The importance of the supportive control environment for internal audit effectiveness – the case of Croatian companies

Abstract The paper investigates whether a supportive control environment is associated with the internal audit effectiveness and what characteristics of a control environment are important in this respect. A survey was conducted via a questionnaire on 54 mostly large companies in Croatia. Appropriate methods of statistical analysis were used in order to analyse the survey results. According to the research results, in the case of a supportive control environment there is a greater chance that the internal audit will be effective and that its recommendations will be taken into account to a greater extent. In addition, the survey results showed a statistically significant correlation between perceived internal audit effectiveness and a higher level of supportive control environment.


Introduction
Due to its role in corporate governance, the effectiveness of the internal audit is extremely important and the continuous improvement of its effectiveness is one way to improve the effectiveness of corporate governance as a whole. An internal audit is defined as '...activity designed to add value and improve organisation's operations... ' (IIA Global, 2015). An internal audit adds value to the company by fulfilling specific goals for which this activity is established. In other words, the scope of the internal audit's objectives affects its ability to add value to the company. If we define the ability to achieve the objectives as effectiveness, it is possible to conclude the following: the internal audit effectiveness affects the ability of the internal audit to add value to the company.
Effectiveness is usually defined as the ability to achieve planned results or to achieve set goals. The definition of internal audit effectiveness is usually derived from these general definitions as a degree of accomplishment of the internal audit target or the level of achievement of its raison d' être or reason of existence (Getie Mihret & Wondim Yismaw, 2007, p. 106). Dittenhofer (2001, p. 445) defines internal audit effectiveness as a level of achievement of a desired state and set goals, and he believes that internal audit activity affects the effectiveness of the auditee. He considers testing and measuring the internal audit effectiveness to be KEYWORDS internal audit; internal audit effectiveness; control environment important, but points out that because of the complexity of the audit activity it is difficult to determine the criteria to measure its effectiveness.
In recent years, researchers have shown the importance of improving the internal audit effectiveness in order to continue to retain its importance in the company (Ernst & Young, 2010). Sarens (2009, p. 3) refers to the importance of research regarding the internal audit effectiveness and its impact on corporate governance, stressing that one can consider the internal audit to be effective only when its activity has a positive impact on the quality of corporate governance. His conclusion is based on considerations of Gramling, Maletta, Schneider, and Church (2004, p. 194-196), who considered internal audit as one of the 'corporate governance cornerstones' . He concludes that the quality of the internal audit affects relations with other participants of corporate governance (Executive management, Audit Committee and external auditor) and, consequently, the quality of corporate governance. Continuous improvement of internal audit effectiveness affects the improvement of the internal audit quality, considering that effectiveness and efficiency are indicators of quality (Vuko, 2009, p. 63).
Research related to the internal audit effectiveness, especially regarding the factors that are associated with it, are relatively new in the scientific literature within the field. The concept of internal audit effectiveness and the determinants that are associated with it have been explored only in the last few years. Research on a sample of Italian companies by Arena and Azzone (2009) is considered to be one of the first major empirical studies related to the internal audit effectiveness. Other studies, mostly based on the case study analyses (Ahmad, Othman, Othman, & Kamaruzaman, [Radiah], Othman R. [Rohana] & Kamaruzaman J., 2009;Al-Twaijry, Brierley, & Gwilliam, 2003;Cohen & Sayag, 2010;Getie Mihret & Wondim Yismaw, 2007;Getie Mihret & Zemenu Woldeyohannis, 2008;Getie Mihret, James, & Mula, 2010;Soh & Martinov-Bennie, 2011, Yee, Sujan, James, & Leung, 2008etc.) have not fully answered the many open questions regarding the determinants of internal audit effectiveness. Many authors (Ahmad et al.,2009;Arena & Azzone, 2009;Coram, Ferguson, & Moroney, 2008;Gramling et al., 2004;Sarens, 2009) have identified the constraints in the existing theoretical framework, particularly given the current context of corporate governance. At the same time, they emphasised the need to upgrade the existing research through further theoretical and empirical analysis of the concept of internal audit effectiveness and its associated determinants, taking into account the characteristics of the current environment, primarily corporate governance and the requirements placed upon the internal audit. It is important to conduct research regarding determinants of internal audit effectiveness in terms of less-developed corporate governance, such as Croatian, in order to identify variations in different cultural and economic environments.
