Internal Auditor’s Compliance to Code of Ethics: Empirical Findings from Malaysian

Government-Linked Companies Introduction

The role of internal auditors to safeguard the assets of the company and act as a last line of
defense to prevent and detect fraud cannot be denied. Internal auditors are professionally
qualified people with experience and knowledge who understand a company’s internal and
external processes, its culture and systems. Most importantly, these auditors provide
assurance that the internal control systems in the organization are sufficient to mitigate any
type of risks, ensure that governance processes are effective and efficient, and that
organisational goals and objectives can be achieved.
In performing their job, internal auditors need to be objective and uphold the value of
integrity. This is not easy because, as compared with external auditors, internal auditors are
vulnerable to internal influence and powerful insiders (Suddaby et al., 2009), office politics
(Reynolds, 2000), and under pressure to satisfy management demands (Roussy, 2013). Thus,
there is an issue whether the internal auditor can act professionally and ethically (Everett and
Tremblay, 2014). Because of that, the accountant generally and internal auditor particularly
need to be seen as moral actors involved in shaping the morality of the markets (Lehman,
2006; Shearer, 2002). Neu et al. (2013) found that when political consideration is able to
influence and frame audit judgments, it will limit the likelihood of auditors to detect and
report potentially corrupt activities. Empirical research has shown that, if accountants are
heavily exposed to questionable ethical behaviour, it will increase their level of acceptance on
unethical behaviour (Mirshekary and Carr, 2015).
Apart from that, an internal auditor needs to appreciate the value and ownership of the
information he or she discovers along with the task by keeping it private and confidential.
The auditor is also required at all times to maintain the quality of his or her knowledge, skills,
and experience in performing his/her duties. For those who are also a member of professional
organizations such as the Institute of Internal Auditors (IIA), values such as objectivity,
integrity, confidentiality, and competency are important principles and form part of the IIA’s
Code of Ethics. This code is established to promote an ethical conduct and culture in the
internal auditing profession (IIA, 2009). Some of the biggest challenges and responsibilities
that are increasingly critical for internal auditors include their ability to deal with unethical
and fraud issues. IIA’s Implementation Standard 2120.A2, for example, clearly states that the
internal audit activity must evaluate the potential for the occurrence of fraud and how the
organization manages fraud risks. On the other hand, Standard 2110 requires internal auditors
to assess and suggest actions to improve governance processes of the company that relate to
accountability, ethics, and value promotion in the organization (IIA, 2012). Although internal
auditors are not responsible for detecting fraud, they must have reasonable skills and
knowledge to indicate and sense the possibility of fraud and malpractices, including the
existence of unethical behavior in an organization.
An internal auditor is also responsible for evaluating fraud indicators such as unethical
behavior and to decide on a course of action to be taken such as recommending more robust
and comprehensive investigations to be conducted. As posited by Schwatrz and Sharpe
(2006), although an individual has skills, he or she also needs the will, which is the
willingness to do it. In this context, an internal auditor must have the will to take a course of
action, although he will risk retaliation from the organization. This corresponds to the IIA’s
International Standards for the Professional Practice of Internal Auditing (ISPPIA), which
requires internal auditors to have sufficient knowledge to evaluate the risk of fraud and the
way it is managed by the organization. Therefore, internal auditors have to play an essential
role for evaluating the ethical behavior climate in their organization. This role becomes more
significant because, currently, the trend of fraud, corruption, and unethical practices in
Malaysia are on the rise. The KPMG Malaysia Fraud, Bribery, and Corruption Survey Report
in 2013, for example, found that the number of fraud cases among corporate companies in
Malaysia is expected to increase in the future, partly due to the financial crisis (KPMG,
2013). Even so, many companies in Malaysia are willing to manipulate their financial
statements, such as backdate a contract and book revenues, earlier than they should be in
order to meet financial targets (Ernts and Young, 2016). The highest risk of fraud arises and
starts from unethical human behavior. In fact, unethical human behavior has been at the root
of every corporate scandal, including government link companies (GLCs). Ironically, fraud
and unethical practices still occur, although in the industry that is closely monitored and
tightly regulated such as banking and financial institutions (Manan et al., 2013). These
corporate misconducts have caused the public to query, “Where were the internal auditors?”
