Internal auditors play an important role in detecting unethical behavior and fraud within organizations. However, internal auditors in Malaysian government-linked companies may face pressures that influence their objectivity and ability to identify issues. This study aims to assess the competency, objectivity, and awareness of internal auditors in Malaysian GLCs regarding ethical issues and detecting unethical behavior. It also seeks to evaluate internal auditor adherence to standards for identifying such issues. The findings could provide insights for improving internal auditor training and practices related to ethics.
Internal auditors play an important role in detecting unethical behavior and fraud within organizations. However, internal auditors in Malaysian government-linked companies may face pressures that influence their objectivity and ability to identify issues. This study aims to assess the competency, objectivity, and awareness of internal auditors in Malaysian GLCs regarding ethical issues and detecting unethical behavior. It also seeks to evaluate internal auditor adherence to standards for identifying such issues. The findings could provide insights for improving internal auditor training and practices related to ethics.
Internal auditors play an important role in detecting unethical behavior and fraud within organizations. However, internal auditors in Malaysian government-linked companies may face pressures that influence their objectivity and ability to identify issues. This study aims to assess the competency, objectivity, and awareness of internal auditors in Malaysian GLCs regarding ethical issues and detecting unethical behavior. It also seeks to evaluate internal auditor adherence to standards for identifying such issues. The findings could provide insights for improving internal auditor training and practices related to ethics.
Internal Auditor’s Compliance to Code of Ethics: Empirical Findings from Malaysian
Government-Linked Companies Introduction
The role of internal auditors to safeguard the assets of the company and act as a last line of defense to prevent and detect fraud cannot be denied. Internal auditors are professionally qualified people with experience and knowledge who understand a company’s internal and external processes, its culture and systems. Most importantly, these auditors provide assurance that the internal control systems in the organization are sufficient to mitigate any type of risks, ensure that governance processes are effective and efficient, and that organisational goals and objectives can be achieved. In performing their job, internal auditors need to be objective and uphold the value of integrity. This is not easy because, as compared with external auditors, internal auditors are vulnerable to internal influence and powerful insiders (Suddaby et al., 2009), office politics (Reynolds, 2000), and under pressure to satisfy management demands (Roussy, 2013). Thus, there is an issue whether the internal auditor can act professionally and ethically (Everett and Tremblay, 2014). Because of that, the accountant generally and internal auditor particularly need to be seen as moral actors involved in shaping the morality of the markets (Lehman, 2006; Shearer, 2002). Neu et al. (2013) found that when political consideration is able to influence and frame audit judgments, it will limit the likelihood of auditors to detect and report potentially corrupt activities. Empirical research has shown that, if accountants are heavily exposed to questionable ethical behaviour, it will increase their level of acceptance on unethical behaviour (Mirshekary and Carr, 2015). Apart from that, an internal auditor needs to appreciate the value and ownership of the information he or she discovers along with the task by keeping it private and confidential. The auditor is also required at all times to maintain the quality of his or her knowledge, skills, and experience in performing his/her duties. For those who are also a member of professional organizations such as the Institute of Internal Auditors (IIA), values such as objectivity, integrity, confidentiality, and competency are important principles and form part of the IIA’s Code of Ethics. This code is established to promote an ethical conduct and culture in the internal auditing profession (IIA, 2009). Some of the biggest challenges and responsibilities that are increasingly critical for internal auditors include their ability to deal with unethical and fraud issues. IIA’s Implementation Standard 2120.A2, for example, clearly states that the internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risks. On the other hand, Standard 2110 requires internal auditors to assess and suggest actions to improve governance processes of the company that relate to accountability, ethics, and value promotion in the organization (IIA, 2012). Although internal auditors are not responsible for detecting fraud, they must have reasonable skills and knowledge to indicate and sense the possibility of fraud and malpractices, including the existence of unethical behavior in an organization. An internal auditor is also responsible for evaluating fraud indicators such as unethical behavior and to decide on a course of action to be taken such as recommending more robust and comprehensive