An analysis of the internal audit function in the South African Department of Defence

The IAF assists organizations in achieving accountability and integrity, enhancing the implementation of organizational programs, fostering public confidence, and mitigating the risk of mismanagement of public funds. Even though the significance of internal audit functions has been acknowledged and recognized in South Africa, the South African public sector is plagued by numerous issues resulting from the IAF's poor performance. The purpose of this paper is to investigate the factors that influence the efficacy of the internal audit function (IAF) within the Department of Defense (DoD). The investigation employed a qualitative methodology. Twenty-five professionals were interviewed in depth, and the data were subjected to thematic analysis. Five factors have been identified as affecting the performance of the IAF within the DoD: limited resources, outmoded data collection techniques, a lack of automated data analytics software, the inaccessibility of audit records, and a lack of support from senior management. This article suggests that upper management invest in hiring competent and qualified personnel to automate its data collection and in purchasing data analysis software such as iAuditor, SAP, and TeamMate. It is recommended that audit records be well managed and securely stored and that internal auditors have complete access to information for conducting audits in all DoD sectors. The budget of the IAF within the DoD must


296
General of South Africa (AGSA) reported that only 114 (27%) of the 425 audited institutions received spotless audits and 187 (44%) received unqualified audits with findings. The remainder comprised 73 (17%) qualified audits with results, two (0.5%) adverse audits, and 12 (3%) disclaimed audits (AGSA 2020/21). Only 47 of the 163 audited government departments had clear audits (PMG, 2021). The Auditor-General also identified 237 material irregularities in 2020/21, of which only 17 had been resolved, indicating that he was unsatisfied with the accounting officers' response to the remaining 220 irregularities (AGSA 2020/21). Concerning the South African Department of Defence (DoD), which is the subject of our study, AGSA (2020AGSA ( /2021 noted that the IAF within the DoD had not completed all intended audits for the year under review. As of March 31, 2020, only 33 of the 56 intended audits had been completed, and the number (33) was revised to 36 without audit committee approval. In addition, the general report on PFMA audit outcomes revealed that DoD audits qualified with findings (AGSA 2019/2020). This result is concerning because it suggests that the auditee failed to account for its finances in order to achieve the best possible results between the fiscal years 2020/21 and 2019/20 (AGSA 2020/21; AGSA 2019/20). In addition, the 2021/22 fiscal year (AGSA 2020/22) was found to have been marred by $4,300,000 in futile and wasteful expenditures.
This article examines factors that may affect the performance of the IAF within the Department of Defense. The article supplements previous research on organizational efficiency and accountability. In addition, the article describes some internal auditing challenges faced by the IAF in South African government departments, particularly the Department of Defense. The article recommends automating data collection and data analysis software based on the findings of the study as valuable auditing tools and resources that will add value to the DoD's operations and ensure that the DoD achieves its goals.
The remaining sections of the article are structured as follows: Background and context are presented in the following section, followed by the research methodology and ethical considerations, the results and a discussion of them, recommendations and a conclusion.

Literature review
This section contextualises the IAF in general and the IAF in the South African public sector. It notes relevant concepts around the IAF and provides a brief history of its implementation in South Africa.

