Conceptual framework of internal Sharīʿah audit effectiveness factors in Islamic banks

Purpose – The main purpose of this research is to figure out the most effective determinants that play a vital role in enhancing the effectiveness of the internal Sharīʿah audit in the Islamic banking industry. Design/methodology/approach – This paper reviews the existing literature to build comprehensive knowledge that would assist in determining the main factors that impact on the effectiveness of Sharīʿah audit in Islamic banks. Findings – This research proposes a conceptual framework of factors that impact on Sharīʿah audit effectiveness in IBs based on previously published studies. The proposed framework includes external and internal factors as well as internal Sharīʿah audit structure, process and requirements. Practical implications – First, the regulators need to provide a detailed framework for Sharīʿah audit which covers the main requirements for effective Sharīʿah governance. Second, Islamic financial institutions (IFIs) need to pay more attention to following the Sharīʿah audit process in order to achieve the objective of effective Sharīʿah governance. Finally, the dearth of empirical research on the role and effectiveness of Sharīʿah audit in Islamic banking highlights the need to develop an appropriate methodology to enhance the study of the effectiveness of Sharīʿah governance practices. Originality/value – The Sharīʿah ensures compliance with its rules and regulations and enhances the soundness and credibility of the Islamic finance industry. This study identifies a number of issues that require further investigation in order to establish a better system of Sharīʿah audit and to identify the factors that affect Sharīʿah auditing practices. This paper is unique in covering the main elements that have influence on the effectiveness of Sharīʿah audit and proposes them in one framework.


Introduction
The Global Report on Islamic Finance 2018 stated that the Islamic banking sector is considered the main element of the Islamic finance industry. This industry has sharply grown in recent years, recording values of assets close to US$1.72tn managed by more than 505 Islamic financial institutions (IFIs), spread across more than 50 economies around the world in both Muslim and non-Muslim countries (World Bank Group and IRTI, 2018). All financial institutions that carry the label "Islamic bank" must apply the rulings of the Sharīʿah (Islamic law) in all of their financial transactions and investments because carrying that name makes them part of the Islamic economy. Based on the findings of some studies (Chapra and Habib, 2002;Yaacob and Donglah, 2012) internal Sharīʿah audit should be implemented in Islamic banks (IBs) to achieve the following objectives: to fulfill maq a Á sid al-Sharīʿah (objectives of Islamic law); to avoid possible Sharīʿah non-compliance risks; and to gain the trust of stakeholders by establishing strong Sharīʿah governance, which requires internal control tools such as internal Sharīʿah audit.
The economic system in Islam is an integral part of Islamic jurisprudence that covers the religious, social, political and ethical aspects of life. As a result, the Sharīʿah audit has an important role in helping to achieve the above objectives and fulfill maq a Á sid al-Sharīʿah (Yasoa et al., 2018). Consequently, it is considered essential that IBs enhance their Sharīʿah audit framework and ensure that all their transactions and products are Sharīʿah-compliant (Masruki et al., 2020). Considering the growth and success of Islamic banking and finance, IBs have a responsibility to make sure that all their activities and transactions are following Sharīʿah rules and this has led to a call for detailed development of Sharīʿah audit (Aziz et al., 2019). It is in this context that this research is studying the internal Sharīʿah audit effectiveness factors in IBs.
Accordingly, this paper is organized as follows. The next section reviews the existing literature on the area of internal and external audit from Sharīʿah and conventional perspectives. This is followed by a brief description of Sharīʿah audit specifications. The conceptual framework on factors that impact on Sharīʿah audit effectiveness is then discussed in detail. It is followed by the final section which concludes with a summary and practical implications of this framework on the Islamic banking system.