investigations to be conducted. As posited by Schwatrz and Sharpe (2006), although an individual has skills, he or she also needs the will, which is the willingness to do it. In this context, an internal auditor must have the will to take a course of action, although he will risk retaliation from the organization. This corresponds to the IIA’s International Standards for the Professional Practice of Internal Auditing (ISPPIA), which requires internal auditors to have sufficient knowledge to evaluate the risk of fraud and the way it is managed by the organization. Therefore, internal auditors have to play an essential role for evaluating the ethical behavior climate in their organization. This role becomes more significant because, currently, the trend of fraud, corruption, and unethical practices in Malaysia are on the rise. The KPMG Malaysia Fraud, Bribery, and Corruption Survey Report in 2013, for example, found that the number of fraud cases among corporate companies in Malaysia is expected to increase in the future, partly due to the financial crisis (KPMG, 2013). Even so, many companies in Malaysia are willing to manipulate their financial statements, such as backdate a contract and book revenues, earlier than they should be in order to meet financial targets (Ernts and Young, 2016). The highest risk of fraud arises and starts from unethical human behavior. In fact, unethical human behavior has been at the root of every corporate scandal, including government link companies (GLCs). Ironically, fraud and unethical practices still occur, although in the industry that is closely monitored and tightly regulated such as banking and financial institutions (Manan et al., 2013). These corporate misconducts have caused the public to query, “Where were the internal auditors?” The rampant coverage by the mass media of these actions has gained the attention of stock exchanges, regulatory bodies, accounting, and auditing professions worldwide. GLCs in Malaysia constitute a substantial portion of the economic structure of the country. It established approximately 36 percent market capitalisation of the stock exchange, namely, Bursa Malaysia, and 54 percent of the benchmark of the Kuala Lumpur Composite Index (KLCI), thus reinforcing the critical role that internal auditors can play in contributing to the nation’s well-being generally and to their organization’s in particular. However, the importance of GLCs in helping to develop the nation was tainted by poor public perception of some of them. For instance, the national air carrier, Malaysia Airlines System (MAS), fared poorly and was consistently outperformed by its competitors. Its losses ballooned to RM343.44 million during the fourth quarter in 2013, despite restructuring efforts to put the airline back on track. Another GLC, Proton, was involved in the corporate scandal that involved poor decision-making to acquire MV Augusta, an Italian motorcycle manufacturer that cost Proton a loss of RM500 million in 2006. In more recent cases, top GLC officials are being investigated for alleged abuse of power and corruption involving a sum of nearly RM50 million (The Star, 2016). Based on this scenario, the purposes of this paper are to determine the professional competency levels acquired by internal auditors of GLCs in detecting unethical behaviour in their organizations, to gauge the internal auditors’ position on objectivity and integrity in dealing with unethical behavior, and to determine the level of internal auditors’ awareness on ethical issues in the respective GLCs. In short, this study attempts to answer the following research question: What is the perception of internal auditors in Malaysian GLC on ethical issues? This study could contribute in several ways. First, it highlights the level of internal auditor competency in identifying unethical behaviour within their organization. It naturally describes the level of internal auditors’ professional competency, objectivity, and integrity and internal auditors’ awareness on unethical behavior and practices present in their own organization. The findings of the study could provide useful information for the training of internal auditors in Malaysia, helping to draw up a curriculum more focused on issues where internal auditors did not show a sufficient awareness of unethical issues. Second, this study provides empirical evidence on the extent of internal auditor adherence to the ISPPIA and the IIA’s Practice Guide to identify unethical behavior in their organization. It also provides a link between the competency of internal auditors and ethical behavior assessment. Internal auditors are presented with important attributes of internal auditing practices, as stated in the ISPPIA toward assessing ethical behavior to better performance of the organization. Third, with regards to practitioners, this study can help the organization to re-focus and place emphasis on the importance of core values and ethics in their culture and working environment. This study provides an opportunity to assess whether the company is complying with the required code of ethics and code of conduct. Finally, this study could contribute to the body of literature on the role of the internal auditor of GLCs to detect unethical practices that are currently limited in the literature