Examining Types of Audit Judgment and Objectivity Threat: Empirical Findings from Public and Private Sector Internal Auditors in Malaysia

Numerous incidents of continuous corporate collapses caused by fiduciary negligence of the corporate governance actor has led to diminishing public trust on the overall corporate governance system. Internal auditors, which are one of key corporate governance actors, have since recently come under criticism for failing to discharge their responsibility diligently. This has been evidenced by the revelation of scandals of well-known conglomerate, Toshiba, in a case of overstated profit by USD $1.8 billion, and Silver Bird Berhad, in a case of falsification of invoices worth RM64.7 million. Increasing number of litigation suits filed against internal auditor has proved that expectations from stakeholders and heightened scrutiny are mounting when things go wrong. In both the Toshiba and Silver Bird Berhad scandals, the internal auditors were accused of failing to assess the existence of accounting irregularities and fraud, leading to fraud becoming undetected and eventually huge losses and damage to the reputation Article Info Abstract

Increasing number of litigation suits against internal auditors has proved that there is heightened scrutiny on the quality of internal auditor's judgment. As internal auditor's judgment relies highly upon by the stakeholders, this paper aims to identify the types of audit judgment deemed to be critical for the success of an audit engagement. It also explores the types of objectivity threat experienced by Malaysian internal auditor. The present study also examined if there had been significant difference between objectivity threat experienced by public sector internal auditors and those of the private sector. The paper opted for an exploratory study using the questionnaires. A total of 150 copies of questionnaire were distributed to internal auditors working in private and public sectors. The findings indicated risk judgment (judgment on existing and emerging risk faced by organisation) as the most critical success factor in internal audit engagement. The findings also revealed that social pressure, cognitive biases, and intimidation as the top three threats that could threaten internal auditor objectivity, thus possibly affect internal auditor ability to make an objective judgment. However, this study found that there was no significant differences between the objectivity threats experienced by internal auditors in the private sector and those in the public sector. The research extent internal auditing literatures which focuses on the factors influencing internal auditor's objectivity, but tended to omit the impact of the objectivity on influencing internal auditor's judgment. This study has provided evidence of potentially serious risk of objectivity threats that may impair the internal auditors' objectivity, thus reducing their ability to make an objective judgment. This paper fulfils an identified need to study flaws in internal auditor's judgment and the existences of objectivity threat in Malaysian internal audit environment regardless either in public or private sector. of the two companies. In other words, the failure of the internal auditors to appropriately apply judgment could lead to audit failure and significant bad consequences to the company. President of Institute of Internal Auditor (IIA), Sir Richard F. Chambers concluded that this failure rooted from independence and objectivity issue (Chambers, 2015). The issue of "objectivity" becomes prevalent in the internal audit context due to the uniqueness of the internal audit's dual role functions (Stewart & Subramaniam, 2010). Internal auditor acts as an agent to monitor the effectiveness of the governance system (independence assurance on the effectiveness of internal control), and on the other hand, acts as one of the management partners (consulting and advising management on governance matters). The dual roles of the internal auditors as providers of both assurance services within the organization and consultancy services to managers expose them to the conditions that threaten objectivity (Jameson, 2011;Sarens et al, 2012). In making judgment, the internal auditor may be influenced by objectivity threats. Objectivity threats refers to situation or actions or relationships that are likely to lead the internal auditors to subordinate their judgment on the audit matters to that of others (Jameson, 2011, p.19).
Owing to the growing number of incidences of internal auditors' failure to consistently apply their judgment (Bhattacharyya, 2015;Chambers, 2015;Ibrahim, 2016;TheStar, 2012) and the serious risk of objectivity threats in clouding the internal auditors' judgment (Ali et al, 2012;Christopher et al, 2009;Goodwin & Yeo, 2001;Miller & Rittenberg, 2015;Rose et al, 2013;Stewart & Subramaniam, 2010;Zwaan et al, 2011), this study sought to address the following specific questions: RQ1: What is the most critical judgment made by internal auditors?; RQ2: Do Malaysian internal auditors encounter objectivity threats and which objectivity threats are the most prevalent?; and RQ3: Are there any significant differences between the objectivity threats experienced by internal auditors in the public sector and those of the private sector?. The result of this study that Internal auditors' failure to assess the existence of accounting irregularities and fraud risk has led to undetected fraud, huge losses and reputation damage of the companies involved.

