Although there are studies by academics and various national and international authorities on determining audit quality indicators and establishing a quality framework in auditing, a consensus has not been reached yet. In addition, most of these studies are related to external auditing and the internal audit quality framework has not been sufficiently focused. In this study, a ten-year retrospective content analysis was carried out on the annual reports of three public and three private banks operating in Turkey, and the concepts that banks focused on when evaluating the functioning and quality of internal audit were revealed. Thus, the issues that banks focus on in their internal audit evaluations have been systematically conceptualized and analyzed through annual reports, containing vital data on this subject. Fifty-four codes were determined, and the codes were classified into five categories (input-process-output-outcome-external factors) in accordance with the internal audit quality framework in the literature. Both private banks and public banks focus more on the process dimension (approach, method, methodology) of the internal audit quality framework in their evaluations, and in the last ten years, the process dimension has taken first place among the five dimensions, and the input dimension (qualification of the audit team) has taken the last place. The most emphasized topics are as follows; (1) in the inputs; the number of auditors and training, (2) in processes; risk-based auditing, remote auditing and process audits, (3) in the outputs; reports/meetings submitted to the management and follow-up of findings, (4) in the outcomes; providing accurate and reliable information and being a preventive/deterrent, (5) In external factors; legal regulations and organizational structure. In addition, it has been observed that deposit banks closely follow many current audit approaches in Turkiye. The internal audit quality framework, which is of great importance in terms of identifying and conceptualizing issues that may affect audit quality, can increase awareness of this issue by providing transparency and comparability in internal auditing.
Various authorities, especially institutions such as the IAASB and PCAOB, are working on determining audit quality indicators and audit quality framework. Similarly, there are studies conducted by many academicians on this subject. However, an absolute consensus has not yet been reached even on the dimensions in which audit quality indicators are classified. For example, the PCAOB identified 28 audit quality indicators and classified them into three dimensions: input-process-result. The IAASB, on the other hand, considers the indicators it determines in five dimensions as input-process-output-interaction-contextual factors. Apart from the international authorities, it is seen that some national authorities also carry out studies and create different frameworks to identify potential indicators that can be used in audit quality measurement. Although there are studies conducted by some academics (Trotman & Duncan, 2018; Turetken, Jethefer & Ozkan; 2020) to create an “internal audit quality framework” by taking these studies related to independent auditing as a reference, more studies are needed on this subject. Because it is possible to detect and prevent risks early by increasing the quality of internal audit, and this will also reduce external audit costs. In addition, with internal audit, more detailed and continuous audits can be carried out on a company-specific basis. Therefore, establishing a comprehensive internal audit quality framework will also increase awareness of internal auditing and internal audit quality.
In the banking sector, where audits are significant, traditional internal audit practices may also change over time (Sarıkale & Kandemir, 2022: 137). It is obligatory to publish information on the functioning of the internal audit units of the bank and the evaluations of the audit committee in the annual reports. Therefore, these documents contain reliable and quite comprehensive information and evaluations on the subject. In this study, content analysis was performed on the internal audit-related sections of the bank's annual reports, and the codes identified were classified under the five dimensions specified in the internal audit quality framework (Trotman & Duncan, 2018). Thus, the focus (potential internal audit quality indicators) that banks focus on when assessing their internal audit quality has been systematically conceptualized and analyzed. Subjects such as which dimension of internal audit quality in banks are focused on and which elements are emphasized, whether new approaches are applied in bank internal audit units, changes in the focused elements according to years, differences in public and private bank audits have been researched. The internal audit quality framework in the banking sector has been revealed through the evaluations of the banks in their annual reports. The research is limited to the evaluations made in the annual reports of the internal audit units of deposit banks in Turkiye.
In this study, content analysis was carried out through document scanning of the sections related to internal audit (evaluations related to internal auditing and the functioning of internal auditing) in the annual reports of banks. Categories and codes have been adapted based on previous studies (Trotman & Duncan, Knechel, IAASB, PCAOB, CAQ, FRC etc.), and we have created a coding guide for this. As Trotman and Duncan (2018) stated in the multi-stakeholder internal audit quality framework, audit quality has 5 dimensions (input-process-output-outcome-contextual factors). The categorization was made in accordance with the audit quality framework dimensions in the literature. In the determination of the codes, the existing literature and suggested quality frameworks were examined, the codes under these 5 dimensions were determined, and a coding guide was created in order to ensure the objectivity of the research. While a preliminary coding list suitable for internal audit was determined from the literature, necessary updates were made in the code list and coding guide for the codes that emerged during the document analysis process, and they were finalized. After all the data were read and coded in accordance with the coding guide, frequency analysis and categorical analysis (Tavşancıl & Aslan, 2001: 87-99) were performed. The MAXQDA program was used for coding and analysis. In addition, various Excel tables were created from these data, and analyzes were carried out according to years and public-private distinction. As a result of the analysis of the evaluations in the annual reports of the banks regarding the functioning of the internal audit units; comparisons on which aspect of the audit quality framework is focused on, comparison of public and private banks, analysis of the trend in the focus areas by years, comparison of the quality framework in the literature and the results obtained from the annual reports (similarities and differences), comparison of the legal regulations and banks' internal audit evaluations, interpretations on the basis of indicators and evaluations have been made about whether current audit approaches are applied in banks.
