak (2018) were conducted in Tunisia, characterized as an emerging economy with weak governance system due to the recent introduction of governance legislation. Hence, the current study is expected to contribute empirical evidence that internal audit quality influence on disclosure practices within the context of an emergent market characterized by the resilient governance system. Third, the development of legislation in the Malaysian context underlines the important role of internal audit in facilitating the oversight roles provided by the board and audit committee. It means that the assistance of an internal audit is highly being sought by the board and audit committee in providing assurance on the effectiveness of risk management and control processes. In short, the objective of this study is to examine the relationship between internal audit quality and disclosure on risk management and internal control.

Following sections elaborate on the review of prior studies and the development of hypotheses for testing. Thereafter, the research method is explained and followed by a report of results, discussion and conclusion.

2. LITERATURE REVIEW

2.1. Regulatory Framework on Disclosure on Risk and Control in Malaysia

The requirements on disclosure on internal control were first made voluntary in June 2001. The requirement was made mandatory under the Practice Note 9 – internal control and corporate governance statement. Details of compliance are stated in Paragraphs 15.25 and 15.26 of the Bursa Malaysia Listing Requirements. It was then revised, firstly in August 2009 and secondly in November 2012 (w.e.f. Dec 2013). Paragraph 15.26(b) clearly state that listed company is required to ensure that board of directors makes a disclosure on the state of its internal control and risk management framework, level of its tolerance on risk, risk management process (risk identification, risk assessment, risk management, risk monitoring). The requirement is further supported by Guidelines for directors of listed companies in preparing Statement on Risk Management and Control issued by the Institute of Internal Auditors Malaysia (IIAM).

MCCG 2012 has significantly emphasized the establishment of a sound framework to manage risks. Compliance towards (Malaysian Code of Corporate Governance (MCCG), 2012) by the listed companies was further re-emphasized through the requirement in Practice 9 of Bursa Malaysia Listing Requirements. The board of directors should establish a sound risk management framework and internal control system. Likewise, the board should disclose how risks are managed, level of risk tolerance, risk management process, its periodic testing on the effectiveness of its internal control. Board of listed companies must show their commitments on the effectiveness of risk and control systems.

MCCG is further revised in 2017 with more emphasis is given with respect to the role of audit and risk management. Effective risk management is among the key principles that form part of the highlighted features in Malaysian Code of Corporate Governance (MCCG). (2017). Good practices of risk management are highly expected with more focus is established on large companies (i.e. top 100 market index or market capitalization with RM2 billion and above). Latest MCCG aims to strengthen the effectiveness and independence of internal audit. Hence, it’s role should dedicate more focus on the risk management process and facilitate the oversight duties of the board and audit committee.

2.2. Disclosure on Risk and Control

Studies on disclosure on risk and control have evolved along with the changes in requirements on risk and control practices. Various guidelines have been issued around the world that includes mandatory and voluntary disclosure practices. Earlier studies mainly focused on the nature and extent of disclosure on control systems and practices adopted (Ahmad, Abdullah, Jamel, & Omar, 2015; Amran et al., 2008; Haron et al., 2010; Oussii & Taktak, 2018). Failure to detect risks is among the cause of business scandals which resulted in evolution on risk management practices. Similarly, the scope of disclosure has been extended into risk management practices. The disclosure aims to enhance transparency on actions taken by the directors in mitigating risks faced by the company and to provide information that facilitates informed decision making by the investors (Amran et al., 2008). In view of that, a large number of studies have been conducted in developed countries that imposed mandatory requirements to disclose risks (Linsley & Shrives, 2006). Most of the studies employed content analysis of the disclosure made in the annual report and source of information on voluntary and mandatory disclosure is extracted from various parts of the annual report (Amran et al., 2008). In general, one group analyzed the risk disclosure segment and while the other group analyzed the management and discussion sections (financial and non-financial sections). In this regard, the results indicated that risk disclosure is analyzed based on the category of risks disclosed and the extent of disclosure made. Thus, prior studies indicated large variation on the scope of disclosure used, such as disclosure on control weaknesses, risk factors, and both risk and control practices, resulted into the different basis of measurement used (such as the number of sentences or words and disclosure index).