The organisational climate affects the work of all employees including the internal auditors. The environment in which management is aware of the importance of controls and functions that review their effectiveness can have a dual impact on internal audit: facilitating communication with other employees, who often perceive an internal audit as a 'company police' , and better understanding of the internal audit role by management, which affects the relationship between internal auditors and management and affects benefits they both derive from their relation.
The Committee of Sponsoring Organisations of the Treadway Commission, known as COSO, announced in 1992 a framework for the implementation and evaluation of internal controls, in the publication Internal Control-Integrated Framework. The framework has become a generally accepted model (known as the COSO Model of Internal Control) in the scientific and professional literature in the field of accounting and auditing, and has been implemented in different national legislations. According to the COSO model (Committee  of Sponsoring Organizations of the Treadway Commission, 1994, p. 4) the control environment 'sets the tone of an organisation' , and affects the employee awareness of the control.
The term 'control environment' concerns the integrity, system of values and basic employees' attitudes on control and management. Special weight is put on the management philosophy, its leadership style and attitudes related to the sharing and accepting of responsibility (European Confederation of Institutes of Internal Auditing, 2007, p. 29).
Establishing a strong control environment through demonstration of integrity and ethical values, appropriate monitoring processes, the existence of adequate segregation of duties and a sense of responsibility for achieving objectives, affects the company' ability to withstand internal and external pressures (Committee of Sponsoring Organizations of the Treadway Commission, 2011, p. 26). By establishing policies and procedures, management structure provides a kind of 'tone at the top' that affects the universal ethical awareness in the company and, according to some studies (e.g., White & Lean, 2008), the precisely perceived integrity of leaders has an impact on the ethical activity of team members or employees, where they are less inclined to take unethical actions when they have a perception of a high level of integrity of their leaders. The term 'tone at the top' includes expected standards of conduct which are formed by the management, including the ones related to the internal control (Committee of Sponsoring Organizations of the Treadway Commission, 2011, p. 255). In the accounting and audit context, the link is often explored between the ethical climate in the company, established by the management structures, and financial reporting, and even the Treadway Commission (1987, p. 32, as cited in Arel, Beaudoin, & Cianci, 2011, p. 4) reported on 'signal at the top' as the environment within which the financial reporting takes place, as the most important factor that contributes to the integrity of the financial reporting process.
The explanation of the control environment offered by the COSO framework implies that it has an impact on all components of the internal control system, including the internal audit, which is usually considered in the context of the last component of the system, monitoring. Wallace and Kreutzfeldt (1991) examined the importance of certain characteristics of the company and control environment for the establishment of the internal audit function. The study resulted in the following findings: companies that have established an internal audit department are significantly larger, more regulated, more competitive, more profitable, more liquid and in these companies there was a greater communication regarding responsibilities and duties and they had more conservative accounting policies, which is directly related to the management philosophy and the leadership style with regard to the decision that the company' accounting policies are part of the management's responsibility. Goodwin-Stewart and Kent (2006), as cited in Sarens & Abdolmohammadi, 2011, p. 6) in their research on guidelines that are related to the existence of internal audits in a company concluded that the establishment of an internal audit is related to the degree of development of the risk management process. Similarly, Sarens andDe Beelde (2006a, 2006b, as cited in Sarens & Abdolmohammadi 2011, p. 6), based on the findings of their research concluded that certain characteristics of the control environment (for example, development of ethical values, the level of awareness about the importance of control and the existence of risk) is significantly associated with the role of internal audit in the company and affect the scope of its activities. Sarens and Abdolmohammadi (2011) in their study confirmed the relationship between the control environment and the size of the internal audit department, whereby the control environment was by characterized formalized demonstration of ethical values, a high level of awareness of controls and risks and their importance and clearly defined responsibilities for risk management and internal controls.
Although there is evidence of importance of control environment for the existence of the internal audit activity (Wallace & Kreutzfeldt 1991;Goodwin-Stewert & Kent 2006;Sarens & De Beelde 2006a, 2006bSarens & Abdolmohammadi, 2011), previous research studies have not greatly explored the correlation between the supportive control environment and the effectiveness of the internal audit. In an internal environment characterised by high awareness of controls and risk management it will be easier to understand the role of an internal audit with its monitoring task. This should result in greater cooperation and support for the internal audit department and organisation of an effective internal audit. Also, in the case of a supportive environment, internal auditors will not feel restrictions when they conduct activities and communicate their results. Therefore, the research hypothesis is developed as follows.
Hypothesis: The supporting control environment has a significant positive correlation with the internal audit effectiveness.