The rampant coverage by the mass media of these actions has gained the attention of stock
exchanges, regulatory bodies, accounting, and auditing professions worldwide.
GLCs in Malaysia constitute a substantial portion of the economic structure of the country. It
established approximately 36 percent market capitalisation of the stock exchange, namely,
Bursa Malaysia, and 54 percent of the benchmark of the Kuala Lumpur Composite Index
(KLCI), thus reinforcing the critical role that internal auditors can play in contributing to the
nation’s well-being generally and to their organization’s in particular. However, the
importance of GLCs in helping to develop the nation was tainted by poor public perception of
some of them. For instance, the national air carrier, Malaysia Airlines System (MAS), fared
poorly and was consistently outperformed by its competitors. Its losses ballooned to
RM343.44 million during the fourth quarter in 2013, despite restructuring efforts to put the
airline back on track. Another GLC, Proton, was involved in the corporate scandal that
involved poor decision-making to acquire MV Augusta, an Italian motorcycle manufacturer
that cost Proton a loss of RM500 million in 2006. In more recent cases, top GLC officials are
being investigated for alleged abuse of power and corruption involving a sum of nearly
RM50 million (The Star, 2016).
Based on this scenario, the purposes of this paper are to determine the professional
competency levels acquired by internal auditors of GLCs in detecting unethical behaviour in
their organizations, to gauge the internal auditors’ position on objectivity and integrity in
dealing with unethical behavior, and to determine the level of internal auditors’ awareness on
ethical issues in the respective GLCs. In short, this study attempts to answer the following
research question: What is the perception of internal auditors in Malaysian GLC on ethical
issues?
This study could contribute in several ways. First, it highlights the level of internal auditor
competency in identifying unethical behaviour within their organization. It naturally
describes the level of internal auditors’ professional competency, objectivity, and integrity
and internal auditors’ awareness on unethical behavior and practices present in their own
organization. The findings of the study could provide useful information for the training of
internal auditors in Malaysia, helping to draw up a curriculum more focused on issues where
internal auditors did not show a sufficient awareness of unethical issues.
Second, this study provides empirical evidence on the extent of internal auditor adherence to
the ISPPIA and the IIA’s Practice Guide to identify unethical behavior in their organization.
It also provides a link between the competency of internal auditors and ethical behavior
assessment. Internal auditors are presented with important attributes of internal auditing
practices, as stated in the ISPPIA toward assessing ethical behavior to better performance of
the organization.
Third, with regards to practitioners, this study can help the organization to re-focus and place
emphasis on the importance of core values and ethics in their culture and working
environment. This study provides an opportunity to assess whether the company is complying
with the required code of ethics and code of conduct.
Finally, this study could contribute to the body of literature on the role of the internal auditor
of GLCs to detect unethical practices that are currently limited in the literature particularly on
companies that operate in emerging markets such as Malaysia. The role of internal auditors in
Malaysia has been little investigated so far with no specific focus on GLCs. This paper is
organized as follows. Next is a review of the literature followed by research methodology.
Section four covers the findings and discussion, while section five is the conclusion. The last
section discusses limitations and recommendations for future research.
