The Inﬂuential Factors of Internal Audit Effectiveness: A Conceptual Model

: The purpose of this paper is to systematically review the literature on the inﬂuential factors of internal audit effectiveness and articulate these factors in a conceptual model. A systematic literature review (SLR) is conducted to identify the inﬂuential factors of internal audit effectiveness; relevant studies are reviewed between the period January 1999 and March 2022 through a lens focused on the key factors of internal audit effectiveness. In addition, our review took into consideration what is mentioned in The International Professional Practices Framework for Internal Auditing (IPPF). Five factors of internal audit effectiveness and their dimensions are identiﬁed and comprised into a conceptual model, these factors are internal audit organizational characteristics, internal audit relationships, internal audit processes, internal audit resources, and internal audit coordination with other assurance providers. This paper provides internal audit practitioners, audit committees, and senior management in organizations with a broad understanding and comprehensive overview of the key factors that should be considered to make their internal audit functions more effective. This paper proposes a conceptual model that provides a holistic view of the inﬂuential factors of internal audit effectiveness and clearly identiﬁes the dimensions of the factors. Additionally, it provides an opportunity for future research to test the model and build on it as well.


Introduction
Internal audit (IA) functions play a crucial role in assisting organizations to achieve their objectives and safeguard their assets (Alqudah et al. 2019). Additionally, the IA become a vital management tool for achieving effective control in organizations (Behrend and Eulerich 2019;Endaya and Hanefah 2016). Having an effective IA function is important for organizations; the effective role, as interpreted by The International Professional Practices Framework for Internal Auditing (IPPF), will ultimately have a major contribution to improving the effectiveness of an organization's risk management, internal control, and governance processes (The Institute of Internal Auditors 2017). Internal auditing is defined by The Institute of Internal Auditors (IIA) as "An independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes." (The Institute of Internal Auditors 2017, p. 29) Moreover, effective IA is important to an organization's audit committee, senior management, and external auditor. The IA provides the audit committee and senior management with an objective assessment of the whole organization's operations, processes, and performance (The Institute of Internal Auditors 2017). Senior management relies on IA to enhance the controls and reduce the risk as well as improve its operations, while the audit committee relies on IA to achieve robust internal controls and attain a quality of financial reporting as well as maintain compliance with regulations ). On the other hand, defined the verb "influence" as "to change the way that someone thinks or the way that something develops," whereas the noun "influence" is defined as "the power to change people or things" (Cambridge University 2022). In this paper, we defined "the influential factors" as "those factors that are substantial for the IA function as well as are important to IA effectiveness and may affect it." In addition, this paper argues that the IA function should look to a set of influential factors in order to understand the IA effectiveness; without this consideration, its effectiveness may be affected. The proposed conceptual model for IA effectiveness integrates five factors and their dimensions. These factors are IA organizational characteristics, IA relationships, IA processes, IA resources, and IA coordination with other assurance providers.
The structure of this paper is organized as follows. The next section provides background about IA effectiveness. Section three describes the methodology used. Section four systematically reviews the literature on the influential factors. Section five presents the conceptual model based on what has been discussed about the influential factors. The last section concludes the paper and provides research implications and recommendations for future research. Ridley (2008) highlights that IA was built on the three Es of effectiveness, efficiency, and economy, where effectiveness is the most important "E." Efficiency and economy are worthless if IA is ineffective (Dittenhofer 2001;Lenz and Hahn 2015). Researchers look at IA effectiveness from different points of view; however, they shared the common view that effectiveness is achieved when the defined IA objectives and goals are achieved (Ahmad et al. 2009;Saidin 2013, 2014;Dittenhofer 2001;Mihret and Yismaw 2007). According to Badara and Saidin (2013), IA effectiveness is the ability to achieve the predefined IA objectives, while Dittenhofer (2001) indicates that these objectives should be stated in clear terms to achieve them. On the other hand, although the definition of internal auditing clearly stated that IA is designed to add value and improve the organization's operations as well as evaluate and improve the effectiveness of risk management, control, and governance processes, IA's role in organizations diverse and different from one organization to another (Rupšys and Boguslauskas 2007). Moreover, the level of effectiveness varies amongst various organization operations (Al-Twaijry et al. 2003). IA is a complicated process; it is part of the organization's internal control system and depends on its effectiveness (Badara and Saidin 2014). This complicated process includes audit planning, conducting audit engagements, conforming audit results, following up the results to ensure that proper actions, and developing the staff to ensure they have the sufficient knowledge and skills to conduct the audit engagements; however, IA effectiveness is not limited to evaluating the above aspects to ensure that IA is able to achieve its objectives (Dittenhofer 2001).

Internal Audit Effectiveness
Furthermore, Lenz and Hahn (2015) looked into IA effectiveness from an institutional theory lens and indicated that there are different macro and micro factors that influence IA effectiveness. Macro factors are represented by coercive, normative, and mimetic forces; where coercive forces are explained by compliance with the regulations that affect the role of IA in the organization, normative forces are explained by the degree of conformance with internal auditing standards, and mimetic forces are explained by the benchmarking against successful IA in organizations. Conversely, the micro factors are explained by factors related to the organization and factors related to internal resources, processes, and relationships. From another perspective, Azzali and Mazza (2018) examine IA effectiveness from an agency theory lens. They maintain that IA is an agent to the board of directors and the management and it will be effective when performing its role for their benefit; this view is aligned with the definition of internal auditing, which focuses on helping the organization to achieve its objectives.
On the other hand, some researchers indicate that IA effectiveness is achieved based on many factors. For example, integration of management support for IA with IA work and internal auditors' competencies (Badara and Saidin 2013); compliance with internal auditing standards (Cohen and Sayag 2010); and quality of IA procedures (Dittenhofer 2001). While the IA provides recommendations to improve the organization's operations, to understand the IA effectiveness, some researchers look into the IA recommendations for implementation rate (Arena and Azzone 2009;Bednarek 2018;Erasmus and Coetzee 2018;Soh and Martinov-Bennie 2011). Moreover, some studies consider the demand and supply view for IA effectiveness, where the demand view is based on the satisfaction of the organization's management and auditee on the IA, while the supply view is based on the auditors' view on the IA effectiveness (Alzeban and Gwilliam 2014;Cohen and Sayag 2010;Erasmus and Coetzee 2018;Yee et al. 2008). Alzeban and Gwilliam (2014) view IA effectiveness from internal auditors' and auditees' standpoints and study IA effectiveness based on the ability of IA to plan; improve the productivity of the organization; evaluate and improve the organization's internal control and risk management; and the implementation of IA recommendations. The demand view of IA effectiveness helps understand how audit work is perceived; however, the supply view helps to understand the factors that influence the effectiveness (Lenz and Hahn 2015).
Moreover, while the scope of IA is wide and included different aspects of the organization, it carries out a wide range of independent evaluations (Alqudah et al. 2019;Al-Twaijry et al. 2003;Arena and Azzone 2009;Cohen and Sayag 2010;Rupšys and Boguslauskas 2007;Mihret and Yismaw 2007). To achieve effectiveness, the IA must perform a variety of things, yet researchers have different viewpoints on what an effective IA should do. For example, the effective IA should assist the organization to achieve its objectives and safeguard its assets (Alqudah et al. 2019;Azzali and Mazza 2018); evaluate the organization's internal control system and improve its effectiveness (Lenz and Hahn 2015); evaluating organization's risk management and improving its effectiveness (Chambers and Odar 2015;Cohen and Sayag 2010;Goodwin-Stewart and Kent 2006); evaluating an organization's compliance with laws and regulations ; supporting management to prevent fraud (Alqudah et al. 2019); improving the organization's operations (Ahmad et al. 2009) and improving its performance (Alzeban 2020;Coetzee and Erasmus 2017); and providing recommendations to improve different aspects of the organization (Alqudah et al. 2019;Al-Twaijry et al. 2003;Arena and Azzone 2009;Cohen and Sayag 2010;Mihret and Yismaw 2007). Moreover, Onay (2021) stated that "IA effectiveness is one of the most prominent issues that internal auditors should consider in order to establish good governance both in terms of their functions and organizations" (p. 1). Therefore, knowing the influential factors that influence IA effectiveness is important for the IA functions and its organizations.