particularly on companies that operate in emerging markets such as Malaysia. The role of internal auditors in Malaysia has been little investigated so far with no specific focus on GLCs. This paper is organized as follows. Next is a review of the literature followed by research methodology. Section four covers the findings and discussion, while section five is the conclusion. The last section discusses limitations and recommendations for future research. Literature Review Internal audit overview Internal auditing is described as an independent assurance and consultancy activity that can improve organizational operations (Reding et al., 2013), while the internal auditor is an employee responsible for the internal audit activities of the organization. There are two main activities of internal audit: to ensure compliance with laws and regulations and to consult management to accomplish objectives, manage risks, and improve corporate governance (Nickell and Roberts, 2014). These activities or functions are quite expensive and, thus, are usually outsourced to external audit firms by small companies. However, outsourcing this function would result in the organization’s loss in value-added activities that can be provided (Abdolmohammadi, 2013). This is because internal audit plays an important function to ensure that an organization is run efficiently, is morally sound, technologically advanced, environmentally friendly, protected from any type of risk, and comply with laws and regulations (Gramling et al., 2004). An internal auditor also must be independent from the activities audited in the organization and able to effectively review the operations of the company, measure and evaluate the adequacy of the internal controls, assess the capability of the company to perform well, and be ready to respond to the needs of all levels of management. The auditor provides management with the information required to effectively discharge its responsibilities. Due to the broader functions of internal auditors in providing reasonable assurance to the audit committee regarding risk management, controls, and governance of the organisation, internal auditors are expected to identify and detect red flags that lead to fraud activities during the audit process. Although fraud detection is only the secondary objective to audit (Sikka et al., 1992), it is a public perception that internal audit is able to discover fraud (Puxty et al., 1994) and add value to their services (Radcliffe, 1999). Everett and Tremblay (2014), for example, found that the role of detecting irregularities and controlling dysfunctional behaviour is more serious and important than consulting the management. The red flags or warning signals that indicate the occurrence of fraud can be seen from unethical practices or behaviour discovered within the audit process. The competency of internal auditors in conducting the audit is crucial at this stage. The inability of internal auditors to identify or detect any misconduct or red flag could lead to the tendency of fraud activities occurring within the organisation. As a pillar of governance (Gramling et al., 2004), an internal auditor, as an independent and respectable person in the organization, should play an important role to mitigate the risk of fraudulent activities due to unethical behavior. This is becoming more crucial when internal control of the organization is weak because prior study shows that inadequacy in internal control provides opportunity for fraud to occur (Zakaria et al., 2016; Abd Rahim et al., 2017). The society, shareholders, and other stakeholders may blame internal auditors when the organization collapses due to fraudulent activity(s). The question on the ability of internal auditors to detect and prevent fraud continues to arise. This could affect public perception on the capability of internal auditors in conducting their audit engagements. The ability of auditors to identify ethical dilemmas within the organization was narrowly discussed by previous researchers. This could be due to the reason that the ability of auditors to detect unethical behavior is difficult to study. However, an understanding of the internal auditor’s capability to identify unethical behavior is pertinent to the internal audit function and the management in order to reduce the risk of fraudulent activities within the organization. Sarens and Lamboglia (2013) suggested that the internal audit function, which focuses on financial audit, requires internal auditors with technical accounting certification and knowledge about fraud auditing. Ma’ayan and Carmeli (2015) argued that internal auditor’s capacity, such as having the skills and resources that facilitate learning from audits, improve their ethicality and ethical behaviour. Empirical research suggests that high-quality internal audit functions are key to monitor management behaviour and more trusted by the external auditor (Bame-Aldred, 2013). A good quality audit is important because it affects the reliability of the financial report and protects the interest of its reader (Husnin et al., 2016). Ege (2015) found that a high-quality internal audit is negatively associated with management misconduct, both on accounting and non-accounting misconducts. Beasley et al. (2000) found that firms with fraud