Literature Review
Internal audit overview
Internal auditing is described as an independent assurance and consultancy activity that can
improve organizational operations (Reding et al., 2013), while the internal auditor is an
employee responsible for the internal audit activities of the organization. There are two main
activities of internal audit: to ensure compliance with laws and regulations and to consult
management to accomplish objectives, manage risks, and improve corporate governance
(Nickell and Roberts, 2014). These activities or functions are quite expensive and, thus, are
usually outsourced to external audit firms by small companies. However, outsourcing this
function would result in the organization’s loss in value-added activities that can be provided
(Abdolmohammadi, 2013). This is because internal audit plays an important function to
ensure that an organization is run efficiently, is morally sound, technologically advanced,
environmentally friendly, protected from any type of risk, and comply with laws and
regulations (Gramling et al., 2004). An internal auditor also must be independent from the
activities audited in the organization and able to effectively review the operations of the
company, measure and evaluate the adequacy of the internal controls, assess the capability of
the company to perform well, and be ready to respond to the needs of all levels of
management. The auditor provides management with the information required to effectively
discharge its responsibilities.
Due to the broader functions of internal auditors in providing reasonable assurance to the
audit committee regarding risk management, controls, and governance of the organisation,
internal auditors are expected to identify and detect red flags that lead to fraud activities
during the audit process. Although fraud detection is only the secondary objective to audit
(Sikka et al., 1992), it is a public perception that internal audit is able to discover fraud (Puxty
et al., 1994) and add value to their services (Radcliffe, 1999). Everett and Tremblay (2014),
for example, found that the role of detecting irregularities and controlling dysfunctional
behaviour is more serious and important than consulting the management. The red flags or
warning signals that indicate the occurrence of fraud can be seen from unethical practices or
behaviour discovered within the audit process. The competency of internal auditors in
conducting the audit is crucial at this stage. The inability of internal auditors to identify or
detect any misconduct or red flag could lead to the tendency of fraud activities occurring
within the organisation. As a pillar of governance (Gramling et al., 2004), an internal auditor,
as an independent and respectable person in the organization, should play an important role to
mitigate the risk of fraudulent activities due to unethical behavior. This is becoming more
crucial when internal control of the organization is weak because prior study shows that
inadequacy in internal control provides opportunity for fraud to occur (Zakaria et al., 2016;
Abd Rahim et al., 2017). The society, shareholders, and other stakeholders may blame
internal auditors when the organization collapses due to fraudulent activity(s). The question
on the ability of internal auditors to detect and prevent fraud continues to arise. This could
affect public perception on the capability of internal auditors in conducting their audit
engagements.
The ability of auditors to identify ethical dilemmas within the organization was narrowly
discussed by previous researchers. This could be due to the reason that the ability of auditors
to detect unethical behavior is difficult to study. However, an understanding of the internal
auditor’s capability to identify unethical behavior is pertinent to the internal audit function
and the management in order to reduce the risk of fraudulent activities within the
organization. Sarens and Lamboglia (2013) suggested that the internal audit function, which
focuses on financial audit, requires internal auditors with technical accounting certification
and knowledge about fraud auditing. Ma’ayan and Carmeli (2015) argued that internal
auditor’s capacity, such as having the skills and resources that facilitate learning from audits,
improve their ethicality and ethical behaviour.
Empirical research suggests that high-quality internal audit functions are key to monitor
management behaviour and more trusted by the external auditor (Bame-Aldred, 2013). A
good quality audit is important because it affects the reliability of the financial report and
protects the interest of its reader (Husnin et al., 2016). Ege (2015) found that a high-quality
internal audit is negatively associated with management misconduct, both on accounting and
non-accounting misconducts. Beasley et al. (2000) found that firms with fraud enforcements
were less likely to establish internal audit functions, while Schneider and Wilner (1990)
reported that its establishment was able to deter financial reporting irregularities. Previous
studies also showed that internal audit functions would limit earnings manipulation like big
bath by the management (Prawitt et al., 2009) and are negatively associated with accounting
risks (Prawitt et al. 2012). Interestingly, the information disclosure regarding this function
also gave a positive impact to the company such as enhanced confidence of the stakeholders
on the firm’s quality of governance and possibly influenced decision-making on investments
(Archambeault et al., 2008; Holt and DeZoort, 2009).