Methodology
Based on the research objective and the related question defined in the introduction, the current paper employed a systematic literature review (SLR). This paper followed the guideline provided by Xiao and Watson (2019), who identified eight steps to conduct the SLR: (1) formulating the research problem; (2) developing and validating the review protocol; (3) searching the literature; (4) screening for inclusion; (5) assessing quality; (6) extracting data; (7) analyzing and synthesizing data; and (8) reporting the findings. The first step is covered in the introduction section of this study where the research problem is formulated. Following the guideline, the second step is to develop and validate the review protocol which includes the purpose of the study, research question, inclusion criteria, search strategies, quality assessment criteria and screening procedures, and strategies for data extraction, synthesis, and reporting. The purpose of this study and its research question, as explained in the introduction section, are focused on understanding and identifying the influential factors of IA effectiveness and conceptualizing it in a model. Searching the literature is the third step; the search was based on reliable online databases to identify the relevant literature including Scopus, Web of Science, Emerald Insight, Science Direct, SpringerLink, IEEE Xplore, and WorldCat Digital Library. The importance of using a range of online databases is to ensure wide coverage of available literature and to maximize the coverage in the research (Saunders et al. 2019). A combination of the following keywords was used during the online search. We combined the "internal audit" word with each one of the following words: effectiveness, quality, performance, efficiency, add value, factors, relationship, affect, influence, association, case study, empirical, examination, drivers, evaluation, measurement, assessment, and framework.
In step four, the literature selected based on different disciplines aligned with the definition of internal auditing according to the IIAs' IPPF, disciplines including IA effectiveness, IA performance, IA efficiency, IA quality, and IA adding value were the literature utilized these terms to refer to the extent to which the defined IA objectives achieved. Moreover, the papers selected are in the English language, published between the period January 1999 to March 2022, and included theoretical reviews and empirical studies, both qualitative and quantitative. Greater attention was given to literature that addressed the factors that influence IA effectiveness and study its relationship with IA effectiveness. The gray literature and the papers that do not address the factors that influence IA effectiveness topic are excluded. At this step, the initial search shows that over 5000 papers are relevant to this study. Scanning of the title, the abstract, and the keywords for the first 150 papers was conducted for each type of search as the rest of the papers in each search show that they were not directly relevant to this study's topic. This scanning led to identifying 156 papers considered for further review. After the screening for the inclusion step, step five is assessing the quality of the selected papers based on a full-text review; in this step, the papers that are selected are validated based on their meeting the criteria developed in step four, and a decision is taken to consider the selected papers or not for further analysis in the next step. As a result, 34 papers are selected; these papers directly addressed the influential factors for IA effectiveness (see Table A1 in Appendix A) and, in addition, these papers are the primary source to understand the influential factors and build on them. Moreover, the assessment of the full text led to 25 additional papers that were considered as a source to support the analysis and the discussion of the results in the fourth section of this study, which were included in the references list. In step six, the papers that are selected are classified based on the authors, the years, the research method, and the factors used to study IA effectiveness, the papers are summarized, and each factor influencing IA effectiveness is synthesized. The papers selected for more analysis in step six are analyzed and synthesized in step seven, and inclusion and exclusion criteria are considered again during this step. In step eight, the influential factors of IA effectiveness reported in a synthesized way show the importance of each factor, as explained in the fourth section of this paper based on the relevant literature, and our model is conceptualized as shown in the fifth section of this paper. Moreover, we took into our consideration what is mentioned in the IIA's IPPF and link it to each factor to support the analysis, the discussion, and the reporting. Figure 1 below summarizes the process of the SLR. qualitative and quantitative. Greater attention was given to literature that addressed the factors that influence IA effectiveness and study its relationship with IA effectiveness. The gray literature and the papers that do not address the factors that influence IA effectiveness topic are excluded. At this step, the initial search shows that over 5000 papers are relevant to this study. Scanning of the title, the abstract, and the keywords for the first 150 papers was conducted for each type of search as the rest of the papers in each search show that they were not directly relevant to this study's topic. This scanning led to identifying 156 papers considered for further review. After the screening for the inclusion step, step five is assessing the quality of the selected papers based on a full-text review; in this step, the papers that are selected are validated based on their meeting the criteria developed in step four, and a decision is taken to consider the selected papers or not for further analysis in the next step. As a result, 34 papers are selected; these papers directly addressed the influential factors for IA effectiveness (see Table A1 in Appendix A) and, in addition, these papers are the primary source to understand the influential factors and build on them. Moreover, the assessment of the full text led to 25 additional papers that were considered as a source to support the analysis and the discussion of the results in the fourth section of this study, which were included in the references list. In step six, the papers that are selected are classified based on the authors, the years, the research method, and the factors used to study IA effectiveness, the papers are summarized, and each factor influencing IA effectiveness is synthesized. The papers selected for more analysis in step six are analyzed and synthesized in step seven, and inclusion and exclusion criteria are considered again during this step. In step eight, the influential factors of IA effectiveness reported in a synthesized way show the importance of each factor, as explained in the fourth section of this paper based on the relevant literature, and our model is conceptualized as shown in the fifth section of this paper. Moreover, we took into our consideration what is mentioned in the IIA's IPPF and link it to each factor to support the analysis, the discussion, and the reporting. Figure 1 below summarizes the process of the SLR.