Conceptualising IAF and its advantages
The IAF provides assurance services by evaluating documentation to view and recommend an organisation's operations, procedures, and other relevant issues (Global Institute of Internal Auditors 2017:2). An internal auditor determines the types and extent of assurance involvement. In general, assurance services contain three parties: the process owner, the evaluator/auditor, and the user (Global Institute of Internal Auditors 2017:2). IAFs in the public sector primarily serve the purpose of assisting accounting officers in maintaining efficient and effective control in institutions that provide public services by assessing the controls (precisely, determining their effectiveness and efficiency) and by formulating recommendations that support the objective of enhancing and improving governance (National Treasury 2014). Baharud-din et al. (2014:127) indicate that auditing ensures that controls are in place by scrutinising rules and guidelines within an organisation to avoid the loss of financial resources and nonconformity, to offer practical assurance that public funds have been used efficiently and effectively. According to Soh and Martinov-Bennie (2011:607), auditing serves as the agent of Audit Boards, providing the Audit Board as a user with an uncontrolled and actual guarantee of adherence, risk guidance, and corporate governance. Soh and Martinov-Bennie (2011:607) also argue that the IAF nowadays generally consists of risk valuation, control guarantee, and oversight of adherence to work, which is linked directly to business direction. Consulting with management and conducting excellence audits are among other forms of assistance rendered by the IAF (Soh & Martinov-Bennie 2011:607). Stewart (2015:76) explains that after establishing a contractual agreement between the auditor and auditee, an audit engagement usually begins planning, which includes conducting a risk assessment and creating the audit strategy outlining the extent and objectives of the audit. The purpose of planning an audit is to identify challenging aspects that need to be adequately managed by the user to avoid misstatements on the financial records and to promote effectiveness within the auditing team (Asare et al. 2012:135). After that, auditors gather and review audit evidence before forming opinions about internal controls and the reliability of management's information (Stewart 2015:76). The evaluation phase involves severity assessment and verifying whether compensating control has been put in place (Asare et al. 2012:135). After the audit, the auditors present a structured report summarising their conclusions and recommendations (Stewart 2015:76).
The IAF has several purposes. These include risk management, compliance with legislation, monitoring internal acts and contracts, oversight over the efficiency, effectiveness and economy of operations, the safeguarding of assets and information, and the performance of tasks and achievement of goals. Risk management is a continuous process that involves identifying the relevant risks, estimating the particular level of risk tolerance, selecting suitable risk mitigation strategies, implementing these strategies, and analysing their impact (Dimova 2019:106). From a public sector point of view, the IAF detects and evaluates potential risks to the organisation. Thus, it helps organisations assess internal and external variables that may affect their ability to fulfil their mission and performance to implement necessary actions to prevent these impacts (Soh & Martinov-Bennie 2011:607). Dimova (2019:107) argues that the IAF examines the organisation's effectiveness, efficiency, and economy of activity. Baharud-din et al. (2014:128) point out that top management's support and commitment are essential to ensure internal auditors' effectiveness; without management agreement, support, and inspiration, the internal audit process is doomed to fail, wasting time and money. Efficiency is a quantifiable measurement, whereas effectiveness is a qualitative evaluation that may be used to evaluate the value provided by the IAF to the organisation (Dimova 2019:107). To ensure that the operations are performed economically, the IAF looks at whether plans are carried out appropriately (Mebratu 2015:4). Economy means acquiring the resources required by the auditee to perform its activities at the least cost while maintaining resource quality (Tsehay 2016:2).
The IAF is also responsible for monitoring an organisation's use of assets and information; thus, to maintain proper use of resources, the resources needed to perform the tasks must be kept and used effectively and conscientiously (Dimova 2019:107). Additionally, information should be kept and secured to be readily accessible when required and should not be abused (Mebratu 2015:4).
According to Dimova (2019:107), the IAF is also accountable for performance and objective attainment. The IAF keeps track of whether scheduled tasks are completed effectively and on time (Asare et al. 2012:135). If the organisation discovers that some tasks have been done incorrectly or late, managers should be provided with suggestions and guidance. The IAF oversees and measures the overall structural performance, giving non-biased reports and recommendations on how to enhance processes (Mupeta 2017:16). The IAF should be relied upon to provide assurance and consulting services, as well as to undertake investigations (Mupeta 2017:16). Beckmerhagen et al. (2004:14-15) suggest that to measure IAF effectiveness, one should assess the audit outcome not only against audit objectives but also against the process, execution and resources used for auditing.