Unethical practices
In recent years, poor ethical practices and corporate scandals have cost owners, employees,
shareholders, and other stakeholders of firms such as Malaysia Airlines System (MAS),
Linear Corporation, Kenmark Industrial Co (M), and Scomi Precision Engineering Berhad,
billions of ringgit. Examination of the root cause of these scandals documented that the
scandals would not have occurred if top management and employees of the organization were
aware of the unethical behavior of their colleagues rather than striving to achieve the
company’s strategic plans at any costs.
Kish-Gephart et al. (2010) described unethical behaviour as behaviour that violates widely
accepted societal and public moral norms. It can be any action or course of action that society
or a company sees as being less than morally acceptable or respectable. This includes
contraventions of the professional conduct or norms in regulating interpersonal relationships
of the individual or group in a variety of social settings. In a more structured and formal
environment such as in the workplace, unethical behavior by employees include wasting
company time, using company supplies for personal use, property theft, illegitimately
exchanging company resources for personal gain, and deceiving customers or clients (Luna-
Arocas and Tang, 2004). From the top management to the lower level of corporate
management, unethical behavior nurture many negative effects (Omar et al., 2016) such as
tarnishing company’s business practices and diminishing work quality, which leads to the
company’s poor performance and even business failure (Manan et al., 2015).
Unethical behaviors among leaders and top management are more significant and result in
huge adverse outcome because they mirror the reputation and image of the company that they
lead. Any unethical practices committed by top managers are corrosive to the company or
organization. Unfortunately, it is common nowadays for an entire organization to take
responsibility and burden for its management’s mistakes. The collapse of the giant energy
company Enron is a good example. While unethical behaviour at any level results in
unfavorable consequences for an organization, the worst situation would occur if top
management such as the chief executive acted in an unethical manner.
Prior studies revealed that unethical behaviour can contribute to the tendency of fraud in an
organization. Undetected and uncontrolled unethical behaviour could have a huge impact on
the operations of an organization. The implications of unethical behaviour include strained
relationships between management and employees, impaired employee productivity, frequent
interventions by the regulator and watchdog agencies, higher legal liability as a result of
investigations by commercial crime examiner, and damage to company’s reputation. Hence,
the organization’s credibility and relationship could be broken and would be difficult to
reinstate. Thus, it is important for internal auditors to play their role in preventing unethical
behavior and act as an anti-fraud control (Westhausen, 2017; Naheem, 2016).
Agency theory
The competency and ability of the internal auditor to meet with the requirements of the code
of ethics can be explained and predicted by using an agency theory. Fundamentally, this
theory proposed that there is a problem in terms of the relationship among the owner of firm,
shareholder, and their agent, a manager hired to run a company (Jensen and Meckling, 1976).
This problem is created when the manager has an opportunity to misuse resources of the
company for personal gain, as he or she has more information about the business. To prevent
this problem from occurring, a control mechanism known as agency costs is needed to
control management’s behaviour. In the context of this research, the shareholders will
contribute some amount of resources to establish an efficient and effective internal audit
function. Maijoor and Van Witteloostuijn (1996) argued that the key attributes in the audit
regulation industry are resources. Empirical research related to the Malaysian study on
internal auditing also found that internal audit units or departments were unable to operate
effectively as a result of the staff lacking in appropriate skills due to the limited resources
(Ali et al., 2011; 2007; 2009). As GLCs are big corporations with the support from the
government, GLCs have large capital and funds that can be pooled to have a competent
internal audit function. This can be done via systematic and comprehensive training and
hiring highly a qualified and experience internal auditor. Thus, based on this theory, it is
predicted that the internal auditors of GLCs do not have much problem in complying with the
code of ethics and dealing with unethical behaviour in their company.