In addition to that, the majority of prior studies examine the following monitoring mechanisms: governance characteristics, which includes board of directors and audit committee, ownership characteristics, type of external auditor and firm characteristics (Amran et al., 2008; Haron et al., 2010; Lin et al., 2011; Oussii & Taktak, 2018). Research on the influence of internal audit attributes on the extent of disclosure on risk and control practices is scant, with the exception of Lin et al. (2011) and Oussii and Taktak (2018). Lin et al. (2011) were conducted in the US which is a highly regulated environment, while Oussii and Taktak (2018) were conducted in Tunisia, characterized as an emerging economy with weak governance system due to the recent introduction of governance legislation. The current study is expected to provide empirical evidence on the relationship between internal audit quality and disclosure practices within the context of an emergent market characterized as a resilient governance system.

3. HYPOTHESES DEVELOPMENT

Agency theory explains how information asymmetry between shareholders and management can be reduced by monitoring the opportunistic attitudes of managers (Jensen & Meckling, 1976). To further reduce the uncertainty and misconduct, monitoring mechanisms are often being instituted in the company. In addition, enhancement on the flow of information could be done through greater transparency on disclosure practices. Majority of prior studies examined the following monitoring mechanisms: characteristics of the board of directors and audit committee, ownership structure, type of external auditor and firm characteristics (Amran et al., 2008; Haron et al., 2010; Lin et al., 2011; Oussii & Taktak, 2018).

In respect of the board of directors’ attributes, findings indicate the importance of independent directors in monitoring the activities of management. Theoretically, they should not be easily influenced by corporate insiders. Thus, a higher level of disclosure is expected from companies with a greater proportion of independent directors (Ahmad et al., 2015; Oliveira, Rodrigues, & Craig, 2011). Frequency of board meetings also found to be an important attribute in influencing disclosure practices (Domínguez & Gámez, 2014). A higher number of meetings may imply that the board devotes more time to the development of a company's operations and management monitoring which reduced the gap of information asymmetry. Besides, attendance to scheduled meetings also shown board commitment in fulfilment of its fiduciary duties (Oliveira et al., 2011). Similarly, attributes of the audit committee are highlighted in several studies. The audit committee with financial expertise and literacy increase the capability to monitor through its ability to contribute advise and minimize opportunistic behaviours (Oliveira et al., 2011). While mixed findings are found in respect of ownership structure attributes (Oliveira et al., 2011). In general, larger shareholders play an active role in monitoring and controlling a firm and more willing to discipline poorly performing management by intervening actively (Oliveira et al., 2011). However, little is known on the impact of internal audit quality on disclosure practices.

Internal audit has become increasingly important in the current governance environment. Chambers and Odar (2015) stated that an internal auditor has a role to provide assurance on the effectiveness of risk and control practices to the board. The evolution in internal auditing standards also underlined the importance of internal audit contribution in enhancing and protecting organizational value (Institute of Internal Audit Malaysia (IIAM), 2015). Therefore, internal audit quality tends to enhance the quality of risk and control system (Oussii & Taktak, 2018). In the context of internal audit and disclosure, the following studies were conducted in the US (Lin et al., 2011) a highly regulated governance environment and Tunisia, an emerging market with weakening governance environment (Oussii & Taktak, 2018). Lin et al. (2011) found that internal audit educational level and implementation of quality assurance on internal audit work are negatively and significantly related to disclosure of material weaknesses reported under Section 404. Likewise, the study found that material weaknesses disclosures are positively associated with external-internal audit coordination and internal audit practices of grading audit engagements. While in Oussii and Taktak (2018) the results of the study indicated that internal audit competence, level of quality assurance on internal audit, follow up process and audit committee's review of internal audit programs and results significantly influenced internal control quality. Both studies mainly focus on the impact of internal audits on control disclosure practices.

Based on the synthesis of internal audit literature, internal audit is expected to review major areas of risk to contribute to the achievement of company objectives (Lenz & Hahn, 2015). From an agency theory perspective, internal audit quality is considered as a pivotal monitoring mechanism within the corporate governance mosaics that aims to reduce information asymmetry problems between the principal and agents (Adams, 1994; Sarens & Abdolmohammadi, 2011). Moreover, specific quality characteristics of the internal audit and its activities may increase its ability to evaluate risk and control systems and provide assurance and address wrongdoings to the board on a timely basis (Chambers & Odar, 2015). Hence, based on the theoretical reasoning and preceding arguments of prior literature, it is suggested that the presence of higher internal audit quality should able to enhance greater compliance of risk and control disclosure among listed companies. Consequently, it is promulgated: 
H1. Internal audit quality is positively associated with disclosure on risk management and internal control.               