The history of Internal Auditing Function (IAF) and its inclusion in the South African public sector
The importance of the IAF was recognised more widely by the 1950s in the United States and by the 1960s in Canada (Canada.ca, 2023). In 1950, the United States Congress recognised the significance of the IAF and passed a law mandating its inclusion in every executive agency's system of internal controls. In Canada, IAF was given priority through the Royal Commission on Government Organisations reports in 1962, which suggested that departmental leadership be accountable for implementing effective IAF procedures rather than depending only on the Auditor General to determine weak financial control (Canada.ca, 2023). There was then a call for all government departments and agencies to have internal audits as part of their financial management methods to comply with regulations (Canada.ca. 2023).
In the South African context, the realisation of the potential significance of the IAF in government departments emerged later than in the private sector; the motivation for instituting IAFs in South Africa was the same as that in Canada. The evolution of internal auditing in the public sector and interaction with the Institute of Internal Auditors South Africa (IIA SA) came to the fore in the latter part of the 20th century. In 1983, the IIA SA was founded, and cooperation between the IIA SA and the public sector became more visible in 1997, establishing internal audit forums. Since 1998, these forums have facilitated the meeting of Chief Audit Executives in the public sector to discuss current practices (Van der Schyf 2000:153). Over the last decade, the changes to the internal audit environment in South Africa have extended the roles and responsibilities of the head of the IAF, namely the Chief Audit Executive.
According to section 38(1), (a)(ii) of the PFMA, each South African national government department's accounting officer is responsible for ensuring that the department has an IAF, that an audit committee oversees and directs the IAF, and that the related Treasury Regulations are followed (RSA, 1999). According to sections 51(1)(a)(ii) and 76 of the PFMA, following preferred tendering rules, the IAF may be outsourced to an outside organisation with specialised audit knowledge. The IIA SA's guidelines must be followed when conducting internal audits. In coordination with the audit committee, the internal audit unit must create a rolling, three-year strategic internal audit plan, based on its evaluation of the public entity's critical areas of risk, considering its current operations, the operations envisioned in its corporate agenda, and its risk management strategy, as well as an annual internal audit plan for the first year of the rolling plan, and plans to outline the scope of the internal audits. The unit must also set up a modus operandi, with management inputs, to direct the audit relationship, and plans stating the scope of each audit in the annual internal audit plan. The unit must then submit reports to the audit committee outlining its performance against the plan to allow effective monitoring and intervention when necessary (RSA, 1999).
In support of the IAF, the National Treasury developed the Internal audit framework in the 2003/2004 financial year. The Framework derives its mandate from two pieces of legislation, namely the PFMA and the MFMA (RSA 1999(RSA , 2003. This Framework ensures that the internal audit activities comply with the requirements of the laws supporting this function, such as the Constitution of the Republic of South Africa Act, 108 of 1996 (RSA 1996), the PFMA, the Treasury regulations issued in terms of the PFMA (RSA 2001), the MFMA, the Institute of Internal Auditors' (IIA's) International standards for the professional practice of internal auditing, and the Committee of Sponsoring Organizations (COSO) framework on internal control, as well as the risk management framework (Egbunike & Egbunike, 2017;Van Rensburg, 2014;National Treasury, 2009:3;Mamaile, 2020).

Barriers to the IAF discussed in the literature
According to Friedberg and Lutrin (2001:335), internal auditors can only perform their duties if they have a sufficient budget and workforcethe effectiveness of the IAF is determined by the resources available. Commenting on the issue of resources, Earley (2015:197) acknowledges that many internal auditors do not have data analysis tools that automate processes and categorise irregularities. This forces them to use manually collected data, which is less accurate and is prone to errors caused mainly by transcription and calculation issues (Brundin-Mather et al. 2018:299). Inadequate data analysis techniques have a negative impact on the effectiveness of the auditor and the auditing team (Earley 2015:197). It is for this reason that professional auditing bodies encourage the use of innovation-grounded audits and additional document scrutinising methods to improve effectiveness in the auditing function (Li et al. 2018:64). Technology improves effectiveness in an organisation (Raphael 2017:32). Siyaya et al. (2021:4) argue that the ability of an auditor to use auditing software comprehensively can result in improved IAF effectiveness.
Although resources and human resources are vital, a proper audit environment is equally important. According to Ngoepe (2012:3), an absolute audit atmosphere is where auditors can arrive at an institution and be supplied with an assessment portfolio comprising financial statements that match all applicable supportive documentation in a similar portfolio or indicate where such documentation can be recovered with ease. An absolute audit atmosphere is essential to enable the IAF to carry out its duties effectively.
Information set completeness is another concern that significantly affects the quality of audits and the effectiveness of an auditing team (Earley 2015:197). According to Earley (2015:197), information set completeness refers to the extent to which all information in a dataset is complete and may be accessed. Loss of paper records and other records, and invisibility of data are a critical challenge in the internal audit environment because it has a negative impact on the effectiveness of the IAF (Kotb & Roberts 2011:169). Granting auditors access to records can help to improve auditors' results and effectiveness (Ngoepe 2012:3). Ngoepe (2012:8) further argues that adequate documented guidelines, procedures, and work instructions should be established and implemented to increase the effectiveness of the IAF.
Managing software audit instruments forms the basis for confidentiality-driven and accountability-driven policy regulations, which increases effectiveness in the organisation (King, Smith & Williams 2012:1).
Top management assistance and commitment are also essential to ensure internal auditors' effectiveness. With management agreement, support, and inspiration, the IAF process is more likely to succeed, saving time and money (Baharud-din et al. 2014:128). According to Soh and Martinov-Bennie (2011:615), the IAF relationships are predominantly with the Audit Board and superior officials. These relationships support the IAF's effectiveness and ensure independence and objectivity. According to Baharud-din et al. (2014:128), the IAF comprises the following role players: the Chief Audit Executive, Executive Authority, Accounting Officer, Audit Board, and auditors. The Chief Audit Executive is accountable for formulating quarterly reports about the activities performed by the IAF concerning monitoring strategies for the Audit Board and for taking corrective action as needed to improve effectiveness (DoD 2021:14). The Chief Audit Executive should ensure that the IAF's activities are conducted effectively, and cost-effectively, in terms of the Internal audit framework (National Treasury 2009:27).