Internal Audit Judgment
Study on audit judgment is crucial to evaluate the need for improvement, to identify the sources of internal and external factors and the remedies for such impairment (Bonner, 1999;Libby & Luft, 1993;Trotman, 1998). From the academic perspective, Bonner (1999) has defined judgment as "forming an idea, opinion, or estimate about an object, an event, a state, or another type of phenomenon" (p. 385). Meanwhile from professional point of view, Wedemeyer (2010) has defined audit judgment as "description of any decision or evaluation made by auditor, which influences or governs the process and outcome of an audit" (p. 320-321).
The internal audit profession is subject to conformance with the International Standards for Professional Practices of Internal Auditing (ISPPIA). ISPPIA do not precisely define judgment. However, the ISPPIA do justify the differences between the use of word "must" and "should", in which the former would specify compulsory whereas the latter, expected, conformance to the ISPPIA. The ISPPIA specifically state that the use of word "should" means conformance is expected unless, when applying professional judgment, circumstances justify deviation" (IIA, 2016, p.24). In contrast, the International Standards of Auditing (ISA) which apply to external auditors, in Para 16 of ISA 200 have defined professional judgment with more details as "the application of relevant training, knowledge and experience, within the context provided by auditing and ethical standards, in making informed decision about the courses of action that are appropriate in the circumstances of the audit engagement" (IFAC, 2009, p.7). Although ISPPIA do not have a specific explanation for professional judgment, both the ISPPIA and the ISA would require professional judgment to be applied throughout the entire audit process. In general, ISPPIA do highlight the importance of judgment in identifying matters significant to the audit. ISPPIA would require judgment to be applied at the planning stage (ISPPIA: Para 2010) and overall opinion of the conclusion reached (ISPPIA: Para 2420).
The auditing process is described as a sequence of processes (Bamber, 1980), which requires internal auditors to exercise their professional judgment. Asare et al., (2013) have identified five phases of internal control audit as depicted in Figure 1. Each phase of the audit process involves judgment, which includes: a) judgment on risk in planning phase; b) judgment on key controls in scoping phase; c) judgment on operating effectiveness in testing phase; d) judgment on control deficiencies in evaluation phase; and, e) judgment on audit rating in reporting phase (Asare et al., 2013). The performance of judgment made in the later stage is highly dependent on the judgment made in the earlier stages (ISA 200: A23), which justify the importance of professional judgments in auditing field (Trotman et al, 2011).
From the perspectives of ISPPIA, judgment on risk in the planning phase is critical for the success of an audit engagement. Chief Audit Executive (CAE) is required by Para 2010 to establish a risk-based plan to direct the internal audit activity (IIA, 2016). CAE would usually depend on the input from the risk judgment made by subordinates. The expertise (Para 1210.A2) of both, the CAE and the internal audit staff members in forming a sound risk judgment will determine the result of risk assessment exercise which is undertaken at least once a year. Specifically, Para 1220.A3 states that an internal auditor "must be alert of significant risk affecting the objectives, the operation and resources" (IIA, 2016, p. 7), be it the existing risk or emerging risk (Ibrahim, 2016;KPMG, 2008;Soh & Martinov-Bennie, 2011). There is growing adoption of risk-based internal auditing that is consistent with the requirement of the Standards which would require internal auditors to make a holistic judgment on risk (Robson et al, 2007).
From the Standards setter's point of view, risk-based audit not only improves auditors' knowledge about the company risk but indirectly helps to increase audit quality (Messier, 2014). The Governor of the Malaysian Central Bank, Bank Negara Malaysia (BNM), Datuk Muhammad Bin Ibrahim in his speech at the 5th Petronas Board Audit Committee (BAC) emphasized the importance of internal auditors' risk judgment as the key contributor to sound organizational governance and cautioned that failure to execute this could contribute to a disaster to the organization at large (Ibrahim, 2016). This notion is in line with the concern raised by Sir Richard F. Chambers, the President and Executive Director of the Institute of Internal Auditors (IIA) on the growing criticism of the internal auditors' risk judgment ability, as well as the heightened scrutiny on the role played by internal auditors in detecting and reporting the risk objectively (Chambers, 2015).Whereas, Audit Committee Chairman and CAE are of opinion that the role played by internal auditors in the risk is becoming more significant (Soh & Martinov-Bennie, 2011). It has been found that the internal audit function has evolved from "ticking the box" audit to more value-added, risk-based audit. This is consistent with the findings of Sarens et al (2012) which have confirmed that internal audit functions have added value to company governance through the use of risk-based audit plan. Despite the above support on the criticality of risk judgment in internal auditing process, insights from internal audit practitioners (both public and private sectors) in Malaysia are yet to be explored.