3.1. Components of Internal Audit Quality Index

The internal audit quality index is developed based on the criteria discussed in Abbott, Daugherty, Parker, and Peters (2016). Abbott et al. (2016) provide a synthesis of the empirical which assert independence, competence and work performance as main components of internal audit quality. The scope of internal audit quality in internal audit standards (Institute of Internal Audit Malaysia (IIAM), 2015) and literature was further extended (see (Duncan & Trotman, 2015; Lenz & Hahn, 2015; Lin et al., 2011; Prawitt, Smith, & Wood, 2009)). Previous studies suggest that certain internal audit activities help to prevent risks from occurring and enhance the effectiveness of internal control. In short, referring to preceding literature, internal audit quality is to include the elements of input, process, output and outcome factors (competence, independence, work performance, internal audit activities, and audit committee support). Thus, internal audit should remain objective in providing assurance and consulting services in reviewing risk and control effectiveness (Lin et al., 2011). Internal audit should assess management plans and assertions continuously and fulfilled assurance gap by through ongoing communications with appropriate parties (i.e. audit committee). In line with Prawitt et al. (2009) internal audit should be one of the resources in preventing misstatements. Hence, based on the synthesis of the literature, this study defines that measurement of internal audit quality is using a composite index comprising nine individual components as follows:

3.2. Measurement of Internal Audit Quality Index

The internal audit quality index is comprised of nine elements which are requirements that extracted from MCCG, Listing Requirements and Internal Auditing Professional Standards. Most of the elements have been examined in prior studies. The scoring for each element is as follows. If a company complies with a particular requirement, it will be awarded a score of 1, and 0 otherwise. The scoring is assessed on the statement made and the detail explanation provided. The score of internal audit quality for a listed company is a sum of all requirements. Therefore, the maximum possible score for each company is 9. It is assumed that a higher score indicates a better quality of internal audit.

3.3. Other Variables

Consistent with prior studies, the three most relevant characteristics namely firm size, firm liquidity, and audit firm size are included as control variables.

Firm size. Total assets have been used as a proxy for firm size (Amran et al., 2008). Large firms tend to be more complex and have diversified operations. These features underline a greater level of risk to investors which demand a greater level of publicity due to higher scrutiny by the stakeholders (Deumes & Knechel, 2008).
H2. Firm size is positively associated with disclosure on risk management and internal control.

Liquidity. The proportion of current assets to current liabilities is used to measure liquidity. This variable indicates the level of a company's ability to meeting the payment of short-term debts. Hence, the company may publish more risk and control information in order to reduce information asymmetry. Similarly, it suggests the ability of management in identifying, measuring and managing its risk and reduces the level of uncertainties.
H3. Firm liquidity is positively associated with disclosure on risk management and internal control.

Audit firm size. Companies that have greater risks often hire higher quality of audit firms. As larger and well-known audit firms tend to encourage companies to disclose more information to stakeholders. It aims to reduce any reputational risks and costs possibly faced by the audit firms and companies (Oliveira et al., 2011).
H4. Audit firm size is positively associated with disclosure on risk management and internal control.

4. RESEARCH METHOD

4.1. Sample and Sampling Design

Public listed companies on Bursa Malaysia in 2017 were used as the population of the study. This is to examine the extent of disclosure practices among those listed companies. Several sectors such as the financial industry, REITs, closed-end funds and twenty-seven of PN17 companies were eliminated from the main list of the population which left with 722 companies. Stratified sampling methods were used with 3 is identified as the kth element which resulted in 240 companies are being selected. However, 40 companies were further being eliminated due to some missing information. Annual report with financial year ended 2016 was used at the time of data collection as an annual report for the financial year ended 2017 has yet to be issued.

4.2. Variables Measurement

4.2.1. Dependent Variable

Annual report of selected public listed companies will be used as a basis of data collection. Information on disclosure on risk and control are to be collected from the Statement of Risk and Control in the annual report of 2016. Guidelines for Directors on disclosure on risk and control and requirements under Paragraph 15.26(b) of the Bursa Malaysia Listing Requirements will be used to identify items required under mandatory and voluntary disclosure on risk and control. In addition to that, the disclosure index used in prior studies is used as an additional reference (Amran et al., 2008; Haron et al., 2010). An item on the disclosure index is scored one (1) if disclosed and zero (0) if otherwise. This disclosure index is then calculated based on the ratio of the total items, as disclosed by a sample company, to the maximum possible number of items that can be scored by that sampled company.