Research and Methodology
The approach of this study was qualitative research, as the objective was to identify factors hindering IAF effectiveness in the DoD. Answering the research questions also required understanding the interviewees' perceptions. Qualitative research is the most appropriate to explain and record a complete experience from someone's perception (MacDonald 2012:35). It was decided to use a case study research design, which entails obtaining in-depth knowledge about a single case involving what is observed and done within the system, as well as a thorough analysis of the data gathered during the research period, and identification of general ideas about the method through interviews, recordings, audio-visual records, and papers (Creswell & Poth 2016:73). The research sampling technique applied was purposive sampling, which means that the sample was selected based on the characteristics that we needed to obtain unique or distinct points of view. We selected interviewees from among the top management, which is responsible for decisionmaking, in particular, the accounting officer, from among middle management, which is responsible for managing the decisions taken, and from among lower-level employees accountable for the execution of decisions taken in the IAF with internal auditing qualifications (with a Bachelor's degree as a minimum), and internal auditing experience (at least three years). In total, 25 staff members were interviewed.
This study used semi-structured interviews to collect data by eliciting independent responses about the phenomenon and asking follow-up questions based on the responses. Using semi-structured interviews was an advantage to the researchers since semistructured interviews encourage two-way communication between the researcher and the interviewees. The principal researcher asked questions which prompted comprehensive discussions. Semi-structured interviews encouraged the interviewees to express their views openly, which helped to elicit unbiased results. The researchers ensured that the selected sample size was a sound representation of the chosen population. Interviews were audio-recorded and transcribed to capture the details, as recordings and transcripts can be revisited. This research study used a qualitative data analysis approach which involved thematic analysis in coordinating and analysing the semi-structured interview answers. The thematic analysis helped identify topics associated with factors hindering the effectiveness of the IAF in the DoD in the various answers. The themes that emerged from semi-structured interview answers are discussed in the findings.

Findings and Discussions
This section will present the findings and discussion.

Findings
This section reports on and interprets the perceived factors affecting the performance of the IAF in the DoD. The findings emerged from a robust thematic analysis of the responses to the interview questions about factors affecting the performance of the IAF at the DoD. The most notable emerging themes were limited resources, outdated data collection techniques, the lack of automated data analytics software, audit records inaccessibility, and senior management support. These themes are discussed in detail below.

Lack of resources
For IAF to thrive, resources are critical, but according to the interviewees, access to resources was a challenge. Almost all the interviewees pointed out a need for more resources for the IAF at the DoD. For example, one stated that resources are limited and indeed insufficient, explaining that 'insufficient /limited resources within the DoD IAF is due to limited funds and delays in procurement processes for IT internal audit software, training, and providing continuous professional development'.
Similarly, another interviewee stated that 'the DoD internal audit function, like in all other organisations, cannot operate and render services to its clients without the required resources as they are the driving force for the function to perform its duties.' The same interviewee reiterated that 'resources enable auditors to do the work efficiently and effectively because audit work is time-bound. When you have enough resources, you can finalise your work as per the target dates.'

Outdated data collection techniques
Improper and inadequate data collection techniques were also mentioned as a hindrance to successfully implementing the IAF in the DoD. According to the interviewees, the DoD has enormous amounts of data that must be accessible at all times, but access is limited. One problem is that the DoD's IAF needs to use more appropriate, thorough and modern data collection techniques. According to one interviewee, 'data is collected manually from management or those responsible for the audited process through preliminary surveys, interviews/meetings, observing procedures and inspection of documents and records relevant to the audit project being undertaken.' According to this interviewee, 'the way the data is collected often at times it is not reliable, precise, as it is prone to mistakes due to human errors that could occur when collecting information'.

Another interviewee stated that 'because of the inability to verify the correctness of the information given, data can be manipulated'.
One indicated that 'because the data is manually collected, the inability of the auditee's unavailability delays the process, weakening effectiveness mainly because the reliability, precision, and efficacy of annual data collection are limited to the auditor's competency'.