Objectivity Threats
From the Agentic Perspectives of the Social Cognitive Theory (APSCT), it has been argued that in many conditions, people do not have direct control over the social conditions and institutional practices that affect their day-to-day lives (Bandura, 2001). This limits the chances to secure the outcomes they desire, given the scarcity of time, energy and resources available. Within the internal auditing context, the internal auditors are surrounded with the social conditions (attitudes of the organization's members towards internal audit practices) and institutional practices (the reporting structure) that fall beyond their control. Specifically, in forming their judgment, the internal auditors may be influenced by objectivity threats, which can be any forms of conditions that may lead them to treat their audit-related judgment as less significant than that of others (Jameson, 2011).
A recent survey of approximately 500 CAEs from various business sectors around the world revealed that 49% of the respondents had been directed to avoid auditing higher risk areas, whereas 31% had been directed to purposely audit low risk areas (Miller & Rittenberg, 2015). Surprisingly, 78.9% of the respondents admitted to being directed by the executive management, while the remaining had been 5.0% by both the executive management and the audit committee, 5.0% by the counsel, 1.2% by the audit committee and 9.9% by others. Interestingly, Miller and Rittenberg (2015) also found that threats on risk judgment had also occurred even though in the presence of strong support from the executive management and audit committee, which indicated that the threats had not only come from the governing body, but also from functional areas of divisional management. Their study produced important findings on the potentially serious risk of objectivity threats on internal auditors' risk judgment. The flaws in internal auditor judgment were related to internal auditor dual reporting to both the audit committee as well as the executive management (Al-Twaijry et al, 2004;Chambers & Odar, 2015;Christopher et al, 2009;Munro & Stewart, 2011).
Besides dual reporting, the dual roles played by internal auditors could expose them to self-review threat and social pressure threat (Jameson, 2011;Stewart & Subramaniam, 2010). A number of studies have produced evidence that internal audit is involved in the consultancy job on top of their audit assurance function for quite some time (Hass et al, 2006;Nagy & Cenker, 2002) and this trend is expected to increase in the future (Selim et al, 2009). IIA (2016) has defined consultancy as: "advisory and related client service activities, the nature and scope of which are agreed with the client, are intended to add value and improve an organization's governance, risk management, and control processes without the internal auditor assuming management responsibility (i.e., counsel, advice, facilitation, and training)" (p. 2). The type of consultancy work performed by internal auditors includes risk management, governance, and contingency planning and disaster recovery (Selim et al., 2009). The objectivity of the internal auditor may be impaired when internal auditors take charge of audit (assurance) in the area that he or she previously involved in consultancy services (Hass et al., 2006). This leads to ambiguity and conflicts in the role played by the internal auditors. In this regard, Ahmad and Taylor (2009) have discovered that Malaysian internal auditors do not perceive a conflict between their assurance and consulting role. Nevertheless, Zwaan et al (2011) have found increasing involvement of internal auditors' consultancy in the area of risk management and this has impacted the intention of the internal auditors to report loopholes in the risk procedures to the audit committee. IPPF Practice Guide on Independence and Objectivity (Jameson, 2011) have listed nine main objectivity threats that could impair the internal auditors' objectivity as shown in Table 1. Social pressure threats may arise when an auditor is exposed to, or perceived that he or she is exposed to pressures from external parties.
Economic Interest This threat may arise when the auditor has an economic stake in the performance of the organization. An auditor may fear that significant negative findings, such as the discovery of illegal acts, could jeopardize the entity's future; hence, the auditor's own interests as an employee. This threat also arises when the auditor audits the work or department of an individual who may subsequently make decisions that directly affect the auditor's future employment opportunities or salary.