Measurement of internal audit effectiveness
The generality of the internal audit effectiveness definition provides interpretive freedom concerning measurement criteria which may vary in regard to the different internal audit customers. Although the report containing recommendations is the final result of the internal audit process, it can't therefore be taken as the achievement of the objectives. It may initiate the changes towards the desired objective only in the case if management decides to implement the recommended guidelines. Therefore, the value that the internal audit provides is greatly influenced by the way management understands and respects its recommendations. This approach to the concept of internal audit effectiveness is also supported by Cohen and Sayag (2010, p. 297), who took into account the views of Ransan (1955) and Albrecht (1988) (cited in Cohen & Sayag, 2010, p. 297) who considered that the internal audit effectiveness is not a variable whose value is possible to calculate and the success of the internal audit can only be measured in relation to expectations of significant stakeholders. However, some authors also support the other approach to the concept of effectiveness (Al-Twaijry et al., 2003;Getie Mihret et al., 2010), including the Institute of Internal Auditors (2010), according to which the level of internal audit effectiveness is defined as a degree of compliance with the guidelines of the International Standards for the Professional Practice of Internal Auditing (Standards). On the other hand, Dittenhofer (2001) believes that the effectiveness should be considered at the level of individual processes and considers the internal audit effectiveness through the following disposition: has the process that was reviewed actually improved, in cases where its improvement was needed. This means that effective internal audit activity corrects the failures of the process, if they existed, or if they did not exist, an internal audit is able to determine that.
Acceptance of different standpoints is also evident from the viewpoint of the Institute of Internal Auditors (IIA Global). According to the IIA Practical Guide, which provides guidance on ways to measure internal audit efficiency and effectiveness (The Institute of Internal Auditors, 2010, p.1), there are qualitative and quantitative ways of measuring these two dimensions, and it can also be measured with regard to compliance with the Standards. It also underlined the importance of obtaining feedback on the internal audit effectiveness from its customers.
Getie Mihret et al. (2010, p. 17) consider that the context in which it operates affects the internal audit effectiveness and upholds the level of compliance with the Standards as the most appropriate indicator of internal audit effectiveness. They believe that variations in the results of some previous studies related to the practice of internal audit can only be explained by the differences in contextual factors arising from the environments in which they were conducted and they encourage research on the internal audit effectiveness in different corporate governance contexts in order to promote the importance of the profession in contemporary organisational settings. The results of research conducted by Burnaby, Abdolmohammadi, Hass, Sarens, and Allegrini (2009) support that view, according to which there is a difference in the application of Standards between countries in Europe and the US, and the research of Sarens and Abdolmohammadi (2011) showed that the cultural differences between the countries are associated with the level of compliance and implementation of Standards.
Lately there have been some research efforts into the development of models for measuring IA efficiency. Alič and Rusjan (2011) developed the Audit Record Assessment Model (ARA model) 'for quantitative assessment of a quality management system internal audit findings showing their potential to contribute to the business performance' . Assessment outcomes of the ARA model: can be employed as indicators of the internal audit efficiency [...] and used to measure the efficiency of an IA and of the auditors involved in the same environment (organisational units, company) in the course of time. (Alič & Rusjan, 2011, p. 5403) Based on previous research, it can be concluded that there is no unique measure of internal audit effectiveness and it is often measured using partial measures (see Arena & Azzone, 2009, p. 48). One of these measures is the degree of accepted internal audit recommendations by management. It has been identified in previous studies regarding determinants of internal audit effectiveness (Arena & Azzone, 2009;Getie Mihret & Wondim Yismaw, 2007) and was also among the most common measures of the internal audit effectiveness used in practice (Ziegenfuss, 2000). Thus, it was also used as a measure of internal audit effectiveness within this research.
In reviewing the results and methodology of previous studies it is possible to unambiguously conclude that the absence of a unique measure for the internal audit effectiveness is due to different aspects of the factors that are associated with it. There is no 'ideal' measure of internal audit effectiveness but it is necessary to adjust its operationalisation to the related factors that are being analysed as independent variables. In that way, the concept of effectiveness contains its multidimensionality and the ways of its measurement should be adapted to the needs and requirements of the conducted research. An alternative understanding can have a negative effect on the possibility of understanding all the aspects of relations that are being analysed.
Taking into account all the above, there are two ways of measuring internal audit effectiveness within this paper: perceived effectiveness (among its primary stakeholders management and the audit committee) and the degree of accepted internal audit recommendations by management.