The Influential Factors
Internal auditing is still an emerging profession. To understand this profession, more attention should be given to the factors that make the IA effective (Lenz et al. 2018), and more studies should be conducted on the drivers of IA effectiveness (Erasmus and Coetzee 2018). To provide a broad overview of the factors that influence IA effectiveness, we use the institutional theory as an underpinning theory to understand the influential factors. Institutional theory is used as a useful platform to understand the aspects that determine IA effectiveness and the factors that influence IA effectiveness (Lenz and Hahn 2015). Many studies used the institutional theory as a theoretical framework to explain the factors shaped due to each institutional force and how the institutional theory views IA changes as a response to the three institutional forces: coercive forces, normative forces, and mimetic forces. Coercive forces are related to the influence of compliance with laws and regulations; normative forces are related to the influence of the degree of conformance with internal auditing standards; and mimetic forces are related to the influence of the tendency of organizations to model and benchmark themselves based on similar types of organizations that are considered successful (Al-Twaijry et al. 2003;Christopher et al. 2009;Lenz and Hahn 2015;Lenz et al. 2018). However, Lenz and Hahn (2015) differentiate between macro factors and micro factors, where the macro factors are based on the institutional forces; they also highlight that there is a limitation to investigating macro factors due to the potential of undervaluing or missing important external drivers such as political, economical, societal, technological, legal, and environmental megatrends. Moreover, they highlight that those micro factors are superior to macro factors because the IA function is an internal monitoring mechanism for internal stakeholders; from their perspective, micro factors include organizational characteristics, IA resources, IA processes, and IA relationships.
In addition, Lenz et al. (2014) suggested four key factors as "building blocks" that shaped the IA effectiveness. These factors are organizational characteristics, IA resources, IA processes, and IA relationships. Furthermore, in a recent qualitative study, Roussy et al. (2020) build models that attempt to understand the relationships between the four key factors "building blocks" as well as considering any other factors as a dimension of these factors without clear identification of the dimensions of these factors. However, these models overlooked a new insight into IA related to its role in leading the combined assurance in the organization and its coordination with the other assurance providers, as this role is a new phenomenon (Kurnia and Yulian 2018). This paper builds on and extends the models of Lenz et al. (2014) and Roussy et al. (2020), with a narrow focus on the IA influential factors and their dimensions in order to provide a holistic view of the key factors of IA effectiveness.
In this paper, our model is based on five key factors including ten dimensions, these key factors are IA organizational characteristics, IA relationships, IA processes, IA recourses, and IA coordination with other assurance providers. The dimensions of these factors are IA size, IA independence, IA relationship with the audit committee, senior management support to IA, adopting risk-based audit, adopting quality assurance and improvement program, IA competencies, IA outsourcing, leading the implementation of combined assurance, and cooperation with external audit. The following sections will highlight what the literature says about these factors.

Internal Audit Organizational Characteristics
The IA function is part of the organization, and the context in which the IA performs its duties and the organizational setting are represented by IA organizational characteristics (Roussy et al. 2020). Researchers argue that IA organizational characteristics include many factors influencing IA effectiveness; for example, Mihret and Yismaw (2007) indicate that IA organizational setting includes its organizational status, its integrity, and its policies and procedures that enable it to achieve useful audit results. However, Turetken et al. (2019) mention that the IA organizational setting is not linked to policies and procedures that direct the audit process but also includes its status in the organization and its organizational profile, whereas Karagiorgos et al. (2011) point out that organizational setting is represented by the IA position in the organizational structure and its independence, which is important to determine and maintain its segregation of duties. In this paper, we used IA independence and size as dimensions of IA organization characteristics since these dimensions implicit the other dimensions such as policies and procedures and integrity. The IA function cannot maintain its integrity without having its independence, and its policies and procedure are also affected by its independence and its size since the International Standards for the Professional Practice of Internal Auditing (internal auditing standards) (Standard 2040-Policies and Procedures) explain that the form and content of policies and procedures are dependent upon the size and structure of the IA activity and the complexity of its work.

Internal Audit Independence
Despite internal auditors being normally employees in the organizations, professional bodies are increasingly emphasizing the need for IA independence (Alzeban and Gwilliam 2014). IA independence is "the freedom from conditions that threaten the ability of the IA activity to carry out IA responsibilities in an unbiased manner" (The Institute of Internal Auditors 2017, p. 23). In addition, internal auditing standards (Standard 1100-Organizational Independence) emphasized the importance of maintaining the organizational status and the independence of the IA function, which can be gained through reporting to a level within the organization that allows the IA to perform its duties without having interference in determining the scope of work, performing the audit and communicating the audit results, as well as having a dual-reporting line to the audit committee and the Chief Executive Officer (CEO) of the organization (The Institute of Internal Auditors 2017). Reporting to the audit committee assists in making IA effective by preventing the organization's management from interference in the scope of IA and controlling the IA work, while reporting to the CEO assists the IA in carrying out its responsibilities without obstacles and addressing difficult issues with other senior leaders (The Institute of Internal Auditors 2019).
Furthermore, prior studies emphasized the importance of IA independence to its effectiveness; independence is also important to enable better communication with senior management by emphasizing the independence of the auditee as well as creating an objective atmosphere that assists to communicate the audit results without influence from the auditee (Mihret and Yismaw 2007). In addition, independence creates a supportive environment that helps the IA perform its work without pressure and makes the internal auditors more objective and provides a message to the employees in the organization that they can rely on the IA results (Cohen and Sayag 2010). Similarly, D'Onza et al. (2015) emphasized that IA independence is fundamental to ensuring the trustworthiness of IA services. Moreover, the lack of independence for IA affects its ability to provide assurance to the audit committee, which affects the committee's ability to fulfill its corporate governance role effectively (Christopher et al. 2009;D'Onza et al. 2015). However, some threats affect this independence, such as using the IA function as a training ground for a future managerial position within the organization; when the IA budget is approved by the CEO or the Chief Finance Officer (CFO), as this is considered a powerful tool to imposing budget constraints that may reduce the scope and affect IA effectiveness; when senior management is heavily involved in developing the IA plan; and when IA plays a consulting role and is perceived by senior management as a partner and performs as a subservient management role (Christopher et al. 2009).