enforcements were less likely to establish internal audit functions, while Schneider and Wilner (1990) reported that its establishment was able to deter financial reporting irregularities. Previous studies also showed that internal audit functions would limit earnings manipulation like big bath by the management (Prawitt et al., 2009) and are negatively associated with accounting risks (Prawitt et al. 2012). Interestingly, the information disclosure regarding this function also gave a positive impact to the company such as enhanced confidence of the stakeholders on the firm’s quality of governance and possibly influenced decision-making on investments (Archambeault et al., 2008; Holt and DeZoort, 2009). Unethical practices In recent years, poor ethical practices and corporate scandals have cost owners, employees, shareholders, and other stakeholders of firms such as Malaysia Airlines System (MAS), Linear Corporation, Kenmark Industrial Co (M), and Scomi Precision Engineering Berhad, billions of ringgit. Examination of the root cause of these scandals documented that the scandals would not have occurred if top management and employees of the organization were aware of the unethical behavior of their colleagues rather than striving to achieve the company’s strategic plans at any costs. Kish-Gephart et al. (2010) described unethical behaviour as behaviour that violates widely accepted societal and public moral norms. It can be any action or course of action that society or a company sees as being less than morally acceptable or respectable. This includes contraventions of the professional conduct or norms in regulating interpersonal relationships of the individual or group in a variety of social settings. In a more structured and formal environment such as in the workplace, unethical behavior by employees include wasting company time, using company supplies for personal use, property theft, illegitimately exchanging company resources for personal gain, and deceiving customers or clients (Luna- Arocas and Tang, 2004). From the top management to the lower level of corporate management, unethical behavior nurture many negative effects (Omar et al., 2016) such as tarnishing company’s business practices and diminishing work quality, which leads to the company’s poor performance and even business failure (Manan et al., 2015). Unethical behaviors among leaders and top management are more significant and result in huge adverse outcome because they mirror the reputation and image of the company that they lead. Any unethical practices committed by top managers are corrosive to the company or organization. Unfortunately, it is common nowadays for an entire organization to take responsibility and burden for its management’s mistakes. The collapse of the giant energy company Enron is a good example. While unethical behaviour at any level results in unfavorable consequences for an organization, the worst situation would occur if top management such as the chief executive acted in an unethical manner. Prior studies revealed that unethical behaviour can contribute to the tendency of fraud in an organization. Undetected and uncontrolled unethical behaviour could have a huge impact on the operations of an organization. The implications of unethical behaviour include strained relationships between management and employees, impaired employee productivity, frequent interventions by the regulator and watchdog agencies, higher legal liability as a result of investigations by commercial crime examiner, and damage to company’s reputation. Hence, the organization’s credibility and relationship could be broken and would be difficult to reinstate. Thus, it is important for internal auditors to play their role in preventing unethical behavior and act as an anti-fraud control (Westhausen, 2017; Naheem, 2016). Agency theory The competency and ability of the internal auditor to meet with the requirements of the code of ethics can be explained and predicted by using an agency theory. Fundamentally, this theory proposed that there is a problem in terms of the relationship among the owner of firm, shareholder, and their agent, a manager hired to run a company (Jensen and Meckling, 1976). This problem is created when the manager has an opportunity to misuse resources of the company for personal gain, as he or she has more information about the business. To prevent this problem from occurring, a control mechanism known as agency costs is needed to control management’s behaviour. In the context of this research, the shareholders will contribute some amount of resources to establish an efficient and effective internal audit function. Maijoor and Van Witteloostuijn (1996) argued that the key attributes in the audit regulation industry are resources. Empirical research related to the Malaysian study on internal auditing also found that internal audit units or departments were unable to operate effectively as a result of the staff lacking in appropriate skills due to the limited resources (Ali et al., 2011; 2007; 2009). As GLCs are big corporations with the support from the government, GLCs have large capital and funds that can be pooled to have a competent internal audit function. This can be done via systematic and comprehensive training and hiring highly a qualified and experience internal