Research Methodology
Primary data were collected for this research. The primary data consisted of 40 questionnaires
randomly distributed online to the respondents with 35 respondents replied (rate of responses
= 87.5 percent). Online questionnaires were used because they offered a user-friendly, cost-
effective, and time-saving option (Smith, 2015). The respondents were internal auditors of
five randomly selected GLCs who were directly involved in the operational audit of the
organization. The questionnaires were divided into two sections. The first section required
internal auditors to indicate, on a nominal scale, information pertaining to their gender, age,
level of academic qualification, and years of employment in the industry. The second section
required respondents to indicate, on a dichotomous scale, the opinion they placed on each
item pertaining to internal auditor competency, awareness, integrity, and objectivity on
ethical issues. The points were: Yes, No, and Not Sure.
The questionnaires were constructed and utilised the IIA’s Competency Framework and the
CIA examination paper part 1, which was mainly on integrity and objectivity. These
instruments tested the internal auditors’ adherence to the IIA Code of Ethics to evaluate the
competency of the internal auditors to identify and assess unethical behaviour and the
awareness of the internal auditors regarding unethical behaviour in their organization (GLCs).
The questionnaires had been validated by the experts from the internal auditing fields before
being distributed. The same approach was also used by Fadzil et al. (2005) to determine the
level of internal auditors’ compliance with ISPPIA.
Findings
Profile of respondents
Insert Table 1 Table 1 shows the descriptive statistics of the respondents. The majority of
respondents were male (60 percent). In terms of age, almost all of them were less than 41
years old. More than 50 percent graduated from a university with a bachelor’s degree, and
almost a quarter (23 percent) have a professional qualification; 91 percent have worked as
internal auditors for more than three years, and more than half (51 percent) have already
exceeded five years of experience; 54 percent of the respondents are in junior positions, while
the rest are almost equally distributed in senior or supervisory positions and managerial
positions. About 66 percent of the respondents have experienced unethical behavior within
their organization, which indicated that unethical behavior actually existed and was
encountered by audit practitioners.
Professional competency levels acquired by internal auditors in detecting unethical
behaviour
Research objective one can be addressed by reviewing Section B of the questionnaire. This
section contained 25 questions and was divided into four parts: International Professional
Practices Framework, Technical Skills, Interpersonal Skills, and Knowledge on Ethics and
Fraud. Statements in this section have been adapted from the IIA Global Competency
Framework and the IIA Australia Competency Framework. Notwithstanding only a part of
the framework may be taken for the purpose of evaluating internal auditors’ levels of
competency in detecting unethical practices. The results of the study are as per Table 2.
Insert Table 2 Overall, this result indicates that most internal auditors are knowledgeable,
skilful, and possess a high level of professional competency in detecting unethical behaviour
within their organization. Almost 100 percent of internal auditors were able to conduct audit
assignments with objectivity and due professional care, and 94 percent of internal auditors
were able to follow guidelines to conform to the IPPF to ensure that the audit framework and
program followed a risk-based approach (RBA) covering planning, fieldwork, reporting, and
follow-up. This finding also showed that internal auditors have knowledge on the IPPF and
are able to adapt to the principles of code of ethics in conducting audit engagements.
The majority of internal auditors have satisfactory technical skills, with an average score of
77 percent. For example, 97 percent of internal auditors were able to analyze the
effectiveness and efficiency of business processes and apply data sampling and appropriate
analysis techniques during audit engagements, while 94 percent of internal auditors were able
to identify business processes, illustrate, and present them by proficiently using flowcharting
techniques and queries, Excel spreadsheets, and various organizational information
technology systems or data extraction software provided by the external providers. The only
concern was that not all internal auditors employ ISO and COSO best practices (only 60
percent). This indicated that the group lagged behind in terms of global best practices. Time
planning also was an issue, where only 60 percent of internal auditors responded that they
planned appropriately and managed their time in performing their jobs. Finally, only 43
percent had consultation skills in providing strategic advice to the management to improve
organizational processes. This could be due to the fact that the majority of the respondents in
this study were junior and inexperienced internal auditors, hence less exposed to audit at the
strategic level.