Internal Audit Size
The size of the IA function plays an essential role in its effectiveness. To properly carry out IA responsibilities, the IA function needs to be adequately resourced (Alzeban and Gwilliam 2014). The internal auditing standard (2030-Resource Management) emphasizes the importance of having sufficient resources to implement the IA plan and deploying resources effectively to optimize the achievement of the plan (The Institute of Internal Auditors 2017). The agency theory justifies the larger size of the IA function where agents have more information than the principals. This information asymmetry affects the principals' ability to monitor whether or not their interests are being properly served by agents; this justifies the larger size of the IA function to closely monitor the agents' activities and safeguard the principals' interests (Sarens and Abdolmohammadi 2011). Furthermore, a large size of the IA function allows to rotate internal auditors, and this rotation leads to increasing objectivity (Arena and Azzone 2009;Turetken et al. 2019).
Some studies argue that there is a relationship between IA size and its effectiveness. For example, Alzeban and Gwilliam (2014) find that IA size is positively and significantly correlated with IA effectiveness. They also report that the availability of IA resources affects the percentage of actions taken by auditees on audit results, whereas Al-Twaijry et al. (2003) show that the smaller size of the IA function limits the scope of work and adversely affects the ability to achieve IA objectives and fulfill their duties and responsibilities successfully. They justify not having sufficient resources due to an insufficient budget. In another study, Ahmad et al. (2009) reveal that internal auditors are ranking the lack of staff in IA functions as number one of the main ten problems faced by IA functions and a major setback that can restrain IA effectiveness. Therefore, the size of the IA should be considered by organizations' audit committees and senior management when they need to improve the IA's effectiveness.

Internal Audit Relationships
Relationships for any IA function are important to IA effectiveness. The IIA's IPPF emphasized the importance of dual-reporting relationships with the audit committee and senior management, where the first reporting line is functionally reporting to the audit committee and assists in making IA effective by enabling IA access to sensitive matters, ensuring sufficient organizational status for IA, and preventing organization management from interference to control IA work and ensuring the highest level of governance on IA work (The Institute of Internal Auditors 2019). Conversely, the second reporting line is administratively reporting to senior management-mainly reporting to the Chief Executive Officer (CEO)-is important to support the IA effectiveness through supporting IA function with the appropriate authority and budget as well as facilitate its work to carry out its responsibilities without obstacles and to deal with difficult issues with other senior leaders (The Institute of Internal Auditors 2019). Roussy et al. (2020) indicate that transparent and trustful relationships between the Chief Audit Executive (CAE) with the audit committee and the CEO are important for IA effectiveness. Moreover, they point out that the quality of relationships is linked to the frequency of meetings and formality of communication, which are important to improving transparency and trust. In this paper, we used the IA's relationship with the audit committee and senior management support as dimensions of IA relationships, since the audit committee and senior management represented the main stakeholders for the IA function. IA function cannot be effective without having a positive relationship with the audit committee and appropriate support from senior management (Soh and Martinov-Bennie 2011).

Relationship with Audit Committee
Despite the fact that the IA function and audit committee are separate control bodies, they both have similar goals in terms of monitoring and evaluating the internal control system of their organization (Arena and Azzone 2009). However, the audit committee relies on the work performed by the IA function to fulfill its responsibilities (Brender et al. 2015) as well as look at IA as a source of information that assists it to fulfill its duties (D'Onza et al. 2015). Therefore, it is important for the audit committee to make the IA function effective. The IA function is supervised by the audit committee, where the IA function is represented by the CAE who is reporting to the audit committee. The relationship between the IA and the audit committee is critical to IA effectiveness, when the audit committee consists of independent directors having finance and accounting expertise, the audit committee plays an active role in oversighting the IA function with a possibility of more frequent meetings and informal access from the CAE (Lenz and Hahn 2015). The frequency of meetings, the level of formality, and the level of confidence between the CAE and audit committee members drive the relationship and affect the IA effectiveness (Roussy et al. 2020;Sarens et al. 2009;Soh and Martinov-Bennie 2011). A positive relationship between the IA function and the audit committee facilitates the role of IA and provides the audit with sufficient support to fulfill its responsibilities.
The audit committee's oversight of the IA function helps identify the problems in the IA itself and offers opportunities for improvement (Arena and Azzone 2009). Moreover, audit committees act as a preserver of the organizational independence of the IA and strengthen the IA's ability to overcome undue pressure from senior management (Ahmad et al. 2009;D'Onza et al. 2015;Soh and Martinov-Bennie 2011). Moreover, an intensive working relationship between the IA and the audit committee is expected to strengthen the objectivity and independence of the IA (Lenz and Hahn 2015). Furthermore, regular access from the CAE to the audit committee provides an opportunity to address the concerns raised in the IA reports and received support to address the reported weaknesses (D'Onza et al. 2015). Similarly, frequent interactions between the CAE and audit committee strengthen the communication process and allow the IA to address its concerns and get advice and support to become more effective in improving the organization's risk management, internal control, and governance processes (Abbott et al. 2007;D'Onza et al. 2015;Goodwin-Stewart and Kent 2006). The audit committee empowers the IA to escalate outstanding issues with management and approve the plan and the required resources (Soh and Martinov-Bennie 2011), where a trustful and transparent relationship between the audit committee and the CAE is important to solve any actual concerns raised by the IA (Roussy et al. 2020). Arena and Azzone (2009) conclude that involvement of the audit committee in IA activities sends a message that the organization is committed to increasing the credibility of the IA and encourages line managers to be more active in implementing IA recommendations.