Personal Relationship
This threat may arise when an auditor is a close friend or relative of the manager or an employee of the audit client. The auditor may be tempted to overlook, soften, or delay reporting negative audit findings to avoid embarrassing the friend or relative.

Familiarity
This threat may arise because of an auditor's long-term relationship with the audit client. Familiarity may cause an auditor to lose objectivity during an audit by making the auditor overly sympathetic to the client. Alternatively, familiarity may cause an auditor to prejudge an audit client based on previous problems (or non-problems) and assume a posture consistent with the prejudgment rather than taking a fresh, objective look.

Cultural, Racial and Gender Biases
These threats may arise from cultural, racial, or gender biases. For example, in a multidivisional organization, a domestically based auditor may be biased or prejudiced against audit clients located in certain foreign locations. Alternatively, an auditor may be unduly critical of different practices and customs or of an audit client managed or staffed by employees of a particular race or gender.
Cognitive Biases These threats may arise from an unconscious and unintentional psychological bias in interpreting information depending on a person's role in a situation. For example, if someone takes a critical audit's perspective, he or she may overlook positive information. Conversely, if someone takes a positive facilitative perspective, he or she may discount negative information. In addition, an auditor may come with certain preconceived notions and tend to see evidence confirming such notions.
Self-Review Self-review threats may arise when an auditor reviews his or her own work performed during a previous audit or consulting engagement. For example, an auditor may audit a department repeatedly or in consecutive years, or the auditor may provide consulting services in connection with a system implementation that he or she subsequently must audit. Furthermore, the auditor may provide recommendations for operational improvements and subsequently review processes that were changed in accordance with those recommendations. All of these examples represent situations in which the auditor could conceivably become less critical or observant of the errors or deficiencies due to the difficulty of maintaining objectivity when reviewing his or her own work.

Intimidation
Intimidation threats arise when an auditor is deterred from acting objectively by threatsactual or perceivedor being overtly or covertly coerced by audit clients or other interested parties.

Advocacy
Advocacy threats arise from auditors acting biased in promoting or advocating for or against the audit client to the point that subsequent objectivity may be compromised.
Source: IPPF: Practice Guide on Independence and Objectivity (Jameson, 2011) As one of the key corporate governance actors whose opinion are highly relied upon by the other key corporate governance actors (BODs, AC including external auditors) (Trotman, 2013), each individual internal auditor needs to be able to manage objectivity threats to assure confidence in the services of the internal audit as an independent assurer. Failure to manage objectivity threat may impair the Malaysian internal auditors' objectivity, thus reducing their ability to make an objective judgment.

Public Versus Private Sector Internal Audit
One of the major differences in the governance of internal audit in public and private sectors is the organizational status of the internal audit. Organizational status of internal audit can be portrayed via the reporting line which refers to the organizational structure under which the Chief Internal Audit is appointed and oversighted (Goodson et al, 2012).
In Malaysia, there are differences in the reporting line of internal auditors working in the public and private sectors. The public sector internal auditor is an employee of the National Audit Department (NAD), who is placed under various ministries and reports to the Secretary General of the Ministry (Shamsuddin et al, 2014); whereas the private sector's internal auditor is an employee of the public business, who reports directly to Audit Committee. Ali et al (2012) have provided empirical evidence on the existence of independence threats in the internal audit of Statutory Bodies and Government-linked Companies in Malaysia. Such threats could possibly cause an impairment of the internal auditor's objectivity. This finding has been supported by Shamsuddin et al (2014) who have discovered that public sector internal auditors lack independence as they need to audit their own "boss". Although the private sector internal auditor reports directly to Audit Committee, the issue of independence has also been prevalent (Al-Twaijry et al, 2004). Reporting line for both sectors might give an impact on internal auditors' views on objectivity differently. As such, the present study aimed to further examine whether there had been a significant difference between the objectivity threats experienced by internal auditors in the public sector and those of the private sector. 1: There is a significant difference in the internal auditors' experiences in the private and public sectors in terms of existence of objectivity threats in the Malaysian internal audit environment.