auditor. Thus, based on this theory, it is predicted that the internal auditors of GLCs do not have much problem in complying with the code of ethics and dealing with unethical behaviour in their company. Research Methodology Primary data were collected for this research. The primary data consisted of 40 questionnaires randomly distributed online to the respondents with 35 respondents replied (rate of responses = 87.5 percent). Online questionnaires were used because they offered a user-friendly, cost- effective, and time-saving option (Smith, 2015). The respondents were internal auditors of five randomly selected GLCs who were directly involved in the operational audit of the organization. The questionnaires were divided into two sections. The first section required internal auditors to indicate, on a nominal scale, information pertaining to their gender, age, level of academic qualification, and years of employment in the industry. The second section required respondents to indicate, on a dichotomous scale, the opinion they placed on each item pertaining to internal auditor competency, awareness, integrity, and objectivity on ethical issues. The points were: Yes, No, and Not Sure. The questionnaires were constructed and utilised the IIA’s Competency Framework and the CIA examination paper part 1, which was mainly on integrity and objectivity. These instruments tested the internal auditors’ adherence to the IIA Code of Ethics to evaluate the competency of the internal auditors to identify and assess unethical behaviour and the awareness of the internal auditors regarding unethical behaviour in their organization (GLCs). The questionnaires had been validated by the experts from the internal auditing fields before being distributed. The same approach was also used by Fadzil et al. (2005) to determine the level of internal auditors’ compliance with ISPPIA. Findings Profile of respondents Insert Table 1 Table 1 shows the descriptive statistics of the respondents. The majority of respondents were male (60 percent). In terms of age, almost all of them were less than 41 years old. More than 50 percent graduated from a university with a bachelor’s degree, and almost a quarter (23 percent) have a professional qualification; 91 percent have worked as internal auditors for more than three years, and more than half (51 percent) have already exceeded five years of experience; 54 percent of the respondents are in junior positions, while the rest are almost equally distributed in senior or supervisory positions and managerial positions. About 66 percent of the respondents have experienced unethical behavior within their organization, which indicated that unethical behavior actually existed and was encountered by audit practitioners. Professional competency levels acquired by internal auditors in detecting unethical behaviour Research objective one can be addressed by reviewing Section B of the questionnaire. This section contained 25 questions and was divided into four parts: International Professional Practices Framework, Technical Skills, Interpersonal Skills, and Knowledge on Ethics and Fraud. Statements in this section have been adapted from the IIA Global Competency Framework and the IIA Australia Competency Framework. Notwithstanding only a part of the framework may be taken for the purpose of evaluating internal auditors’ levels of competency in detecting unethical practices. The results of the study are as per Table 2. Insert Table 2 Overall, this result indicates that most internal auditors are knowledgeable, skilful, and possess a high level of professional competency in detecting unethical behaviour within their organization. Almost 100 percent of internal auditors were able to conduct audit assignments with objectivity and due professional care, and 94 percent of internal auditors were able to follow guidelines to conform to the IPPF to ensure that the audit framework and program followed a risk-based approach (RBA) covering planning, fieldwork, reporting, and follow-up. This finding also showed that internal auditors have knowledge on the IPPF and are able to adapt to the principles of code of ethics in conducting audit engagements. The majority of internal auditors have satisfactory technical skills, with an average score of 77 percent. For example, 97 percent of internal auditors were able to analyze the effectiveness and efficiency of business processes and apply data sampling and appropriate analysis techniques during audit engagements, while 94 percent of internal auditors were able to identify business processes, illustrate, and present them by proficiently using flowcharting techniques and queries, Excel spreadsheets, and various organizational information technology systems or data extraction software provided by the external providers. The only concern was that not all internal auditors employ ISO and COSO best practices (only 60 percent). This indicated that the group lagged behind in terms of global best practices. Time planning also was an issue, where only 60 percent of internal auditors responded that they planned appropriately and managed their time in performing their jobs. Finally, only 43 percent had consultation skills in providing strategic advice to the management to improve organizational processes. This could be due