Literature review
While there is extensive literature that examines internal and external audits in the banking industry, the study of internal Sharīʿah audit in Islamic banking is still in its infancy (Khalid et al., 2018). One of the fundamental responsibilities of IBs is to ensure that they are Sharīʿah-compliant and this can be done by strengthening the effectiveness of Sharīʿah governance, which comprises internal Sharīʿah audit and the internal Sharīʿah review function (Abu Ghudda, 2001;Ajili and Bouri, 2018).
According to previous studies (Kinney, 1993;Porter, 1993;Mattila, 2003;CPA, Australia, 2006;Steinbart et al., 2018), there are some issues that exist in internal audit due to the prevalence of some gaps, including the so-called "expectation gaps." One of these expectation gaps is the "performance gap," which can be categorized into two types. The first is the deficient standards gap, which is located between the existing guidelines and standards on auditing and what society expects of them (Porter, 1993). The second type is the expectation-performance gap, which is the gap between the expected standards of performance of the auditor and what is being practiced in reality (Kinney, 1993;Porter, 1993).
According to Kinney (1993), there are two main causes of the expectationperformance gap. The first one compares the professional standards with what the enduser requires. The second relates to difficulties in getting competent professional standards that can include all audit practices and responsibilities. These same issues can be faced by IBs. For example, any weakness in the Sharīʿah guidelines and supervisory framework of IBs may increase disruptions in their Sharīʿah governance, particularly the scope of the internal Sharīʿah auditor, which may cause an IB to be viewed as a conventional one (Basiruddin and Ahmed, 2019). Hence, this paper tries to explore the factors, which impact on internal Sharīʿah audit effectiveness and how it takes place in IBs. Aziz et al. (2019) argued that Sharīʿah auditing does not reject all the techniques and mechanisms of conventional auditing as they can be used to test the values that are in line with the Sharīʿah. Furthermore, Yahya (2018) stated that auditing techniques gained from conventional auditing in the financial sector are relevant to the socio-economic infrastructure and culture of Islamic society. The objective of internal Sharīʿah auditing is similar to that of auditing in conventional financial institutions. However, differences emerge based on Auditing Standard No.1 for Islamic Financial Institutions (ASIFI), which mentions that Sharīʿah auditing provides assurance that the transactions of IBs are in accordance with Sharīʿah principles and rules; the Accounting and Auditing Organization for Islamic Financial Institutions (AAOIFI) standards; and the national accounting standards.
Internal Sharīʿah auditing gives a certain level of assurance to stakeholders. However, it has a lot of weaknesses and issues, such as lack of professional competence in both financial and Sharīʿah skills and independence from the influence of other parties Khalid et al., 2019). In conventional accounting and auditing, materialistic values are the main features, which render the objectives discrete from maq a Á sid al-Sharīʿah (Kasim et al., 2009). This is because the main objective of Sharīʿah is to protect and benefit people in their affairs in both this life and the hereafter. The objective of maximizing profits is permissible but subordinate to this main objective (Laldin, 2011).
Therefore, conventional audit that mostly emphasizes the financial statement to assess whether it presents a fair and true view of the company is insufficient to meet the objectives of the Sharīʿah and is, therefore, not suitable as a framework for IBs (Kamaruddin and Hanefah, 2018;Reid et al., 2019). On the other hand, the satisfaction of stakeholders is the main target of any business, as business growth and stability depend on stakeholders' trust. In the context of Islamic institutions, gaining the trust of stakeholders' means running a business with a high degree of professionalism in management based on religious beliefs (Alaeddin et al., 2017). Consequently, if the Sharīʿah aspect is weak or absent in the products and services being offered by IBs, this is considered to seriously undermine trust in these institutions, which might result in a Sharīʿah non-compliance risk (Bhambra, 2012). Table I highlights the differences between conventional and Sharīʿah internal auditing as discussed above to draw attention to the main reasons why conventional internal auditing is not sufficient for IBs.
Furthermore, Karagiorgos et al. (2010) discussed corporate governance (CG) issues and concluded that the effectiveness of internal audit can be determined by exploring the mutual relation between internal audit and the main factors of CG. The study also highlights the audit committee as a main factor contributing to establishing CG mechanisms. Internal auditors contribute to the audit committee by performing periodical audits and provide the main findings to the board of directors (BOD) (Gramling and Myers, 2003).
Consequently, to examine the internal Sharīʿah audit's effectiveness, this research highlights the Sharīʿah governance factors, such as existing regulations and the organs of Sharīʿah governance that interact with internal Sharīʿah audit, by looking into best practices (Alam et al., 2020). CG best practices include compliance with corporate laws and with recommendations developed by financial institutions, international organizations and consulting companies (Bocharova, 2014). Therefore, this research attempts to describe the common variables that influence the effectiveness of internal Sharīʿah audit in the Islamic banking industry by focusing on the existing regulations and the organs of Sharīʿah governance as well as their practices and attributes. Examining the internal Sharīʿah audit's effectiveness in IBs is essential as the function of Sharīʿah audit helps to fulfill the objectives of maq a Á sid al-Sharīʿah (Kasim et al., 2009;Yaacob and Donglah, 2012). It also assists in gaining and maintaining the trust of stakeholders vis-à-vis Allah's pleasure.
Because of limited research available on internal Sharīʿah auditing in IBs, the significance of this research lies in its aim to fill in this gap by identifying the factors that have an effect on Sharīʿah auditing performance and then determining ways to increase Sharīʿah auditing effectiveness. This research seeks to achieve this aim by providing a comprehensive framework of the factors that impact on internal Sharīʿah audit effectiveness. Furthermore, this research investigates the attributes of Sharīʿah auditors in IBs and highlights the external and internal Sharīʿah audit structure, including its requirements, plans and processes, to obtain an indicator of how seriously the management Definition "Internal auditing is an independent, objective assurance and consulting activity" (Nagy and Cenker, 2002) "Sharīʿah audit is the examination of an Islamic bank's compliance with Sharīʿah in all of its activities" (Sultan, 2007;Hanif, 2011) Objective "To add value and improve an organization's operations" (Nagy and Cenker, 2002) The objective of the Sharīʿah audit is to ensure that IBs' operations and transactions are in line with Sharīʿah rules (AAOIFI, 1999b) Scope Conventional internal auditors focus on an organization's governance and management controls and assess the financial statement (Messier et al., 2008;Raiborn et al., 2017;Roussy, 2018) Internal Sharīʿah auditors check the compliance of all activities with Sharīʿah rules and regulations, which include all the transactions, products, policies and procedures, agreements and contracts, financial statements and reports (Sultan, 2007;Hanif, 2011) Auditor skills and qualifications required Moral, academic and professional knowledge (Uddin et al., 2013) Academic, professional and Islamic knowledge (Kasim et al., 2009;Rahman, 2011) Disclosures and reports Limited information disclosures that concern the public only and the report usually presents economic matters (Uddin et al., 2013) Full disclosures of information that concern all stakeholders considering the economic and social matters based on Islamic ethical values (Bhatti and Bhatti, 2010) Orientation Always oriented toward the organization and individuals (Uddin et al., 2013) Oriented to the public and society (Khan, 1985) of IFIs consider the matter of internal Sharīʿah audit. Finally, it is hoped that this research may act as a reference to other researchers seeking to assess and evaluate the effectiveness of internal Sharīʿah audit in IBs and to compare progress over time, and thus, encourage further research in this area.