Senior Management Support
The relationship between the IA function, represented by CAE and senior management, is crucial for IA effectiveness. Senior management wants the IA function to take more responsibility to enhance the organization's internal control and risk management, while the IA function expects senior management to support it in fulfilling its responsibilities (Sarens and De Beelde 2006b). Internal auditing standards emphasize the importance of this relationship for supporting the independence of the IA and the objectivity of the internal auditors (Standard 1100-Independence and Objectivity); also, it is important to support the improvement of the quality of the IA by communicating the quality assurance and improvement program results to senior management (Standard 1320-Reporting on the Quality Assurance and Improvement Program); in addition, it is important to supporting and facilitating the role of the IA through communicating the IA requirements (Standard 2060-Reporting to Senior Management and The Board). Moreover, the standards emphasize the importance of senior management support through their involvement in developing the IA plan (Standard 2010.A1-Planning) (The Institute of Internal Auditors 2017). Previous studies show that senior management support is important for IA effectiveness. This support enables the IA to maintain its independence (Alzeban and Gwilliam 2014); provide IA with sufficient budget and resources in order to fulfill its responsibilities effectively (Ahmad et al. 2009;Alqudah et al. 2019;Alzeban and Gwilliam 2014;Ta and Doan 2022); provide appropriate tools that assist to complete the audit engagements (Alzeban and Gwilliam 2014;Cohen and Sayag 2010); provide IA with the right number of staff and attracting skilled and experienced staff (Ahmad et al. 2009;Alzeban and Gwilliam 2014;Cohen and Sayag 2010;Ta and Doan 2022); ensure enough and up-to-date training and development programs (Alzeban and Gwilliam 2014;Cohen and Sayag 2010); and provide resources and commitment to implementing IA recommendations which considered as an indicator for achieving IA effectiveness (Mihret and Yismaw 2007).
On the other hand, lack of management support adversely affects the auditee's level of cooperation with IA and creates an unfavorable attitude towards the IA by the auditee as well as the perception of the auditee by the IA as unimportant because it is recognized to be unimportant by senior management (Mihret and Yismaw 2007). It would be difficult for the IA to have complete access to all activities, records, and assets without full auditee cooperation (Ahmad et al. 2009). Employees act according to what their managers expect of them; accordingly, when employees recognize that top management recognizes IA as essential to them, they will appreciate and accept its work as well as cooperate with the IA and support it (Cohen and Sayag 2010;Sarens and De Beelde 2006b).

Internal Audit Processes
IA processes are important to IA effectiveness as through the processes, IA will be able to achieve its objectives; however, IA processes are shaped by adopting a risk-based auditing approach and quality assurance and improvement program. Researchers linked IA processes with adopting a risk-based auditing approach (Castanheira et al. 2010 Risk-based audit approach affects the priorities for the audit and the areas that will be considered during the audit as well as the resources needed to do the audit and the audit tools and techniques used to achieve the objectives of the audit engagements (The Institute of Internal Auditors 2019). Conversely, the quality assurance and improvement program is designed to enable the IA to conform with the internal auditing standards and code of ethics; ensure the IA's efficiency and effectiveness; and provide an opportunity for improvement (The Institute of Internal Auditors 2019). In addition, a quality assurance and improvement program should be developed in a way that helps the IA add value to the organization and improve its operations (Marais 2004) and quality assurance and improvement program, shaping the processes through responses and feedback from internal auditors and audited entities (The Institute of Internal Auditors 2019). In this paper, adopting risk-based audit and quality assurance and improvement programs are used as dimensions of IA processes since these are the most important factors that shaped the IA processes.

Adopting Risk-Based Audit
Risk-based auditing is seen as a modern approach that assists organizations in recognizing the risks that limit their ability to meet their targets (Arena and Azzone 2009;Lenz and Hahn 2015). The internal auditing standards demand risk-based auditing, and standard 2010-Planning stated that "the CAE must establish a risk-based plan to determine the priorities of the IA activity, consistent with the organization's goals" (The Institute of Internal Auditors 2017, p. 10). Typically, planning is seen as a key audit activity and it includes preparing a strategic plan, annual plan, and programs for individual audit assignments, also proper planning allows a large number of audits to be carried out in a given timeframe by improving efficiency (Mihret and Yismaw 2007). From the agency theory perspective, Zainal Abidin (2017) highlights that the concept of agency theory evolved from the separation of the ownership (the board) and the agent (management), with a well-designed control and oversight system aiming to maximize the benefit to all parties. From this perspective, the IA's role is to monitor the actions and decisions made to execute the strategies in order to achieve the targets; thus, IA adopted a risk-based audit approach to ensure that risks associated with strategies are identified and mitigated properly and management is acting in accordance with the expectations of the owner. IA adopted a risk-based audit approach to achieve its effectiveness, since this approach allows effective utilization of resources and allows focus on important matters (Azzali and Mazza 2018). The risk-based audit approach goes beyond compliance and allows the IA to provide assurance on the effectiveness of risk management and internal controls (Lois et al. 2021). Additionally, when the IA is linked with risk management, it enables the IA to assist the organization's manager in understanding the weaknesses of internal control as well as enhance the communication between the internal auditors and auditees (Arena and Azzone 2009;D'Onza et al. 2015). Organizations identify controls to mitigate their risks, which makes risk management essential for IA effectiveness (Turetken et al. 2019). The value provided by IA increases when IA contributes to improving the effectiveness of risk management, whereas this contribution increases when IA uses a systematic approach when carrying out risk management assessment (D'Onza et al. 2015). Effective IA assessed the risks facing the organization and built an audit plan to address them, however, the risk assessment process must be dynamic and link changes in the company's risk profile to changes in the audit plan (Feizizadeh 2012). IA involvement in risk management enables it to update the audit plan based on the updated risks; nevertheless, internal auditors are concerned about their abilities to play a key role in risk management (Sarens and De Beelde 2006a).

Adopting a Quality Assurance and Improvement Program
A quality assurance and improvement program plays a key role in IA effectiveness. To demonstrate that IA is valuable to the organization and has a good reputation within the organization, IA must continuously evaluate its performance and improve its service quality (Mihret and Yismaw 2007). However, the quality of the audit work refers to the quality of IA activities (Endaya and Hanefah 2013;Mihret and Yismaw 2007). The quality of IA is determined through the internal capability to provide valuable and useful findings and recommendations; the quality of IA is an indicator of the level of staff competencies, the scope of work provided, and the extent to which audit is appropriately planned, executed and communicated (Mihret and Yismaw 2007). Moreover, the quality of IA refers to a set of IA activities: these activities include planning, supervision, fieldwork, reporting results, and recommendations as well as follow-up action plans on the recommendations (Endaya and Hanefah 2013). Furthermore, the quality of IA refers to the adherence to internal auditing standards (Arena and Azzone 2009;Cohen and Sayag 2010;Rupšys and Boguslauskas 2007;Turetken et al. 2019). A higher level of quality of IA work improves the IA effectiveness, where the quality of IA is understood in terms of adherence to internal auditing standards and a high level of planning and execution (Cohen and Sayag 2010). Therefore, performing auditing in accordance with internal auditing standards will contribute to the IA's effectiveness (Turetken et al. 2019). The conformance with internal auditing standards affects the IA's effectiveness and its ability to add value since the standards provide a framework for performance and a range of value-added activities (D'Onza et al. 2015). The internal auditing standards emphasize the importance of maintaining a quality assurance and improvement program that covers all aspects of the IA activities and continuously monitors its effectiveness (Standard 1300-Quality Assurance and Improvement Program). The quality assurance and improvement program includes an internal assessment and external assessment. These assessments are designed to enable the evaluation of IA conformance with internal auditing standards and code of ethics; evaluate IA efficiency and effectiveness; and provide an opportunity for improvement (The Institute of Internal Auditors 2017; Soh and Martinov-Bennie 2011).
The internal assessment provides an ongoing review of the IA performance, and a periodic self-assessment is conducted by someone within the organization having sufficient knowledge of internal auditing standards and practices. The external assessment provides assurance that IA work conforms with the internal auditing standards, and this assessment is conducted by an independent assessor from outside the organization (The Institute of Internal Auditors 2017). Once the quality of IA improved to a degree that meets the management interest, management support and commitment to implementing the IA recommendations would be a natural result since management realized the value and contribution of IA to the achievement of organizational goals; ultimately, this would positively enhance the IA effectiveness (Mihret and Yismaw 2007).