Lack of automated data analytics software
Even though data analytics should aid in enhancing audit quality at every level of the auditing process, ultimately enhancing audit quality overall, this is not the case in the DoD. Upon inquiry, all the interviewees indicated that currently, there is no automated data analytics software in the DoD's IAF. The auditors still have to analyse data manually. Those attempting to use any form of software resort to Microsoft Excel, which is not a competent tool for analysing auditing data, especially in the new digitised era.
One interviewee commented that 'the manual and Microsoft Excel data analysis techniques were found to be unreliable, imprecise, and do not promote effectiveness since there are limited to the user's knowledge and experience.' Another interviewee echoed these sentiments, stating that Microsoft Excel is unreliable because of its low level of data integrity; data can be easily modified or accidentally modified without a trace. Microsoft Excel is also limited in terms of its functionality, considering the complexity and amount of data within the DoD.
The above quotations from the interviews show that the DoD needs to automate its process. Big data analytics, robotics, and artificial intelligence are the enabling tools that promote the effectiveness and reliability of internal audit activities (Tajudeen et al. 2021:24).

Inaccessibility to the audit records
According to Sections 51(1)(a)(ii) and 76(4)(b) and (e) of the PFMA, the internal audit unit must be independent and must be able to access all information in possession of or available to the public entity. However, several respondents indicated that access to records in the DoD is limited, the filing system is poor, and a clear information management policy for all internal audit staff needs to be. One respondent commented as follows: 'Personnel save their work on their computers, slowing down effectiveness, especially if one needs to conduct a follow-up audit in which you will need previous audit information. ' Another respondent stated that 'there is access to audit records; however, access to records is limited to an individual's work. Also, there is no central place where information is stored.' A similar response came from a third respondent, who pointed out that 'there is also a challenge of not having an open and easily accessible system of keeping internal audit records, i.e. records of audit work done.'

Lack of senior management support
Although senior management support is critical to the IAF's effectiveness in offering sufficient resources and services, offering training, establishing the latest technology, and encouraging and motivating the IAF personnel to perform to their full potential during data collection (Baharud-din et al., 2014), most participants indicated that the most significant challenge faced was the need for senior management support. One participant stated, ' it seems as if top management does not have any idea how to effectively manage the DoD internal audit, let alone promote effectiveness.' This interviewee indicated that the size of the IAF in terms of personnel does not match the size of the DoD in auditable areas. Worse still, according to this interviewee, the recruitment processes of the DoD do not seem to support as the pace at which posts are filled in the audit unit does not demonstrate the support (posts at the IAF are filled through a process prescribed by the DoD), and the appointment of a competent and qualified Chief Audit Executive [is] not prioritised by the Department.