Sharīʿah auditing specifications
Given the rapid growth of IBs around the globe, it has now become essential to have Sharīʿah audits (Yaacob and Donglah, 2012;. The definition of the Sharīʿah audit is not widely agreed upon due to the lack of literature on the subject. According to Sultan (2007), the terms "auditing" and "reviewing" are used interchangeably, especially in the AAOIFI standards. Therefore, this research highlights the most commonly used Sharīʿah auditing definitions. A Sharīʿah audit is an extensive examination that should be conducted by the Sharīʿah committee or by selected auditors with an extensive and competent knowledge of Sharīʿah. Moreover, they should not have a managerial position in the bank being audited to guarantee an objective opinion on whether or not the transactions and products are Sharīʿah-compliant . Bank Negara Malaysia (BNM) in its Sharīʿah governance framework (SGF) refers to the Sharīʿah audit as: [. . .] a function that provides an independent assessment on the quality and effectiveness of the IFI's internal control, risk management systems, governance processes as well as the overall compliance of the IFI's operations, business, affairs and activities with Sharīʿah (BNM, 2019, p. 18).
According to Rahman (2008), this assessment of the Sharīʿah audit includes examining contracts, policies, transactions, financial statements, memoranda, agreements, reports or any other legal documents that are considered the backbone of any business.

Sharīʿah audit scope
Auditing techniques that originated from traditional auditing in the financial sector are relevant to the socio-economic infrastructure and culture of Islamic society (Kamaruddin and Hanefah, 2018). It is understandable that the purposes of internal Sharīʿah auditing are similar to those in traditional financial institutions. However, differences emerge when one considers ASIFI No. 1, which mentions that Sharīʿah auditing provides an assurance that an IBs' transactions are in accordance with Sharīʿah principles and rules, as well as AAOIFI standards and national accounting standards.
Moreover, there are additional objectives in IFIs, which necessitate setting a wider scope. Conventional auditing focuses on checking the accuracy of transactions and records and on reviewing the financial statement (Khalifa et al., 2007). Thus, the focus of auditing in traditional banks is only from the materialistic perspective and as such is limited to policies and procedures in addition to the financial statement, whereas in IFIs Sharīʿah audit has a wider scope (Khan, 1985;Sultan, 2007;Hanif, 2011;Kamaruddin and Hanefah, 2018). The Sharīʿah control system considers internal Sharīʿah audit as a means of evaluating the effectiveness and adequacy of Sharīʿah-compliance to assess the degree of commitment to achieving the objectives of IBs (Shafii et al., 2010).
Internal Sharīʿah audit not only has a wider scope but also it focuses on the details of the overall operations to give a fundamental opinion about the current situation regarding the IB's compliance with the Sharīʿah guidance and fatwas issued by its Sharīʿah committee . Any area exposed to Sharīʿah risk should be audited, including information technology, people, products, the computation of zakat (alms), operational activities, financial statements, policies and procedures (Sultan, 2007).
The AAOIFI standards state that effective auditing should meet transparency criteria, which can be realized only by providing sufficient evidence that leads the auditor to conclude that the IB is in compliance with the principles of Sharīʿah and the fatwas issued by its Sharīʿah supervisory board (SSB). Another important dimension that the auditor should adhere to, as explained by the AAOIFI governance standards for IBs, is to provide their observations on the annual financial statement (AAOIFI, 1999a). The previous literature in general has discussed the preference of employing external auditors in addition to internal auditors, which might help internal auditors issue an unbiased audit opinion on the final statement (Grais and Pellegrini, 2006;Khalid et al., 2018).