Internal Audit Resources
IA resources are an integral part of the IA's success, and they are the CAE and the IA staff matter (Lenz and Hahn 2015). IA work required experienced professional staff to undertake a wide range of audits, as well as the staff should have the necessary education, professional qualifications, and proper training (Al-Twaijry et al. 2003;Cohen and Sayag 2010). Some studies linked IA resources with internal auditors' competencies (Ahmad et al. 2009 . Internal auditors' competencies include significant operational experience specific to the organization; IT competencies; and other specific competencies such as judgment, adaptability, listening skills and persuasiveness, and strength of character (Roussy et al. 2020). Conversely, IA outsourcing provides the IA with experienced resources with specialized skills and also fosters the objectivity of the internal auditors and the independence of the IA (Dellai and Omri 2016). In this paper, internal auditors' competencies and IA outsourcing are used as dimensions of IA resources since these are the most important factors that shaped IA resources.

Internal Auditors' Competences
Internal auditors' competencies are critical for IA effectiveness (Al-Twaijry et al. 2003;Alzeban and Gwilliam 2014;Dellai and Omri 2016;George et al. 2015;Ta and Doan 2022). The competencies of internal auditors can enhance the effectiveness of the IA by improving the perception and recognition of their role within the organization (Arena and Azzone 2009). The internal auditing standards (Standard 1200-Proficiency and Due professional Care) emphasized that internal auditors must possess the knowledge and skills and other competencies needed to perform their individual responsibilities (The Institute of Internal Auditors 2017). Internal auditors must have the knowledge, skills, and other competencies that are necessary to perform their proficiency and due professional care responsibilities (Endaya and Hanefah 2013). A skilled auditor is more capable of completing audits, providing advice on how to improve the internal control system, identifying appropriate solutions based on his past experience, and dealing with conflict and complex situations (Arena and Azzone 2009).
Internal auditors utilize their knowledge to assess the objective and the scope of the audit engagements in order to determine how to complete the audit engagements effectively (The Institute of Internal Auditors 2019). However, despite the importance of internal auditor competence, most organizations tend to concentrate on establishing IA functions in order to meet the regulations without looking to the available resources, training, education, and qualification of auditors (Elmghaamez and Ntim 2016). Internal auditors perform a wide variety of audit engagements within the organization (Cohen and Sayag 2010). Therefore, it is essential to recruit internal auditors having experience, professional skills, and knowledge of a wide range of operations and systems, as well as it is important to improve their skills through continuous training and development (Mihret and Yismaw 2007). The development and training of internal auditors are very important to IA's success (Al-Twaijry et al. 2003).

Internal Audit Outsourcing
IA can be performed by an internal in-house team from the organization or outsourced to third parties (Dellai and Omri 2016;Turetken et al. 2019). Prior studies argue that IA outsourcing has advantages and disadvantages to IA effectiveness. Although that IA outsourcing enhances the objectivity of the auditor and the independence of the IA function (Dellai and Omri 2016), outsourcing the routine IA tasks threatens the independence and the quality of IA (Abbott et al. 2007;Selim and Yiannakas 2000). Outsourcing of the IA allows the forming of a team with specialized skills and decreases the cost of recruiting and training the internal team. However, outsourced internal auditors do not have the full picture of the organization's environment and culture and also face some resistance from the auditee to provide them with access to the necessary information and to identify critical issues (Dellai and Omri 2016). Despite outsourced IA improving IA effectiveness and having a positive influence on organization performance by reducing the risks and operating costs (Sudsomboon 2011;Prawitt et al. 2012), an in-house team is able to detect fraud more likely than the outsourced IA (Abbott et al. 2007;Coram et al. 2008;Selim and Yiannakas 2000). Moreover, considerations such as IA technological know-how, quality of IA services provided, and communication and coordination issues may play a role in the managerial decision to outsource the IA; however, issues such as the desire to protect the firm information and improve the organizational performance are important for the decision to in-house than the decision to outsource the IA (Sharma and Subramaniam 2005). From the external auditor perspective, an outsourced IA is more reliable than an in-house IA team, since the IA outsourcing is more competent and more objective than the in-house team (Ahlawat and Lowe 2004;Davidson et al. 2013); however, this reliance is decreased when the outsourced team provides additional services such as tax and consulting services (Desai et al. 2011).

Coordination with Other Assurance Providers
The increase in compliance requirements and business complexity drives organizations to establish many internal assurance providers and rely on external assurance providers. These assurance providers are charged with measuring and reporting risks, identifying control gaps, tracking remediation, and concluding whether control processes are operating effectively in specific areas, as well as providing assurance on areas they assessed and providing recommendations to strengthen the related controls which often in areas within the scope of IA's work (The Institute of Internal Auditors 2011). While internal assurance providers represent the oversight functions that are part of senior management or report to senior management, external assurance providers are assurance activities performed by parties outside the organization and may report to senior management or external stakeholders such as external auditor and statutory auditor (The Institute of Internal Auditors 2011, 2019). Organizations use a variety of internal and external assurance providers to assist the board of directors in carrying out their oversight responsibility and implementing effective governance practices, and some of these assurance providers include the functions responsible for compliance, legal, quality assurance, health and safety, corporate social responsibility, and IA and, outside the organization, including external auditors (Decaux and Sarens 2015).
Furthermore, IA coordination with internal and external assurance providers plays an important role in IA effectiveness. The internal auditing standards emphasize the effective coordination role of the CAE with other assurance providers; sharing the information among them, and considering relying on them to ensure proper coverage and minimize the duplication of efforts (Standard 2050-Coordination and Reliance); and considering the reliance on their results while communicating the IA overall opinion (Standard 2450-Overall Opinions). Internal auditing standards also emphasize the important role of IA in providing recommendations to improve the organization's governance processes for coordinating the activities and communicating the information among the board, external auditor, IA, other assurance providers, and management (Standard 2110-Governance) (The Institute of Internal Auditors 2017). However, the coordination process varies between organizations. In small organizations, informal processes could be found, while coordination in large organizations could be complex and formal (The Institute of Internal Auditors 2019). Coordination with other assurance providers is done through combined assurance implementation, where IA plays important role in leading this implementation (The Institute of Internal Auditors 2019). In addition, the external auditor is typically the main external assurance provider, whereas most of the previous studies focus only on it since an external auditor is mandatory for most organizations and other external assurance providers vary and depend on the nature of the organizations (Alqudah et al. 2019;Alzeban and Gwilliam 2014;Badara and Saidin 2014;Alzeban and Gwilliam 2014). In this paper, the leading role of IA in implementing the combined assurance and IA coordination with external auditors is used as dimensions of coordination with other assurance providers, since these are the most important factors that shape the IA's role in their coordination with other assurance providers.