4.2.2. Independent and Control Variables

This study also examines the influence of internal audit quality on disclosure practices. Internal audit quality is measured based on a composite of several internal audit attributes. Internal audit quality consists of several critical characteristics of internal audit input, process and output namely nature of internal audit, independent and competency of internal audit, audit committee support and approval on audit charter, risk-based audit, presence of quality assurance on internal audit performance, and acceptance on internal audit insights (Haron et al., 2010; Lenz & Hahn, 2015).

4.3. Research Model

The purpose of the study is to examine whether internal audit quality has an association with disclosure on risk management and internal control. Therefore, the dependent variable is disclosure on risk management and internal control which is defined as a score of the maximum possible number of items that can be scored by a company. The main independent variable is internal audit quality which is measured by the total score of internal audit quality index. Other variables such as firm size, liquidity, and audit firm size are included as control variables of the study. The following cross-sectional regression model is used to test factors influencing disclosure on risk management and internal control.

DRMIC = b0 + b1 IAQj + b2 F_SZj + b3 LIQj + b4 AF_SZj + ej

Where the definition and measurement of variables used in the study is presented in Table 1.

Table-1. Definition and measurement for dependent, independent and control variables.

Variables   Measurement
Dependent variable
Disclosure on risk management and internal control
Independent variable
Internal audit quality               Control variables
Firm size
Liquidity
Size of audit firm
 

DRMIC  

  IAQ  

 

 

 

 

 

F_SZ
LIQ
AF_SZ

Eight items of mandatory disclosure as required by Para 40 & 41 of Bursa Malaysia Listing Requirements
The composite index of the following characteristics:
Nature of IA. 1 = if internal audit is established in house; 0 = internal audit is provided by an external provider. 
Risk-based audit plan. 1 = Internal audit plan was based on annual risk assessment; 0 = otherwise.
AC support. 1 = AC provides support to internal audit; 0 = otherwise.  
Audit charter approval. 1 = Internal audit charter was approved by the audit committee; 0 = otherwise.
Meeting. 1 = Regular meetings without the presence of management; 0 = otherwise.
Reasonable assurance. 1 = IA provides reasonable assurance opinion to the board on the state of RMIC; 0 = otherwise.
Management support. 1 = Internal audit observations were acted on; 0 = otherwise.
IA competency. 1 = IA possess an appropriate level of expertise and qualifications; 0 = otherwise.
Quality assurance. 1 = Existence of quality assurance on the performance of IA; 0 = otherwise.
A natural logarithm of the companies’ total assets
A natural logarithm of the companies’ current assets on current liabilities
1 = if auditor is one of the Big 4; 0 = otherwise

5. RESULTS

5.1. A Pattern of Mandatory Disclosure on Risk Management and Internal Control

Table 2 presents the pattern of mandatory disclosure of the sample firms. The table shows that 177 out of 200 firms have full compliance (88.5 percent). While only 23 firms (11.5 percent) have not satisfied full level of compliance which ranges from 5 to 7 items only are being disclosed in the annual report.

Table 2. A pattern of mandatory disclosure.

No of Mandatory Disclosure Items
Frequency
Percentage
5
1
0.5
6
6
3.0
7
16
8.0
8
177
88.5
Total
200
100

5.2. Descriptive Analysis

Table 3 presents descriptive statistics for the data on variables for 200 samples investigated in the study. In respect of the dependent variable, disclosure on risk management and internal control indicate that most of the data were tilted towards high or almost full compliance. While independent variable, internal audit quality (measured using composite index) has an average score of 3.64 which ranges from a score of 0 to 9. This result refers to a wide variety of internal audit quality among the sampled companies. In terms of control variables, the results for firm size and firm liquidity exhibit the mean of the natural log of the sample companies' total assets and current assets over current liabilities. Finally, the size of audit firms as shown in Panel B indicate that 82 percent of the sample companies are audited by the larger audit firm. 

Table-3. Descriptive statistics.

Panel A: Descriptive analysis for continuous variables
   
Variables
Mean
SD
Min
Max
Kurtosis
Skewness
DRMIC
7.85
0.471
5
8
12.00
-3.381
IAQ
3.64
1.83
0
9
0.340
.116
F_SZ
7.07
1.36
4.25
9.47
-1.449
.012
LIQ
.38
.41
-.66
1.86
1.009
.581
Panel B: Descriptive analysis for dichotomous variable
Variables
Min
Max
Frequency
(%)
AF_SZ
0
1
82
41

5.3. Correlation Analysis

The Pearson correlation was used to examine the correlation between the variables used in the study. Table 4 indicates that all correlation coefficients of the study's variables are below 0.7 which indicates that multicollinearity between variables in our model is not an issue (Pallant, 2013).