Methodology
Perceived internal audit effectiveness is chosen as one of the measures, taking into account the fact that an internal audit is not an end in itself but is established in order to, amongst other things, assist in carrying out the duties of its primary stakeholders. Measuring the perceived internal audit effectiveness was based on an analysis of the characteristics associated with the attributes of function, areas of its activity and relationships with the environment, which indicate the existence of internal audit capabilities to meet the needs and demands of its customers. In this way, the multi-dimensionality of the internal audit effectiveness is taken into account, which is the approach supported by previous research (Cohen & Sayag, 2010).
The perceived internal audit effectiveness was divided into two dimensions: the first contained attributes of the internal audit that point to its effectiveness and the second contained statements that described the internal audit impact on aspects that are important for company operation. There were 15 statements for measuring perceived internal audit effectiveness and they were intended for management and members of the Audit Committee.
The first dimension, as mentioned, contained attributes of effective internal audit (this measurement scale is encoded as IA_ effect) and comprised ten statements (from M1 to M10 in Appendix 1), describing: adequateness of internal audit knowledge concerning company operations, alignment of internal audit objectives with corporate objectives and needs of the internal audit customers, adequateness of the internal audit organisational position, scope of internal audit activities and methodology used for internal audit planning, internal audit focus on testing high-risk areas of the company, constructiveness and applicability of internal audit recommendations and adequateness of communication with an internal audit.
To measure the contribution of an internal audit to the company performance (second dimension of internal audit effectiveness, encoded as IA_contrib), various aspects of this contribution were analysed. There were five statements for measuring this dimension of internal audit effectiveness (M11 to M15 in Appendix 1) and they described: the impact of the internal audit recommendations on the improvement of business and governing processes, the impact of internal audit activity on improvements in the area of internal control, the value of information obtained from the internal audit as input into the managerial decision-making process and whether internal audit recommendations are taken into account in the managerial decision-making process. One statement (M 16 in Appendix 1) also described the usefulness of the internal audit and was not part of any dimension.
Perceived internal audit effectiveness (overall) was measured based on the degree of agreement with all 15 statements related to the features within the two aforementioned dimensions. Respondents were able to state their level of agreement on a scale of 1 to 5 (1 -completely disagree, 5 -completely agree), and the dimension scores present the un-weighted average of the statements (presented in Appendix 1).
The degree of accepted internal audit recommendations by management was also calculated as a measure of internal audit effectiveness.
Factors that describe the supportive control environment were measured with the average grade obtained from the level of agreement with statements in the questionnaire for internal auditors. They were based on elements of the control environment assessment in the COSO framework and previous research (Ernst & Young, 2003;Sarens & Abdolmohammadi, 2011;Roth, 2010). The factors are presented through 13 statements (in Appendix 2) that represent certain aspects of the control environment and the participants expressed their agreement with given statements on a scale from 1 to 5 (1 -completely disagree; 5 -completely agree).
The statements that constitute the variable control environment were also divided into two dimensions. The first dimension (encoded Supporting control environment 1) included statements that described the ethical awareness and philosophy and management style (from A1 to A6 in Appendix 2). The other dimension (encoded Supporting control environment 2) contains the remaining statements (from A7 to A13 in Appendix 2) and described the level of awareness for the importance of control, existence of enterprise risk management and its monitoring activities (primarily internal auditing).
The level of the supportive control environment (overall) is measured by the un-weighted average of the statements. Although the control environment can also be measured taking into account other factors of the COSO framework, the selected ones are considered to be particularly significant in the context of a research topic and are used in previous research (Goodwin-Stewart & Kent, 2006;Sarens & De Beelde 2006a, 2006bSarens & Abdolmohammadi, 2011 and considered significant in the context of the internal audit establishment. In order to determine the reliability of a scale for perceived internal audit effectiveness Cronbach's alpha was calculated for all the statements together and also for the individual dimensions (Table 1). According to the values of a calculated measure, there is a high internal consistency among statements, and the created measurement scale has a very good reliability (overall, and on the level on individual dimensions).
Descriptive statistics for the variable degree of accepted internal audit recommendations, within the questionnaire for internal auditors, are presented in Table 2. According to data from the Table 2, almost 80% of the internal audit departments from the sample have more than 80% of the accepted recommendations (corrective action) by the management on an annual basis, and the rest are between 50% and 80% (5.7%), or less than 50% (15% of internal audit departments). Given the above, this distribution was used to determine the less and more effective internal audit departments, and the limit value of more than 80% of accepted recommendations was taken as a reference to determine the level of internal audit effectiveness. Thus, 42 internal audit departments, which have more than 80% of the accepted recommendations, were categorised as effective, while the remaining 11 departments, which have less than 80% of accepted recommendations, were categorised as less effective departments.