Leading the Implementation of Combined Assurance
The combined assurance concept was adopted by the IIA as a responsibility for the IA to effectively coordinate with other assurance providers to ensure proper coverage of organization risks (The Institute of Internal Auditors 2019). Combined assurance is a new concept implemented by organizations. It aims to satisfy audit committees by providing them with confidence that the combined efforts of all assurance providers are sufficient to provide assurance that all significant risk areas have been addressed adequately and some controls exist to mitigate these risks (Schreurs and Marais 2015). From the agency theory perspective, IA is seen as an agent to the board of directors and the audit committee (principals) and agency problem exist when the principals entrust the agent; therefore, IA acts and lead the combined assurance implementation which aims to provide holistic coverage of the organization's business risks (Rossouw 2015). Combined assurance is a way for IA to coordinate assurance efforts with other assurance providers where this coordination improves the effectiveness of the IA by reducing the frequency and redundancy of the IA (The Institute of Internal Auditors 2019). Each assurance provider carries out its assurance role in isolation and reports its results separately (Schreurs and Marais 2015); this leads to a lack of consistency and transparency in assurance services and inefficiencies in risk management (Sarens et al. 2012;Schreurs and Marais 2015) as well as put auditee and management under pressure from assurance fatigue and assurance gaps (Decaux and Sarens 2015).
On the other hand, the isolation work of each assurance provider leads to providing the board and audit committee with multiple views; therefore, the board will not be in a good position to perform their monitoring role, and this negatively affects the governance (Sarens et al. 2012;Decaux and Sarens 2015; The Institute of Internal Auditors 2019; Kurnia and Yulian 2018). Consequently, coordination is important among these assurance providers (Decaux and Sarens 2015;Schreurs and Marais 2015). Some studies found that IA is in an ideal position to lead the implementation of combined assurance as well as report the combined results of other assurance providers because IA has a holistic view of the organization's risk and control environment (Decaux and Sarens 2015;Kurnia and Yulian 2018;Schreurs and Marais 2015). Leading the combined assurance implementation will improve the stature of the IA in the organization and also help IA become more effective by addressing areas that have not been covered by other assurance providers and facilitating auditee cooperation with the IA and assisting them in resource planning in order to facilitate the assurance work (Kurnia and Yulian 2018). However, leading the implementation of the IA is misunderstood as the IA is leveraging on it instead of collaborating with other assurance providers (Decaux and Sarens 2015;Rossouw 2015) and may also cause a conflict of interest and affect the IA independence (Schreurs and Marais 2015).

Internal Audit Coordination with External Auditor
Despite the external auditor's scope of work considered while implementing the combined assurance, this consideration is used only to ensure that there is holistic coverage for the organization's business risks. However, even if combined assurance is effectively implemented, the IA coordination with the external auditor cannot be ignored to achieve IA effectiveness. In addition, although internal and external audits performed different roles, both complement each other. While the external audit is concerned with inaccuracies and misstatements that affect the financial information, IA is more concerned with nonfinancial information related to governance, risk management, and internal controls (Chartered Institute of Internal Auditors 2020). Higher external audit quality drives the assurance value, which reduces the bias in management reporting and adds credibility to a company's finical statement (Boubaker et al. 2018). Therefore, effective cooperation between internal and external audits will be beneficial for both of them and for the organization they serve (Endaya 2014). However, despite there being a good relationship between IA and external auditors, the levels of mutual reliance between them vary (Soh and Martinov-Bennie 2011). Some studies show that a closer relationship between internal and external audit positively and significantly correlated with IA effectiveness; IA coordination with the external auditor is essential for IA effectiveness through maintaining good coordination and cooperation lead to a good relationship; sharing valuable information and opinions; joint planning and sharing plans; preventing unnecessary duplication of work; and exchanging important materials to facilitate higher quality audits (Alqudah et al. 2019;Alzeban and Gwilliam 2014;Badara and Saidin 2014). Furthermore, cooperation between internal and external audits provides a means for faster fraud detection (Alqudah et al. 2019;Endaya 2014). Moreover, a constructive relationship based on regular communication and sharing of information has a benefit to the organization they serve and a close and constructive relationship also leads to the efficient use of resources (Chartered Institute of Internal Auditors 2020). In addition, a cooperative relationship creates a strong accountable relationship where IA becomes more effective when the relationship is strong (Alqudah et al. 2019).