Table-4. Correlation matrix.

 
DRMIC
IAQ
AF_SZ
F_SZ
LIQ
DRMIC
1.00
.213**
.101
.034
-.090
IAQ
1.00
.051
.128
.104
AF_SZ
1.00
-.121
-.142*
F_SZ
1.00
.169*
LIQ
1.00

Notes: Significant at ***0.01; **0.05; and *0.10.

5.5. Multivariate Analysis

Multivariate regression analysis was conducted to examine factors that influence disclosure on risk management and internal control.

Table 5 presents the empirical results of our regression model. As shown in the table, the F-statistic of the model is significant (F = 3.329, p < 0.012 with an R2 of 0.045). The value of R2 indicates that about 4.5 percent of the variance of the disclosure on risk management and internal control in the model is explained by the independent variable internal audit quality. This finding support for H1 which indicates that the presence of high-quality internal audit able to enhance the extent of disclosure on risk management and internal control. The coefficient is positive and statistically significant with p-values of 0.003. This result is consistent with the results of prior empirical studies (Lin et al., 2011; Oussii & Taktak, 2018). High internal audit quality is able to provide assurance to other governance parties such as the audit committee and the board on the effectiveness of risk management and control process. With respect to control variables, the regression results indicate that audit firm size, firm size and liquidity are not significantly related to disclosure practices, hence H2 to H4 are not supported.  

Table-5. Regression results.

Dependent Variable: Disclosure on Risk Management and Internal Control
Variables
Hypotheses
 
Constant
.877 (76.345)***
Hypothesis Variable
 
IAQ
H1
.003 (3.053)***
Control Variables
Firm Size
H2
.001 (.474)
Liquidity
H3
-.008 (-1.489)
Audit Firm Size
H4
-.005 (1.108)
R Square
.065
Adjusted R Square
.045
F-value
3.329
Significance
.012
Durbin-Watson
1.550
N
200

Note: ***p<.01, **p<.05, *p<.10
Statistics shown: Coefficients (t-statistics in parentheses).

6. DISCUSSION AND CONCLUSION

This study provides empirical evidence on the role of internal audit quality, as one of the monitoring mechanisms, in ensuring good disclosure practices in an emerging country. Hence, the main objective of the study is to examine the association between internal audit quality and disclosure on risk management and internal control. The results of the study show evidence that internal audit quality is positively and significantly related to the disclosure on risk management and internal control. The evidence shows that components of internal audit quality index that comprise of most critical factors did support the internal audit role in providing assurance on the effectiveness of risk management and internal control. For instance, the presence of in-house internal audit function shows companies' commitment towards good governance practices, as in-house internal audit based enable to provide greater coverage of audit scope. Besides, audit committee involvement in reviewing the internal audit program and provision of approval on audit charter is greatly needed in granting more independence towards internal audit function. Concerning incorporation of quality assurance technique into internal audit activities, it helps internal audit to prevent material deficiencies from occurring.

Collectively, the findings shed light on the importance of internal audit in providing assurance to parties those charged with governance such as audit committee and the board. The results of the present study make a number of contributions. First, the study adds to the growing literature on the relationships between internal audit quality and disclosure practices in an emerging country. With respect to the audit committee and board of directors, they should provide support and rely on the works and recommendations provided by the internal audit. As the presence of high-quality internal audit will contribute to stronger risk and control environment. With regard to regulatory bodies, our findings suggest that the authority to strengthen the requirements on internal audit quality leading to a better quality of disclosure practices. There are some limitations in this study that should be considered when interpreting the results. First, the determination of internal audit quality in this study is based on the externally available information (annual report). There is a possibility that the items presented in the disclosure do not reflect actual practices. Besides, internal audit quality may also be affected by other governance mechanisms since internal audit does not operate alone in an organization. Second, the development of the internal audit quality index is based on key elements that were highlighted by the framework as suggested by prior literature and internal auditing standards. Probably there are other aspects of internal audit quality that have not been addressed which warrant for future research in developing a more comprehensive index.

Funding: Financial assistance for this study was kindly awarded by IAREF from Department of Accounting IIUM (Grant no: IAREF 18-008-0024). 

Competing Interests: The author declares that there are no conflicts of interests regarding the publication of this paper.