Discussion
The data from the interview suggest that the IAF in the DoD is constrained by several factors that influence internal audit effectiveness already identified in the internal audit literature (Baharud-din et al. 2014, Abdelrahim & Al-Malkawi 2022. The findings confirm the Auditor General South Africa's (AGSA's) 2018-2019, 2019-2020 and 2020-21 PFMA audit outcomes general reports, which gave the DoD a qualified audit with findings, a worrying situation, as it implies that the auditee did not manage to account for its finances to achieve the best results (AGSA, 2020/2021; AGSA, 2019/2020; AGSA,2018/2019). These findings are mainly attributed to the problems discussed below.
The first problem is that a lack of resources, where funds are minimal, has a spiral effect, delaying procurement processes for IT internal audit software and affecting the overall efficiency of the process. This finding is also common in the literature, where authors such as Salehi (2016:226) explain that the IAF's ability to fulfil its tasks effectively depends on the quantity and quality of resources employed in the IAF.
The DoD is characterised by outdated data collection techniques, where data are still manually collected through preliminary surveys, interviews and/or meetings, observing processes and inspection of documents and records relevant to the audit project. This weakens the effectiveness of the IAF because the individual auditor's competency limits the reliability, precision, and efficacy of manual data collection.
The findings indicate a need for automated data analytics software in the DoD in light of the above. According to PWC (2022), automation can help internal audit increase productivity, expand risk coverage and help address the ongoing compliance burden by doing more with less. The absence of such software also goes against Standard 1210 (IIA 2017:6). In Standard 1130. A3, which deals with proficiency, calls for internal auditors to have sufficient knowledge of key information technology risks and controls and have available technology-based audit techniques to perform the work assigned to them (IIA 2017:6).
Furthermore, internal audit information and records should be well organised to ensure that staff can work effectively and efficiently, without having to waste time hunting for information. This will enable them to find what they need quickly and easily, and to determine who has the required data (HM Treasury 2011:13). Ngoepe and Ngulube (2014) emphasise that for as long as auditing is undertaken, relevant and reliable records are required as evidence. The findings revealed that the DoD's poor filing system limits access to records in the DoD. Moreover, there is no clear policy for managing information required by internal audit staff. This also goes against the international standards for the professional practice of internal auditing, especially Standard 1000 -Purpose, authority and responsibility. This Standard requires organisations to have an internal audit charter that establishes the IAF's position in the organisation, including the type of functional reporting relationship the chief audit executive has with the board. The charter should also authorise access to records, specify personnel, and the physical properties relevant to the performance of engagements, and define the scope of internal audit activities (IIA 2017: 3).
The findings suggest that, aside from an urgent need for senior management support, the DoD must provide the necessary support to the IAF, especially considering the ratio of auditors recruited compared to the workload. In this regard, participants argued that the number of personnel in the IAF does not match the size of the DoD regarding the auditable areas. This poses a severe challenge, as staffing is crucial for adequately performing internal audit tasks. The inadequacy of the IAF can lead to mismanagement, errors and abuses (Egbunike & Egbunike, 2017). Moreover, according to Al-Twaijry et al. (2004), the size of the internal audit staff unit and the competency of these staff members are critical to internal audit quality; these elements cannot be separated.
It should be kept in mind that the IAF is an essential part of any public expenditure management system and should ensure that public spending, including that of the DoD as a government department, remains within budgetary provisions. Payments must comply with specified procedures. Every department must provide for the timely reconciliation of accounts and effective systems for the management and accounting of physical and financial assets (IIA 2017:10). Given that these are the expectations, and based on the findings of the interviews, it is clear that the IAF in the DoD is constrained by various factors and is not performing its mandate as expected. In view of the findings, four recommendations are proffered.

301
To improve the effectiveness of the IAF in the DoD, top management should invest in employing competent and qualified personnel in both junior and senior positions. Such personnel should have the relevant auditing knowledge, experience, and qualifications in compliance with the Institute of Internal Auditors South Africa to ensure that the IAF is performed effectively.
To address the digital challenge, the DoD should invest in automating its data collection and data analysing software. It should consider the following software, amongst others (SafetyCulture 2022): i.
iAuditor: This software is used for auditing and various other uses, including a safety, compliance, and audit platform. It has features that can help prepare the internal organisation for standardisation certification and help assess, mitigate and manage risks, among other things.
ii. SAP Internal Audit Software: This software has features that minimise internal auditing expenses and automates some of the required assurance tasks.
iii. TeamMate Internal Audit Software: This software can organise audit workflows, manage multiple audit teams and help identify anomalies.
The rationale for the above recommendation is that the right automated software is vital in improving staff competencies. It also saves time, improves effectiveness, and helps to ensure precise and reliable analytical audit results.
The most crucial point is that all audit records must be well managed and stored securely to address the information access problem. Additionally, through the chief audit executive, management should prioritise the internal auditors' clearance certificates to gain full access to the information they need and be allowed to conduct audits in all areas of the DoD. This is essential because '[i]nformation is a most important internal audit resource, and any internal audit service is unlikely to function effectively without good records' (HM Treasury 2011:3).
There is an urgent need to address the lack of resources, as funds are minimal, which delays the procurement processes for IT internal audit software, negatively impacting the overall efficiency of the IAF. This implies that the IAF in the DoD must be given a bigger budget to carry out its mandate.

Conclusion
This study sought to identify factors that influence the performance of the IAF within the Department of Defense. The findings disclose that a lack of resources, outdated data collection methods, a lack of automated data analytics software, limited accessibility to records due to a poor DoD filing system, and a lack of support from senior management are the primary factors impeding the performance of the IAF within the DoD. Some of these factors confirm Abdelrahim and Al-Malkawi's (2022) conceptual model, which provides an all-encompassing view of the factors that may influence the efficacy of internal audits. On the basis of our findings, we recommend that the DoD invest in employing competent and qualified personnel, automate its data collection and data analysis software (using iAuditor, SAP, or Teammate), manage its audit records effectively, and store them securely. The DoD should grant the IAF complete access to information to facilitate audits of all DoD operations. Lastly, this department's IAF budget must be increased.