In order to determine the reliability of the measurement scale for the supportive control environment and its dimensions, Cronbach's alpha (α) values were calculated and are presented in Table 3. Based on obtained results of the measure for internal consistency, there is a high reliability of measurement scales.
A survey was conducted among Croatian companies (banks and insurance companies, public companies of special national interest and companies listed on the Zagreb Stock Exchange) and the data were collected from December 2012 to April 2013. Respondents were internal auditors and members of senior, middle management and the Audit Committee. Questionnaires were sent to the 106 companies who declared the existence of an internal audit. Questionnaires from 54 companies were actually analysed (54 intended for internal auditors and 32 that were answered by managers and members of the Audit Committee.) The survey return rate was 50% for questionnaire intended for internal auditors and 30% in case of questionnaires for managers and members of the Audit Committee.
Internal auditors were mainly (87.04%) from large companies and 40.4% of companies were listed on Zagreb Stock Exchange. In addition, 59.3% of companies were from the financial sector. Regarding the attributes of internal auditors, 74.0% were Chief Audit Executives (Directors of Internal Audit) and in more than 50% of companies internal audit has been established for more than 10 years.
Regarding the attributes of the internal audit stakeholders from the sample, they mainly comprised Board Members (34.38%) and directors from financial (12.50%) and other sectors (34.38%) and around 15% were members of the Audit committee. They were mainly (81.25%) from large companies. Fifty per cent of the companies from this sample were from the financial sector, mainly not listed on the Zagreb Stock Exchange (56.25%).
The characteristics of respondents and companies that participated in the survey are presented in Appendix 3 (Tables 8-15).
The methods for testing the hypothesis were the independent t-test and Pearson's correlation coefficient. The independent t-test was used for testing the statistical significance of differences among average grades for supporting control environment considering the

Results
Based on the results of the t-test for independent samples (Table 4) it is possible to conclude that there is a statistically significant difference between effective and less effective internal audit departments in the average scores on a scale of supportive control environment (for a significance level of 5%). Given this, it can be concluded that companies with effective internal audits have, on average, a more supportive control environment. If the variable supportive control environment is divided in two dimensions, a statistically significant difference between a more effective and a less effective internal audit department in the average scores of a supportive control environment exists only on the other scale (supporting control environment 2) that describes the level of awareness of the company related to the control and risks, and again companies with an effective internal audit have a higher average scale.  Table 5. coefficients of correlation between variables supporting control environment and the perceived internal audit effectiveness.
**the correlation is statistically significant at 1% of the risk (two-way testing). *the correlation is statistically significant at 5% of the risk (two-way testing). symbols: N -number of respondents; r -correlation coefficient; p -calculated probability. source: Research results. Considering the results, it can be concluded, for a significance level of 5%, that the research hypothesis, in the case of the variable supportive control environment (overall), is supported. In addition, companies with a more effective internal audit, on average, have a more developed control environment in terms of awareness of the importance of risk and control (supporting control environment 2) than companies that have a less effective internal audit, and among them there is no difference in the level of development of ethical awareness and philosophy and management style (supporting control environment 1).
The hypothesis was also tested using the perceived internal audit effectiveness (perceived by management and members of the Audit Committee) as the dependent variable (Table 5).
Out of the two dimensions of the control environment, only supporting control environment 2 is significantly correlated with perceived internal audit effectiveness. This correlation is statistically significant for a significance level of 1%.
Two dimensions (scales) of internal audit effectiveness (IA_effect and IA_contrib) are both positively associated with the scale of the supportive control environment (overall). This correlation is statistically significant for a significance level of 1%. Thus, the perception of the characteristics of the internal audit that point to its effectiveness and the perception of internal audit usefulness to the company (M 16) are positively correlated with a supportive control environment, especially with the dimension related to the level of control and risk culture. This correlation is statistically significant for a significance level of 5%.
