Should banks rely solely on internal audit?
Independence is not merely a technical requirement in professional standards; it is the moral backbone of credibility.
Published: 06:02 PM,Feb 19,2026 | EDITED : 10:02 PM,Feb 19,2026
Another new course begins this semester — Auditing and Assurance — one of the subjects closest to my professional journey in banking, risk control, and governance.
Teaching this course at university level is not merely about explaining standards and procedures; it is about shaping how future professionals understand responsibility, independence, and public trust.
From the very first chapter, a seemingly simple question from the classroom sparked a deep and meaningful debate: should banks and large organisations rely only on internal audit to protect their financial integrity?
At first glance, internal audit appears to be a strong defence mechanism. It continuously reviews operations, assesses risk, and evaluates internal controls. Yet academically and practically, the issue of independence cannot be ignored. Internal auditors are employees of the organisation.
They are paid by management and often report administratively to senior executives whose decisions they are expected to review objectively.
According to Arens, Elder, and Beasley (2020), this structural relationship creates self-interest threats and familiarity risks that may weaken professional scepticism, even when ethical standards exist. This concern is well explained by agency theory, developed by Jensen and Meckling (1976), which argues that managers may pursue personal objectives rather than shareholders’ interests when monitoring systems are weak. Internal audit is designed to act as a monitoring mechanism, but when it is influenced by executive power, its effectiveness becomes questionable.
A friendly working relationship between the Chief Executive Officer, Chief Financial Officer, and Chief Internal Auditor may enhance communication, yet it also raises the risk of conflict of interest. In environments where performance pressure, bonuses, and reputation are at stake, silence can become more convenient than accountability.
The role of external audit emerged historically to address precisely this gap. External auditors are appointed by shareholders and are expected to remain independent of management influence, providing assurance that financial statements fairly represent economic reality.
DeAngelo (1981) emphasises that audit quality is closely linked to auditor independence and professional reputation, as credibility is the auditor’s most valuable asset in capital markets. Without independent assurance, financial reporting becomes vulnerable to manipulation.
The global financial crisis offered a painful real-world lesson on what happens when governance mechanisms fail collectively. The collapse of Lehman Brothers revealed how aggressive accounting practices were used to temporarily remove massive liabilities from the balance sheet to present a healthier financial position.
The well-documented “Repo 105” transactions allowed the firm to disguise leverage levels, misleading investors and regulators (Valukas, 2010).
What remains troubling is that internal controls, internal audit, senior management oversight, and external auditing all failed to stop or adequately challenge these practices.
This demonstrates that when organisational culture tolerates manipulation, even formal assurance systems can collapse.
Academic research consistently confirms that internal audit is most effective only when supported by strong governance structures. Gramling et al. (2004) found that internal audit functions deliver greater value when they are overseen by independent audit committees rather than management.
Likewise, Cohen, Krishnamoorthy, and Wright (2010) show that high-quality financial reporting improves significantly when audit committees actively engage with external auditors and challenge executive decisions. To strengthen these safeguards, control frameworks such as those issued by the Committee of Sponsoring Organizations of the Treadway Commission emphasise ethical culture, independent oversight, risk assessment, and transparency as the foundation of effective internal control systems. COSO makes it clear that controls are not just policies — they are deeply tied to leadership behaviour and organisational values.
Returning to the classroom discussion, the conclusion becomes evident through both academic evidence and historical experience: internal audit alone cannot guarantee financial integrity. It is an essential component, but only within a broader governance ecosystem that includes independent external audits, empowered audit committees, ethical leadership, and regulatory supervision. Where executive dominance overshadows control systems, opportunities for manipulation inevitably arise. In the banking sector, where leverage is high and public confidence is critical, the consequences of weak assurance are especially severe. Corporate failures do not remain confined to balance sheets; they spill into economies, governments, and societies, as seen during the global financial crisis. For students studying auditing and assurance, the discipline must be understood not as a mechanical compliance exercise but as a public trust profession.
Auditing ultimately demands courage — the courage to question powerful executives, to challenge unrealistic figures, and to report uncomfortable truths. Independence is not merely a technical requirement in professional standards; it is the moral backbone of credibility. If future auditors grasp this reality early in their academic journey, they will not simply become skilled accountants — they will become guardians of transparency in financial systems.