to the fact that the majority of the respondents in this study were junior and inexperienced internal auditors, hence less exposed to audit at the strategic level. Interpersonal skills also showed a commendable result of 88 percent on average, which indicated that respondents had good communication and public relation skills; 97 percent of the internal auditors were able to establish and present convincing cases and arguments to deliver matters of concern to the client, while 94 percent of the internal auditors were able to utilize listening skills to express direct and responsive answers to questions during interview sessions with the auditees. None of the statements received less than an 80 percent score. The evaluation on the knowledge of internal auditors regarding ethics and fraud also showed a satisfactory result of 73 percent; 89 percent of internal auditors realized their responsibilities to uphold the code of ethics of the relevant professional bodies in every audit engagement; 86 percent of the auditors were able to adopt ethical values and principles to the sections being audited; and 77 percent of the internal auditors were able to identify the risks of unethical behaviour occurring within the organization. However, there were two major concerns here. First, not every auditor would take a firm further course of action when they discover unethical practices. Only 66 percent had a will to act accordingly when ethical principles were abused. Second, only 51 percent (half) of the internal auditors had reasonable knowledge to detect fraud and red flags. This is not laudable, as it indicated that the internal auditors had poor forensic and financial criminology skills and, thus, were unable to safeguard the company from theft and misappropriation of assets. Levels of objectivity and integrity of internal auditors in dealing with unethical behaviour Research objective two can be addressed by looking at section C of the questionnaire, which contained 10 questions adapted from the certified internal auditor (CIA) Examination Paper Part 1. Nevertheless, only a part of the examination questions had been taken mainly on the objectivity and integrity of internal auditors. The results of the study are as per Table 3. Insert Table 3 On the whole, the results indicated that internal auditors were able to exercise their integrity and objectivity. Based on the various scenarios given, 91 percent of the internal auditors showed the highest integrity by reporting violations of regulatory requirements to the board and the management. Based on the study, the internal auditors would not accept any facilitating payment and gift of significant monetary value in resolving the audit issues, as reflected in the results, 89 percent and 86 percent, respectively. This also showed that the level of internal auditor independence, which accepts any facilitating payment or gift, would impair the internal auditors’ independence and audit judgment. Furthermore, the results also indicated that 80 percent of the internal auditors would communicate unethical practices, which were discovered during audit engagements to the audit management, to see if they were aware of the situations, and that they would hold their responsibility to report materials inefficiency discovered during audit engagements regardless of their relationship with the management. A majority of the internal auditors (77 percent) also had the will to become whistle blowers, in which they agreed to appear in court to testify against their own organization. The majority of them (74 percent) agreed to report unethical practices based on actual events and not be distracted by the promise of future modifications, which did not conform and may recur. However, almost half of them were unable to differentiate their role of internal auditor as a consultant and assurance; 40 percent were not sure whether they could accept a fee for tax preparation; and 46 percent were not sure to accept compensation for consultancy work. This was a cause for worry because these internal auditors were unable to make a firm decision when faced with consultancy work paid by their own organization. This dilemma may affect their ability to conduct consultancy objectively and also could tarnish their integrity, as they may accede to the needs and requests from their “paymaster.” For example, receiving a fee for a tax job may risk them to commit tax evasion and alter the correct tax calculation to show a favourable performance to the tax department. Level of awareness on ethical issues by internal auditors Insert Table 4 Table 4 illustrates the levels of internal auditor awareness on unethical behaviour. The table shows that internal auditors were aware of the occurrences of unethical behaviour within their organization. Unauthorized personal use of the organization’s assets was the most unethical behaviour that occurred within the organization. A total of 89 percent of the internal auditors were aware of this unethical behaviour. The other unethical behaviours that caught the attention of internal auditors included operating a personal business during working hours (86 percent), absenteeism or false claims for medical leave (71 percent), manipulating performance indicators to achieve target(s) (69 percent), conflict of interest between