Sample Selection
The population for this study consisted of all registered members of the Institute of Internal Auditors Malaysia (IIA Malaysia). The sampling frame for the study was drawn from the Individual membership statistics of IIA Malaysia as of 31 March 2016. Participants for this study were 53 internal auditors in the public and private sectors. A questionnaire was developed from IPPF: Practice Guide on Independence and Objectivity (Jameson, 2011). Table 2 presents the selected demographic characteristics of the participants in this study.

FINDINGS
Based on demographic analysis, there were twenty-four male and twenty-nine female internal auditors, majority of whom were degree holders (60.0 %) with 25 (47.0 %) accounting degree holders and 7 (13.0 %) non-accounting degree holders. Fourteen (26.0 %) of the respondents were Master's degree holders, while the rest were had Diploma, Doctor of Philosophy, and Professional qualifications. All 53 internal auditors comprised of four Chief Internal Auditors (CIA), six senior managers, fourteen managers, eight assistant managers, five senior executives, nine executives, and seven others. Meanwhile, 65.0 % of the respondents had more than five years of experience (21 with less than ten years of experience and 13 with more than ten years of experience). Twenty-five respondents were internal auditors in the public sector, whereas twenty-eight were internal auditors in the private sector.
The first the objective of this study was to explore the most critical audit judgement experienced by internal auditors. The results have shown that internal auditors in Malaysia perceived risk judgment as the most critical success factor in the internal audit process, as opposed to other types of judgment (i.e., judgment on key controls, judgment on operating effectiveness, judgment on control deficiencies and judgment on audit rating). The respondents were required to rank from 1 (most critical) to 5 (less critical) based on their experiences in making judgment in internal audit process. Figure 2 shows that 30 respondents (62 %) perceived that risk judgment would be the most critical judgment (ranked No. 1 the most) needed to ensure the success of a particular audit engagement. Internal auditors in the present study ranked judgment on audit rating and judgment on control deficiencies as the second and third critical judgment in internal audit process. This finding are consistent with those of other past studies (Chambers, 2015;Ibrahim, 2016;Messier, 2014;Robson et al, 2007;Sarens et al, 2012;Soh & Martinov-Bennie, 2011) which stresses the importance of risk judgment in determining the success of an audit. This evidence provides a basis for future study on the flaws of internal audit judgment, where focus should be directed towards "what could influence internal auditors' risk judgment". The flaws in risk judgment might resulted in audit failure.
As sources of information highly rely upon by multi-stakeholders such as Board of Director, management and external auditors (Trotman, 2013), the internal auditors' judgment is crucial for other stakeholders' judgment on critical business decisions. For example, the external auditor as one of the stakeholders, is required by the revised International Standards on Auditing (ISA) (effective from 15 December 2016) to comment on Key Audit Matters (KAM) in audit client financial statement, in which indirectly increases the accountability of the internal auditor to make a sound risk judgment. The President of Institute of Internal Auditors (IIA) Malaysia, Lucy Wong has stressed that KAM is one of the high risk areas that should be addressed by internal auditors . Obviously, the key success factors for internal audit engagement is the risk judgment which is required by the Standards for internal auditors to successfully prepare a well risk-based audit plan.
The second objective of this study was to explore whether the internal auditors encountered objectivity threats. The finding indicated in Table 3 indicated that internal auditors in Malaysia had encountered all nine objectivity threats (social pressure, economic interest, personal relationship, familiarity, cultural, racial and gender biases, cognitive biases, selfreview, intimidation and advocacy) as listed in the IPPF: Practice Guide on Independence and Objectivity (Jameson, 2011). Meanwhile, results have also shown that 98% of respondents had admitted to social pressure threats (M=4.53, SD=1.45) as being the most prevalent of all threats in the Malaysian internal audit environment. This is followed by both indications of cognitive biases threats (M=3.98, SD=1.47)) and intimidation threats (M=3.92, SD=1.62) by 92% and indication of familiarity threats (mean=3.89, SD=1.78) by 90%. Social pressure by definition is a threat that may arise when an internal auditor is exposed to, or perceives that he or she is exposed to, pressures from external parties. In contrast, intimidation threat is the threat that may arise from actual or perceived pressures, or being obviously or