Interpersonal skills also showed a commendable result of 88 percent on average, which
indicated that respondents had good communication and public relation skills; 97 percent of
the internal auditors were able to establish and present convincing cases and arguments to
deliver matters of concern to the client, while 94 percent of the internal auditors were able to
utilize listening skills to express direct and responsive answers to questions during interview
sessions with the auditees. None of the statements received less than an 80 percent score.
The evaluation on the knowledge of internal auditors regarding ethics and fraud also showed
a satisfactory result of 73 percent; 89 percent of internal auditors realized their
responsibilities to uphold the code of ethics of the relevant professional bodies in every audit
engagement; 86 percent of the auditors were able to adopt ethical values and principles to the
sections being audited; and 77 percent of the internal auditors were able to identify the risks
of unethical behaviour occurring within the organization. However, there were two major
concerns here. First, not every auditor would take a firm further course of action when they
discover unethical practices. Only 66 percent had a will to act accordingly when ethical
principles were abused. Second, only 51 percent (half) of the internal auditors had reasonable
knowledge to detect fraud and red flags. This is not laudable, as it indicated that the internal
auditors had poor forensic and financial criminology skills and, thus, were unable to
safeguard the company from theft and misappropriation of assets.
Levels of objectivity and integrity of internal auditors in dealing with unethical behaviour
Research objective two can be addressed by looking at section C of the questionnaire, which
contained 10 questions adapted from the certified internal auditor (CIA) Examination Paper
Part 1. Nevertheless, only a part of the examination questions had been taken mainly on the
objectivity and integrity of internal auditors. The results of the study are as per Table 3.
Insert Table 3 On the whole, the results indicated that internal auditors were able to exercise
their integrity and objectivity. Based on the various scenarios given, 91 percent of the internal
auditors showed the highest integrity by reporting violations of regulatory requirements to the
board and the management.
Based on the study, the internal auditors would not accept any facilitating payment and gift of
significant monetary value in resolving the audit issues, as reflected in the results, 89 percent
and 86 percent, respectively. This also showed that the level of internal auditor independence,
which accepts any facilitating payment or gift, would impair the internal auditors’
independence and audit judgment. Furthermore, the results also indicated that 80 percent of
the internal auditors would communicate unethical practices, which were discovered during
audit engagements to the audit management, to see if they were aware of the situations, and
that they would hold their responsibility to report materials inefficiency discovered during
audit engagements regardless of their relationship with the management.
A majority of the internal auditors (77 percent) also had the will to become whistle blowers,
in which they agreed to appear in court to testify against their own organization. The majority
of them (74 percent) agreed to report unethical practices based on actual events and not be
distracted by the promise of future modifications, which did not conform and may recur.
However, almost half of them were unable to differentiate their role of internal auditor as a
consultant and assurance; 40 percent were not sure whether they could accept a fee for tax
preparation; and 46 percent were not sure to accept compensation for consultancy work. This
was a cause for worry because these internal auditors were unable to make a firm decision
when faced with consultancy work paid by their own organization. This dilemma may affect
their ability to conduct consultancy objectively and also could tarnish their integrity, as they
may accede to the needs and requests from their “paymaster.” For example, receiving a fee
for a tax job may risk them to commit tax evasion and alter the correct tax calculation to
show a favourable performance to the tax department.
Level of awareness on ethical issues by internal auditors
Insert Table 4 Table 4 illustrates the levels of internal auditor awareness on unethical
behaviour. The table shows that internal auditors were aware of the occurrences of unethical
behaviour within their organization. Unauthorized personal use of the organization’s assets
was the most unethical behaviour that occurred within the organization. A total of 89 percent
of the internal auditors were aware of this unethical behaviour. The other unethical
behaviours that caught the attention of internal auditors included operating a personal
business during working hours (86 percent), absenteeism or false claims for medical leave
(71 percent), manipulating performance indicators to achieve target(s) (69 percent), conflict
of interest between management and employees (66 percent), and intentionally fabricating the
organization’s records without personal gain (54 percent). There was less abuse of use of
personal credit cards for company expenses possibly because many organizations prohibit
their employees to pay using their own cards for large expenses and be reimbursed later. This
kind of expenditure requires approval from the finance department, and the employees
concerned will be paid by way of cheques or bank transfers. There were also fewer cases for
gifts, whether the employee was at the receiving end or giving gifts to external parties. This
indicated that the organizations may have strict policies regarding gifts and business
relationships with external parties.