Based on the results, it can be concluded that when there is a higher degree of a supportive control environment there is a greater degree of perceived internal audit effectiveness by management and the Audit Committee. In addition, the perceived internal audit usefulness for internal audit customers is greater in these conditions. If the variable supporting control environment is divided into two dimensions, then this applies only for the second dimension, i.e., there is a positive correlation between the perceived internal audit effectiveness and the level of control and risk culture. This correlation is statistically significant for a significance level of 1%. These results are in agreement with previous ones, so it can be concluded that the supportive control environment is a significant factor of internal audit effectiveness.
In order to determine whether companies differ regarding the level of internal audit effectiveness when the independent variable supporting control environment is divided into groups according to the average, further analysis was conducted by dichotomisation of the independent variable, according to variable averages, with Fisher's exact test (Table 6). Zero (0) represents companies that are below average due to the value of the variable, and one (1) those that are above average.
According to the results, the chance that the internal audit is effective (their recommendations will be taken into account to a greater extent) is greater where there is a higher level of supportive control environment, but the significance is determined at a significance level slightly higher than 10%.
A bivariate binary logistic regression was also conducted, with the internal audit effectiveness as a dependent variable and a dichotomised variable supporting control environment as the independent variable (Table 7).
The significance of the variable supportive control environment as a predictor was determined at a level of significance that is slightly higher than 10%. At this level of significance, it can be concluded that in companies with an above-average supportive environment, internal audits are almost three times more likely to be effective than internal audits that operate in companies with below average levels of a supportive control environment.

Discussion and conclusion
Previous research has analysed the importance of a control environment for the existence of internal audit activity but has not greatly explored the correlation between the supportive control environment and the internal audit effectiveness. This paper argues that the supportive control environment is associated with the internal audit effectiveness. In order to test this hypothesis, a survey was conducted via a questionnaire on more than 50 mostly large companies in Croatia. Respondents were internal auditors and management and members of the Audit committee. Appropriate methods of statistical analysis were used in order to analyse the survey results.
According to the research results, there was a statistically significant difference between effective and less effective internal audit departments in the average scores on a scale of supportive control environment, which means that companies with a more effective internal audit have, on average, a more supportive control environment. In addition, companies with a more effective internal audit, on average, had a more developed control environment in terms of awareness of the importance of risk and control than companies that had a less effective internal audit, and among them there was no difference in the level of development of ethical awareness and philosophy and management style. This means that the existence of a more developed control environment in terms of awareness of the importance of risk and control has great meaning for an internal audit in terms of its effectiveness. This is consistent with the results of some previous research that showed how the existence of these features of the control environment is significantly associated with the role of an internal audit in the company and affects the scope of its activities (Goodwin-Stewart & Kent, 2006;Sarens & Abdolmohammadi, 2011;Sarens & De Beelde, 2006a, 2006bWallace & Kreutzfeldt, 1991). Also, the survey results showed a statistically significant positive correlation between perceived usefulness of an internal audit and a higher level of a supportive control environment. Under these conditions, therefore, the managers and Audit Committee take an internal audit to be more effective and the perceived usefulness that they expect from an internal audit is higher.
One of the limitations of the research is the size of the sample, which influenced the probability of significance for some research findings. A suggestion for further empirical testing is using a broader sample and quantitative research. In addition, it would be interesting to see whether there are differences in research findings among different sectors or industries as well as company sizes. Further research can also focus on how can companies evaluate their control environment to set the right expectations about the internal audit effectiveness.
Appendix 2. statements for measuring supportive control environment.

statements measurement scale supportive control Environment
Supporting control environment 1in your company: • there is a code of ethics / code of conduct (a1) • management has a low tolerance for violation of the provisions of the code of ethics/code of conduct (a2) • management has a low tolerance to breaches of regulatory requirements (a3) • management sets realistic goals against their employees with regard to the financial results (a4) • management gives more importance to the accuracy of the financial results disclosed in the financial statements of the company, than that they 'look good' (a5) • the management communicates with employees at lower levels (open doors policy) (a6) Lickert scale: (1 -completely disagree; 5 -completely agree) Supporting control environment 2in your company: • management believes that the company internal controls are important (a7) • management respects functions (departments) that are in the company responsible for the control (a8) • management timely corrects identified internal controls deficiencies (a9) • management gives importance to the existence of a general awareness of risk importance at all levels of the company and informing employees about the risk treatment (a10) • the company has a risk management framework that is established through written rules and policies (a11) • the responsibilities related to risk management and internal controls are clearly defined by the management (a12) • Before making important decisions managers use company procedures related to the analysis of associated risks (a13) (statements were intended for internal auditors and all contribute the same to the final score.) Appendix 3. attributes of respondents and companies from the sample.