From Compliance to Strategy: Using the Three Lines of Defense Model to Evaluate and Motivate Internal Audit Contributions to Accounting Research
Posted: 29 Jun 2017
Date Written: May 31, 2017
We synthesize the extant behavioral and archival literature examining the internal audit function’s (IAF's) contribution to and association with research published in six broad and 13 subject-specific accounting journals since 2004. Rather than use the corporate governance cornerstone or mosaic frameworks used in comprehensive reviews of IAF-related literature published in 2004, we use the Institute of Internal Auditors' Three Lines of Defense (3LOD) in Effective Risk Management and Control. We use the 3LOD model to both evaluate extant and to motivate additional research on internal audit. The prior syntheses focus on the IAF as a "cornerstone" of corporate governance and how the IAF can contribute to improved governance. More specifically, those syntheses adopt a perspective that the IAF serves as a resource to each of the other three parties responsible for corporate governance. The 3LOD framework is similar in that it encourages continued coordination but differs in that it suggests a clearer delineation of responsibilities for control ownership, monitoring, and evaluation. This framework suggests the IAF is the final line of defense against significant risk or internal control weakness rather than either the primary or an equal line of defense. After 2004, our review of the literature suggests a concentration around three themes: external auditor reliance, use of the IAF as a management training ground, and more recently the IAF’s use of technology to enhance the assurance process. Applying this prior research to the 3LOD model identifies many areas for future research that we discuss throughout the paper.
Keywords: Internal Audit, Internal Control, Three Lines of Defense, Literature Review
JEL Classification: M41, M42
Suggested Citation: Suggested Citation