To address the lack of externally available information about internal audit, previous authors have called for the consideration of an IAR to external stakeholders (Ege 2015; Archambeault et al. 2008). Such an IAR would provide disclosure from the internal audit function directly to the external stakeholders and could address the composition, responsibilities, and activities of the internal audit function, as well as possibly provide certain forms of assurance. Such information could provide useful insights into internal audit’s role in corporate governance.
To begin to examine whether an IAR provides valuable information to stakeholders, Holt and DeZoort (2009) examine the user side of the IAR setting and evaluate the extent to which a descriptive IAR affects investors’ confidence and investment decisions. They find that participants provided with a descriptive IAR (addressing the internal audit function’s activities) have greater confidence in the reliability of financial reporting and assess company oversight effectiveness higher than participants who do not have access to a descriptive IAR. The effect of IARs on investor confidence in financial reporting is strongest for high fraud risk companies. Participants also indicate that the IAR is perceived to be as useful as required disclosures, such as the Audit Committee Report, Management’s Discussion and Analysis, and Management’s Report on Internal Controls.
Thus, based on Holt and DeZoort (2009), it appears that a descriptive IAR provides valuable information to external stakeholders. Ege (2015) echoes this notion, finding that the quality of the internal audit function is negatively related to management misconduct. As a result, Ege (2015) indicates that information about the quality of the internal audit function would be useful to investors.