secretly pressured by audit clients or other interested party (Jameson, 2011). In both conditions, an internal auditor may be deterred from acting objectively by external forces, for instance, the executive management or divisional management. In similar vein, Miller and Rittenberg (2015) have also found that the internal auditor has experienced such pressures. The findings of their study showed that these pressures could be: a) being directed to suppress or significantly modify a valid internal audit finding (55%); b) being directed to avoid auditing higher risk areas (49%); and, c) being directed to purposely audit low risk areas (31%). Both researchers also discovered that an astonishingly high percentage of respondents in their study (78.9%) had admitted to being directed by the executive management. The remaining directives had come from both executive management and audit committee (5.0%), the counsel (5.0 %), the audit committee (1.2%) and also others (9.9%). In addition, Miller and Rittenberg (2015) discovered another fascinating evidence of the threats occurring in spite of the existence of solid backing from executive management and audit committee, which showed that such threats may not only come from the governing body, but also from functional areas of divisional management. The results of the current study have indicated that there were loopholes in the governance of internal audit, particularly in the aspect of reporting line (Chambers & Odar, 2015) which would need to be addressed to ensure that internal auditors could discharge their duties objectively. These results have been found to be consistent with the findings of the past studied by Ali et al (2012) and Shamsuddin et al (2014) which confirm that the internal auditors are threatened to the extent that they are hindered from discharging their duties efficiently and effectively.
In contrast to social pressure and intimidation, cognitive biases originate from the internal auditors themselves. Cognitive biases is defined as a threat that may arise from an unconscious and unintentional psychological bias in interpreting information (Jameson, 2011). In this condition, internal auditors may have predetermined notion and tend to find evidence to confirm the notion while neglecting important information. This finding indicate that there might be lack of attention on the needs of professional scepticism in the internal audit profession. While ISPPIA are silent about the concept of professional scepticism, ISA 200 (applicable for external auditors), stress the need for "an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence (ISA 200, para 13(l), p. 79)" (IFAC, 2009).
Overall, in addressing RQ2, the results of the present study have been consistent with those of the past studies conducted in other jurisdictions which reported social pressure threats (Stewart & Subramaniam, 2010) as the major objectivity threat. However, it was discovered that the Malaysian internal auditors had experienced low occurrence of self-review threats (M= 3.85, SD=1.54) as compared to other jurisdictions, for instance, in singapore (Goodwin & Yeo, 2001). In addition, Ahmad and Taylor (2009) found that Malaysian internal auditors had not perceived a conflict between their assurance and consulting role, thus experienced low selfreview threat.
The third objective of this study was to examine whether there was significant differences between objectivity threats experiences by internal auditors in the public sector and those of the private sector. Table 4 presents the results of the Independent Group t-test: The results of the t-test have revealed that there was no significant differences of types of objectivity threats encountered by internal auditors in the private sector (n=28) and in the public sector (n=25). This indicated that, regardless of the organizational structure (i.e., reporting line), internal auditor agreement on the existence of objectivity threats had been consistent. Social pressure threats were found to be the highest among internal auditors in both sectors but with no significant differences in the mean score of the perceptions of the internal auditors in the private sector (M=4.64, SD=1.45) and that of the internal auditors in the public sector (M=4.40,SD=1.47);t=0.605,p= 0.548). This finding has provided the rationale to justify the seriousness of the loopholes in the internal audit governance as discovered in the answer to RQ2. In both the private and the public sectors, the governing body has failed to provide the necessary safeguard to enable internal auditors to discharge their duties independently and objectively. Goodson et al (2012) have highlighted that internal auditors should be placed in the position that would provide adequate safeguard to hinder any disturbance from audit client. Figure 3 shows the mean scores of objectivity threats of the internal auditors in the private sector and public sector. Comparison of the mean scores between both sectors for each objectivity threats has shown that, social pressures (M=4.64, SD=1.