Conclusion
The purpose of this study was to determine the professional competency levels acquired by
internal auditors in detecting unethical behaviour, to evaluate their positions on objectivity
and integrity in dealing with unethical behaviour, and to examine the extent of their
awareness of ethical issues in the GLCs.
This study concludes that, first, the internal auditors of the five selected listed GLCs had an
adequately high level of competence in performing audit engagements, which could lead to
detecting unethical behavior in their organization. Second, this study found that the auditors
possessed a high level of objectivity and integrity when confronted with unethical behavior
during audit engagements. This study provided strong evidence that the auditors at the five
selected GLCs complied with the IIA Code of Ethics. Finally, this study also found that
internal auditors of the GLCs were aware of unethical behavior within their organization,
confirming the earlier finding of this study, which found that the internal auditors had
sufficient knowledge and competency. This could be due to the systematic training received
from their employers and years of experience in the auditing field, as a majority of them had
worked as an auditor for more than five years. Theoretically, the findings of this study
support the agency theory and add to the prior empirical research findings such as by Larkin
(2000) who found that most experienced internal auditors were able to identify unethical
behavior. Accordingly, Pflugrath et al. (2007) in their survey to determine the impact of
auditor experience on auditor judgment revealed that greater general-auditing experience
would improve an auditor’s judgment. When the auditors were more experienced, the skills
on ethical awareness became more important (Uyar and Ali, 2011). In addition, the
competencies of the internal auditor play a critical factor affecting external auditor reliance
decision (Suwaidan and Qasim, 2010).
Practically, the findings of this paper also implicate that internal auditors practised their
technical skills while performing their job. This factor could contribute to the ability of
internal auditors to discover unethical behavior, especially in the procurement department,
which revealed a tendency to fraud activities. Palmer et al. (2004) and Uyar and Ali (2011)
suggested that personnel in the accounting profession should possess multiple skills, which
are essential elements in the auditing profession and will assist them in detecting unethical
behavior (Ma’ayan and Carmeli, 2015).
Limitations and Recommendations for Future Research
There are several limitations of the study. First, this study is limited to internal audit
functions established within GLCs. These GLCs operate mainly in industrial products,
consumer, trading/services, and plantation industries in the main market of Bursa, Malaysia.
Second, as this study uses questionnaires, bias in the use of self-reported data may exist.
Some respondents may perceive themselves as being bolder, more ethical, and more
competent than others. In addition, the respondents may not give a response based on the
actual situation or their genuine thinking but be tempted to respond based on a socially
desirable outcome, which is to please their peers and others.
This phenomenon is known as social desirability bias. Finally, in terms of the survey
instrument, questions on IIA Code of Ethics were limited to integrity, objectivity, and the
professional competencies of internal auditors. For the IIA’s Global Competency Framework,
this study was limited to points that were relevant to evaluate internal auditors’ competency
in performing audit engagements such as application of IPPF to internal audit work, auditors’
technical and interpersonal skills, and auditors’ knowledge. Meanwhile, for the CIA part one
examination paper, this study was limited to test the auditors’ level of integrity and
objectivity when performing audit engagements. Future research should be conducted by
expanding the sample of internal auditors who work in non-GLCs and operate in other
industries such as banking and finance. In addition, future research should employ more
robust scales such as the Likert and continuous scales. Inferential based studies also can
be conducted by exploring the impact of internal auditors’ professional character and
behavior toward Downloaded by Iowa State University At 04:23 12 January 2019 (PT)
13 their job and organizational performance. The current study was only descriptive in nature
and employed a dichotomous scale.