Result and Discussion
A content analysis was made with the perspective of the internal audit quality framework, and an internal audit quality framework consisting of 5 dimensions and 54 potential audit quality indicators was reached. According to this, in the evaluations regarding internal audit included in the annual reports, banks mostly focus on the "Process" dimension of the internal audit quality framework. The least emphasized dimension was the "Input" dimension. According to the dimensions, the most focused issues are; "in the input dimension; number of auditors and training", "in the process dimension; risk-based control, remote audit and process analysis", "in the output dimension; reports/meetings submitted to the management and follow-up of findings", "in the outcome dimension; providing accurate and reliable information, being preventive/deterrent", "in the dimension of external factors; legal regulations and organizational structure".
Considering the changes over the years in the focus areas in the internal audit evaluations included in the Bank's annual reports; In the last 10 years, "Process" has always taken first place among the five dimensions, and "Input" has always taken the last place. It is seen that matters such as finding tracking, technology-supported auditing and process analysis have started to take place relatively more in the annual reports in recent years. Some new concepts related to the technology-assisted audit approach, such as digital transformation, machine learning, image processing and data modeling algorithms, and using artificial neural networks in auditing, have begun to be mentioned. In addition, while data security and data mining issues were not emphasized in previous years, these issues have begun to be emphasized, albeit a little, in the annual reports of recent years.
While public banks and private banks focus on the process dimension of the internal audit quality framework in the first place in their evaluations on the functioning of internal audit, the last category was the inputs in both groups. Other dimensions took place in different ranks in public banks and private banks. Looking at the encodings under these dimensions; the subjects of providing a qualified workforce, professional attention and care, contribution to profitability, contribution to corporate reputation, auditor turnover and access to information are only mentioned in the annual reports of public banks. On the other hand, it has been observed that objectivity and independence, data mining and sampling issues are only included in private bank activity reports. In addition, relatively; it has been determined that public banks place more emphasis on “deterrence, recommendations, consultancy, auditing from an organizational perspective” and private banks emphasize more on “skills and qualifications of auditors”. When the annual reports are examined, it is seen that many current audit approaches are applied in deposit banks in Turkiye.
Denetim kalitesi göstergelerinin tespit edilmesi ve denetimde kalite çerçevesi oluşturulmasına yönelik akademisyenlerin, ulusal ve uluslararası düzeydeki çeşitli otoritelerin çalışmaları bulunmakla birlikte henüz bir uzlaşı sağlanamamıştır. Ayrıca bu çalışmaların çoğu bağımsız denetimle ilgili olup iç denetim kalite çerçevesine yeterince odaklanılmamıştır. Bu çalışmada Türkiye’de faaliyet gösteren üç kamu bankası ve üç özel bankanın faaliyet raporlarındaki iç denetimle ilgili bölümlere on yıl geriye dönük olarak içerik analizi yapılmış ve bankaların iç denetimin işleyişi ve kalitesini değerlendirirken odaklandıkları kavramlar ortaya çıkarılmıştır. Böylece bankaların iç denetim değerlendirmelerinde odaklandıkları hususlar bu konuda oldukça önemli veriler içeren faaliyet raporları üzerinden sistematik olarak kavramsallaştırılıp analiz edilmiştir. Toplam 54 kod belirlenmiş ve kodlar literatürdeki iç denetim kalite çerçevesine uygun olarak beş kategoride (girdi-süreç-çıktı-sonuç-dışsal faktörler) sınıflandırılmıştır. Hem özel bankalar hem de kamu bankaları değerlendirmelerinde iç denetim kalite çerçevesinin süreç boyutuna (yaklaşım, yöntem, metodoloji) daha fazla odaklanmakta olup son on yılda süreç boyutu beş boyut içerisinde ilk sırayı, girdi boyutu (denetim ekibinin niteliği) ise son sırayı almıştır. Üzerinde en fazla durulan konular ise girdi boyutunda denetçi sayısı ve eğitim; süreç boyutunda risk odaklı denetim, merkezden denetim ve süreç analizleri; çıktı boyutunda yönetime sunulan raporlar/toplantılar ve bulgu takibi; sonuç boyutunda doğru ve güvenilir bilgi sağlama ile önleyici/caydırıcı olma; dışsal boyutta ise yasal düzenlemeler ve organizasyonel yapı olmuştur. Ayrıca birçok güncel denetim yaklaşımının ülkemizdeki mevduat bankaları tarafından yakından takip edildiği görülmüştür. Denetim kalitesini etkileyebilecek hususların tespit edilip kavramsallaştırılması açısından büyük öneme sahip olan iç denetim kalite çerçevesi, iç denetimde şeffaflık ve karşılaştırılabilirlik sağlayarak bu konudaki farkındalığı artırabilecektir.