CONCLUSION
Recently there have been a growing criticism on internal auditors for the failure to discharge their responsibility diligently. Internal auditors' failure to assess the existence of accounting irregularities and fraud risk has led to undetected fraud, huge losses and reputation damage of the companies involved. This warrant further investigation to identify the sources of the failure in judgment and the areas for improvement. This study has provided evidence of internal auditors' agreement on the importance of risk judgment as a critical success factor in the audit process. This is consistent with the ISSPIA, past studies and also regulators opinion. Future research which aims to investigate the factors that contribute to the flaws in internal auditors' judgment should focus on the risk judgment (i.e., internal auditors' ability in assessing risk).
Furthermore, this study has yielded valuable empirical evidence of the existence of all nine objectivity threats within the context of the Malaysian internal audit environment as listed by IPPF (social pressure, economic interest, personal relationship, familiarity, cultural, racial and gender biases, cognitive biases, self-review, intimidation and advocacy). This study has found that Malaysian internal auditors perceived that social pressures, cognitive biases and intimidation to be the most prevalent threats in their environment.
The existence of social pressure and intimidation threats signal the loopholes in the current governance especially in the context of reporting line of internal auditors regardless of the sector, that is, whether public or private. It can be concluded that internal auditors have been hindered from discharging their fiduciary duty independently and objectively. This could be a major source of failure in internal auditors' risk judgment, or in other words, failure to detect and report fraud and irregularity objectively. In addition to social pressures and intimidation threats, internal auditors also acknowledged the existence of cognitive biases (psychological threats) which would indicate the needs for more attention being paid to the importance of the concept of professional skepticism in the internal audit profession.
Overall, this study has supported the findings of previous studies on the prevalence of social pressures as one of the most serious threats in the literature of internal audit. However, the present study has also produced contradicting results in terms of self-review being a threat within the context of the Malaysian internal audit environment. Hence, the researchers in the present study hold the view that this should and will be further investigated in future research in this area especially in relation to the impact of the most prevalent objectivity threats, namely, social pressures, cognitive biases, and intimidation on the internal auditors' risk judgment.

Implications and contributions of the study
The findings related to the importance of risk judgment should be able to provide guidelines for internal auditors on how to plan their audit and allocate extra time on risk judgment. The quality of overall audit process could be enhanced if internal auditors outperform the risk judgment stage. The results of the present study have highlighted the area for improvement in the flaws of the internal auditors' judgment in which remedy could be initiated at individual level, that is, by providing training to improve internal auditors' risk judgment.
Meanwhile, the findings related to objectivity threats would have implications in terms of theory, practice and method. Theoretically, the existence of objectivity threats in the Malaysian internal audit environment, can be explained by the APSCT (Bandura, 2001) in which people do not have direct control over the social conditions (the attitudes of the organization's members towards internal audit practices) and institutional practices (the reporting structure) that might affect their day-to-day lives.
Practically, empirical evidence is important to create awareness among the individual internal auditors as well as their stakeholders on the conditions that could impair the internal auditors' objectivity (i.e., reporting line, performance evaluation). In order to be able to perform internal audit engagement with an unbiased mental attitude, individual internal auditors should recognise the possible action, situation or relationship that could threaten their objectivity. Once the objectivity threats have been identified, internal auditors could implement the possible mitigating factors that may reduce or eliminate the threats, thus enhancing the quality of assurance made. The ability of internal auditors to balance their commitment towards the organization and profession will determine the quality of the internal audit. As sources of information rely highly upon by multiple stakeholders such as the BOD, AC and external auditors, the issue of internal auditors' objectivity needs to be addressed thoroughly. The results of the present study indicate the loopholes in the governance of internal auditing practices in Malaysia, regardless of the sector being private or public. The stakeholders, especially the management, could address such threats by implementing preventive measures at an organizational level to mitigate and manage the threat effectively. This is to ensure that the purpose of having internal auditors as the third line of defence is fully utilised. The evidence of the existence of objectivity threats would also be useful to IIA Malaysia as a professional body that oversees the development of internal audit profession in Malaysia. Improvement needs to be done to address the loopholes in the governance of internal audit.
In terms of method, data were gathered from the survey on professional internal auditors in both the public and the private sectors in Malaysia. This has contributed to the existing literatures on internal audit research in Malaysia by extending the findings of past studies (Ali et al, 2012;Md Ali et al, 2009;Shamsuddin et al, 2014) which utilised in-depth interviews of internal auditors in the public sector.