management and employees (66 percent), and intentionally fabricating the organization’s records without personal gain (54 percent). There was less abuse of use of personal credit cards for company expenses possibly because many organizations prohibit their employees to pay using their own cards for large expenses and be reimbursed later. This kind of expenditure requires approval from the finance department, and the employees concerned will be paid by way of cheques or bank transfers. There were also fewer cases for gifts, whether the employee was at the receiving end or giving gifts to external parties. This indicated that the organizations may have strict policies regarding gifts and business relationships with external parties. Conclusion The purpose of this study was to determine the professional competency levels acquired by internal auditors in detecting unethical behaviour, to evaluate their positions on objectivity and integrity in dealing with unethical behaviour, and to examine the extent of their awareness of ethical issues in the GLCs. This study concludes that, first, the internal auditors of the five selected listed GLCs had an adequately high level of competence in performing audit engagements, which could lead to detecting unethical behavior in their organization. Second, this study found that the auditors possessed a high level of objectivity and integrity when confronted with unethical behavior during audit engagements. This study provided strong evidence that the auditors at the five selected GLCs complied with the IIA Code of Ethics. Finally, this study also found that internal auditors of the GLCs were aware of unethical behavior within their organization, confirming the earlier finding of this study, which found that the internal auditors had sufficient knowledge and competency. This could be due to the systematic training received from their employers and years of experience in the auditing field, as a majority of them had worked as an auditor for more than five years. Theoretically, the findings of this study support the agency theory and add to the prior empirical research findings such as by Larkin (2000) who found that most experienced internal auditors were able to identify unethical behavior. Accordingly, Pflugrath et al. (2007) in their survey to determine the impact of auditor experience on auditor judgment revealed that greater general-auditing experience would improve an auditor’s judgment. When the auditors were more experienced, the skills on ethical awareness became more important (Uyar and Ali, 2011). In addition, the competencies of the internal auditor play a critical factor affecting external auditor reliance decision (Suwaidan and Qasim, 2010). Practically, the findings of this paper also implicate that internal auditors practised their technical skills while performing their job. This factor could contribute to the ability of internal auditors to discover unethical behavior, especially in the procurement department, which revealed a tendency to fraud activities. Palmer et al. (2004) and Uyar and Ali (2011) suggested that personnel in the accounting profession should possess multiple skills, which are essential elements in the auditing profession and will assist them in detecting unethical behavior (Ma’ayan and Carmeli, 2015). Limitations and Recommendations for Future Research There are several limitations of the study. First, this study is limited to internal audit functions established within GLCs. These GLCs operate mainly in industrial products, consumer, trading/services, and plantation industries in the main market of Bursa, Malaysia. Second, as this study uses questionnaires, bias in the use of self-reported data may exist. Some respondents may perceive themselves as being bolder, more ethical, and more competent than others. In addition, the respondents may not give a response based on the actual situation or their genuine thinking but be tempted to respond based on a socially desirable outcome, which is to please their peers and others. This phenomenon is known as social desirability bias. Finally, in terms of the survey instrument, questions on IIA Code of Ethics were limited to integrity, objectivity, and the professional competencies of internal auditors. For the IIA’s Global Competency Framework, this study was limited to points that were relevant to evaluate internal auditors’ competency in performing audit engagements such as application of IPPF to internal audit work, auditors’ technical and interpersonal skills, and auditors’ knowledge. Meanwhile, for the CIA part one examination paper, this study was limited to test the auditors’ level of integrity and objectivity when performing audit engagements. Future research should be conducted by expanding the sample of internal auditors who work in non-GLCs and operate in other industries such as banking and finance. In addition, future research should employ more robust scales such as the Likert and continuous scales. Inferential based studies also can be conducted by exploring the impact of internal auditors’ professional character and behavior toward Downloaded by Iowa State University At 04:23 12 January 2019 (PT) 13 their job and organizational performance. The current study was only descriptive in nature and employed a dichotomous scale.