REFERENCES

Abbott, L. J., Daugherty, B., Parker, S., & Peters, G. F. (2016). Internal audit quality and financial reporting quality: The joint importance of independence and competence. Journal of Accounting Research, 54(1), 3-40.

Adams, M. B. (1994). Agency theory and the internal audit. Managerial Auditing Journal, 9(8), 8-12.

Ahmad, R. A. R., Abdullah, N., Jamel, N. E. S. M., & Omar, N. (2015). Board characteristics and risk management and internal control disclosure level: Evidence from malaysia. Procedia Economics and Finance, 31, 601-610.Available at: https://doi.org/10.1016/s2212-5671(15)01147-8.

Amran, A., Rosli, A. M., & Mohd Hassan, B. C. H. (2008). Risk reporting: An exploratory study on risk management disclosure in Malaysian annual reports. Managerial Auditing Journal, 24(1), 39-57.

Chambers, A. D., & Odar, M. (2015). A new vision for internal audit. Managerial Auditing Journal, 30(1), 34-55.

Deumes, R., & Knechel, W. R. (2008). Economic incentives for voluntary reporting on internal risk management and control systems. Auditing: A Journal of Practice & Theory, 27(1), 35-66.Available at: https://doi.org/10.2308/aud.2008.27.1.35.

Domínguez, L. R., & Gámez, L. C. N. (2014). Corporate reporting on risks: Evidence from Spanish companies. Accounting Magazine, 17(2), 116-129.

Duncan, K., & Trotman, A. (2015). Internal audit quality: A multi-stakeholder analysis: Northeastern University.

Haron, H., Jeyaraman, K., & Chye, O. H. (2010). Determinants of internal control characteristics influencing voluntary and mandatory disclosures. Managerial Auditing Journal, 25(2), 140-159.

Institute of Internal Audit Malaysia (IIAM). (2015). Statement on risk management and internal control: guidelines for directors of listed issuers. Kuala Lumpur: IIAM.

Institute of Internal Auditors (IIA). (2017). International standards for the professional practice of internal auditing (PPF). Florida, US: Altamonte Spring.

Jensen, M. C., & Meckling, W. H. (1976). Theory of the firm: Managerial behavior, agency costs and ownership structure. Journal of Financial Economics, 3(4), 305-360.

Lenz, R., & Hahn, U. (2015). A synthesis of empirical internal audit effectiveness literature pointing to new research opportunities. Managerial Auditing Journal, 30(1), 5-33.

Lin, S., Pizzini, M., Vargus, M., & Bardhan, I. R. (2011). The role of the internal audit function in the disclosure of material weaknesses. The Accounting Review, 86(1), 287-323.Available at: https://doi.org/10.2308/accr.00000016.

Linsley, P. M., & Shrives, P. J. (2006). Risk reporting: A study of risk disclosures in the annual reports of UK companies. The British Accounting Review, 38(4), 387-404.Available at: https://doi.org/10.1016/j.bar.2006.05.002.

Malaysian Code of Corporate Governance (MCCG). (2012). The code of corporate governance. Kuala Lumpur: Securities Commission.

Malaysian Code of Corporate Governance (MCCG). (2017). The code of corporate governance. Kuala Lumpur: Securities Commission.

Oliveira, J., Rodrigues, L. L., & Craig, R. (2011). Risk-related disclosures by non-finance companies: Portuguese practices and disclosure characteristics. Managerial Auditing Journal, 26(9), 817-839.

Oussii, A. A., & Taktak, N. B. (2018). The impact of internal audit function characteristics on internal control quality. Managerial Auditing Journal, 33(5), 450-469.Available at: https://doi.org/10.1108/MAJ-06-2017-1579.

Pallant, J. (2013). SPSS survival manual. UK: McGraw-Hill Education.

Prawitt, D. F., Smith, J. L., & Wood, D. A. (2009). Internal audit quality and earnings management. The Accounting Review, 84(4), 1255-1280.

Sarens, G., & Abdolmohammadi, M. J. (2011). Monitoring effects of the internal audit function: Agency theory versus other explanatory variables. International Journal of Auditing, 15(1), 1-20.Available at: https://doi.org/10.1111/j.1099-1123.2010.00419.x.

Views and opinions expressed in this article are the views and opinions of the author(s), International Journal of Business, Economics and Management shall not be responsible or answerable for any loss, damage or liability etc. caused in relation to/arising out of the use of the content.