The Conceptual Model
This paper attempts to articulate a conceptual model based on previous literature. The above literature analysis provided the theoretical foundation for the model development. Based on the literature review, this paper discussed the influential factors of IA effectiveness; drawing on this discussion, we propose a conceptual model that explains the relationship between the influential factors and IA effectiveness, as shown in Figure 2. The literature analysis shows that many factors affect IA effectiveness, and the conceptual model clearly shows the dimensions for IA organizational characteristics, IA relationships, IA processes, IA resources, and IA coordination with other assurance providers. The literature analysis revealed that IA organizational characteristics are part of the organization's context, where the IA status is shaped, and their independence gained by reporting to the level with the organization allows it to perform without obstacles and assist it in communicating IA results objectively without influence from the auditee and management. Additionally, IA size is part of the IA organization characteristics, where the IA should be adequately resourced to optimize the achievement of the IA plan and assist it in rotating the auditors to increase their objectivity as well as achieve the objectives of the IA successfully.
Furthermore, the literature analysis revealed that IA relationships are represented by dual-reporting relationships, functionally reporting to the audit committee and administratively reporting to a level within the organization that allows IA to fulfill its responsibilities. A positive relationship with the audit committee facilitates the role of IA and supports it to address its concerns and become more effective in improving the organization. In addition, the relationship with senior management is very important to support the IA role. Senior management support is essential for IA effectiveness, which is also crucial for maintaining the IA independence, facilitating the communication of IA requirements, providing IA with appropriate budget and resources as well as it is important for the senior management commitment to implement IA recommendations. Moreover, based on the literature, IA processes are crucial for IA effectiveness, IA processes are shaped by adopting a risk-based audit approach and adopting a quality assurance and improvement program. Risk-based audit affects audit priorities and areas to be considered during the audit and the resources needed and audit tools and techniques used, whereas adopting a quality assurance and improvement program is designed to ensure that IA follows the internal auditing standards, where performing audit work in accordance with internal auditing standards will contribute to the IA effectiveness.
assist it in rotating the auditors to increase their objectivity as well as achieve the objectives of the IA successfully. Furthermore, the literature analysis revealed that IA relationships are represented by dual-reporting relationships, functionally reporting to the audit committee and administratively reporting to a level within the organization that allows IA to fulfill its responsibilities. A positive relationship with the audit committee facilitates the role of IA and supports it to address its concerns and become more effective in improving the organization. In addition, the relationship with senior management is very important to support the IA role. Senior management support is essential for IA effectiveness, which is also crucial for maintaining the IA independence, facilitating the communication of IA requirements, providing IA with appropriate budget and resources as well as it is important for the senior management commitment to implement IA recommendations. Moreover, based on the literature, IA processes are crucial for IA effectiveness, IA processes are shaped by adopting a risk-based audit approach and adopting a quality assurance and improvement program. Risk-based audit affects audit priorities and areas to be considered during the audit and the resources needed and audit tools and techniques used, whereas adopting a quality assurance and improvement program is designed to ensure that IA follows the internal auditing standards, where performing audit work in accordance with internal auditing standards will contribute to the IA effectiveness.
On the other hand, IA resources are analyzed in the literature, IA competencies are important to perform the IA responsibilities effectively, and IA staff should have the required education, skills and training to work effectively. Moreover, the other dimension of the IA resources is outsourcing, outsourcing enhances the independence of the IA function and the objectivity of the internal auditors as well as provides the IA with experienced resources with specialized skills. Finally, the literature analysis showed that IA should consider the coordination with other assurance providers, and this consideration can be through leading the implementation of combined assurance and coordination with the external auditor. IA effectiveness is affected by combined assurance implementation, through the combined assurance implementation IA can reduce the frequency and redundancy of the IA. In addition, coordination with the external auditor facilitates sharing val- On the other hand, IA resources are analyzed in the literature, IA competencies are important to perform the IA responsibilities effectively, and IA staff should have the required education, skills and training to work effectively. Moreover, the other dimension of the IA resources is outsourcing, outsourcing enhances the independence of the IA function and the objectivity of the internal auditors as well as provides the IA with experienced resources with specialized skills. Finally, the literature analysis showed that IA should consider the coordination with other assurance providers, and this consideration can be through leading the implementation of combined assurance and coordination with the external auditor. IA effectiveness is affected by combined assurance implementation, through the combined assurance implementation IA can reduce the frequency and redundancy of the IA. In addition, coordination with the external auditor facilitates sharing valuable information and opinions, joint planning and sharing plans; preventing unnecessary duplication of work; and exchanging important materials to facilitate higher quality audits. Overall, all of the above factors are influential for IA effectiveness.

Conclusions
This paper summarized the influential factors of IA effectiveness based on an extensive literature review and argued that the body of knowledge needs a model that provides a holistic view and shows the relationship between the influential factors and IA effectiveness. Based on a systematic literature review (SLR) covering the period from January 1999 to March 2022, our research expands the internal auditing body of knowledge by attempting to capture the influential factors of IA effectiveness into one conceptual model. The existing literature on the factors that influence IA effectiveness is mostly focused on identifying the key factors that influence IA effectiveness, without major attention given to which conceptual model is appropriate in order to enrich the internal auditing theory; there is also no consensus among researchers about the optimal model for IA effectiveness.
Additionally, most researchers investigated different factors individually based on the objectives of the research without justifications on why they did not include the other factors in their studies. There was an evident need to develop an IA effectiveness model that integrated all the influential factors and their dimensions. This paper, first, discussed the concept of IA effectiveness based on the existing literature to reach an understanding of what IA effectiveness means. Then, we discussed the influential factors of IA effectiveness and its dimensions. After that, we proposed a conceptual model based on what the literature says, the model is built on and extends Lenz et al. (2014) and Roussy et al. (2020) models. The contribution of this paper is related to the fact that the proposed model includes a holistic view of the influential factors and their dimensions are clearly identified in the model, and the model clearly takes into consideration the role of IA in leading the implementation of combined assurance since this role is a new phenomenon and should be considered as a factor of IA effectiveness. The proposed model will drive future studies to test the model and build on it as well. Furthermore, the proposed model in this paper needs empirical validation to extract the most important determination of IA effectiveness and the most significant factors. Moreover, the proposed model provides an opportunity to study the relationships between the influential factors, this could be possible through empirical study or to understand these relationships through case studies taking into consideration the agency theory and the institutional theory. In addition, based on the proposed model, comparative studies between IA functions existing in different industries or countries will provide insights into the key factors associated with IA effectiveness.
Furthermore, IA effectiveness has been traditionally examined by researchers as a unidimensional variable across different contexts (Alqudah et al. 2019;Al-Shbail and Turki 2017;Al-Twaijry et al. 2003;Alzeban and Gwilliam 2014;Alzeban 2010;Badara and Saidin 2014;Bednarek 2018;Cohen and Sayag 2010;Dellai and Omri 2016;Endaya and Hanefah 2016;George et al. 2015;Onay 2021;Salehi 2016;Ta and Doan 2022); therefore, there is an opportunity for qualitative research to look more deeply into IA effectiveness and identify its dimensions, this is will not be possible without considering the main objective on the internal auditing profession. Practically, the proposed model provides IA practitioners, audit committees, and senior management with a broad understanding and holistic view of the key factors that should be considered when they want to make their IA functions more effective and boost the role of IA in their organizations. Moreover, this paper provides insights and opportunities to policymakers and regulators to take into consideration the key factors of IA effectiveness while improving their corporate governance legislations. Finally, the current paper is not free from limitations. A potential limitation is that the literature reviewed by this study is limited to academic studies; therefore, future research may consider gray literature to expand this study and provide further insight on the influential factor of IA effectiveness.