Sharīʿah audit and related terms
It has been observed by a number of studies that the terms "Sharīʿah review," "Sharīʿah auditing" and "Sharīʿah supervision" are used interchangeably without much to distinguish between their technical differences (Sultan, 2007;Alomrani, 2015). Obscuring the differences between the terms by using them interchangeably may lead to confusion in the concepts and, consequently, a misunderstanding of the specifications of the Sharīʿah auditor's role. Distinguishing the given terms will give a more comprehensive and exact definition of Sharīʿah auditing and enable a correct assessment of its effectiveness.
The audit function as defined by Ebaid (2011) comprises services that provide a higher level of assurance, whereas a service review in an enterprise is defined as "a service through which the auditors can deliver a reasonable level of assurance on the financial statement" (CPA, Australia, 2006). However, as compliance with Sharīʿah principles is an additional aspect that IBs need to consider, AAOIFI defines Sharīʿah review as an activity that examines whether IBs abide by the Sharīʿah in all their activities. Hence, there is a need to clarify the difference between reviewing and auditing. Rahman (2011) believes that a Sharīʿah review conducted by the management of IBs assists the Sharīʿah committee and provides assurance that IBs are meeting the basic requirements of Sharīʿah. That is in line with the SGF of BNM (2019), which states that "Sharīʿah review refers to a function that conducts regular assessment on the compliance of the operations, business, affairs and activities of the IFI with Sharīʿah requirements" (BNM, 2019, p. 17). On the other hand, Sharīʿah auditing is conducted by the Sharīʿah auditing team, who are fully independent and work under the direct supervision of the audit committee and BOD. Moreover, Rahman (2008) states that the Sharīʿah auditing function is ex-post, whereas the Sharīʿah review is an ex ante and ex post assurance process.
Alomrani (2015) is of the opinion that AAOIFI's Governance Standard No. 2 (GSIFI 2) incorrectly defined Sharīʿah supervision as: "a function to check the commitment of IBs to Sharīʿah principles in all transactions." Furthermore, the responsibility of the SSB is not mentioned in detail in AAOIFI's Governance Standard No. 1 (GSIFI 1) (Hameed and Mulyany, 2007).
Also, AAOIFI's definitions of Sharīʿah audit and Sharīʿah review function are not specified separately. AAOIFI unified the scope of Sharīʿah audit and Sharīʿah review and made each accountable to different levels in the organization despite both functions being conducted by the same department. It is not appropriate to use the term Sharīʿah supervision to indicate the system and departments, which are part of the supervisory process. It would be more appropriate if the supervising department was called the Sharīʿah auditing department or the Sharīʿah review department. According to Hameed and Mulyany (2007), due to the incompleteness of the AAOIFI standards and the confusion surrounding terms such as Sharīʿah review and Sharīʿah audit, international accounting and auditing standards should be used.
Conceptual framework on factors that impact on Sharīʿah audit effectiveness Effectiveness is defined as "the degree to which the established objectives are fulfilled and achieved" (Dittenhofer, 2001). According to Gansberghe and Nordin (2005), the factors that evaluate the internal audit's effectiveness are: governance framework, high competence, legislation, internal audit resources and conceptual framework.

Internal Sharīʿah audit effectiveness
The International Professional Practices Framework of the Institute of Internal Auditors (IIA) extended the areas where internal audit effectiveness can be measured to include the performance of auditors, auditing process enhancement, the effectiveness of meeting stakeholders' needs, the effectiveness of meeting objectives, risk management improvement and governance processes (IIA, 2017). Furthermore, Khalid et al. (2017) concluded that there is a high correlation between the effectiveness of each auditee and the internal audit effectiveness in general. There is also a lack of studies about the internal Sharīʿah audit as compared to conventional audits in the banking system. Therefore, this research reviews and analyzes the literature on internal audit to deduce the main factors that affect the internal Sharīʿah audit effectiveness.
Moreover, internal audit effectiveness can be evaluated by means of the quality and sustainability of the audit plan, as well as its execution and follow-up (Dhamankar and Khandewale, 2003;Alahmadi et al., 2017). Table II below highlights some studies, which have identified the main factors that significantly affect the effectiveness of internal auditing.
In the conventional space, a number of studies have been conducted on the issue of internal audit effectiveness in many countries that have different environments and cultures. Likewise, it is important that similar studies be carried out on internal Sharīʿah audit effectiveness. As seen in the above review of related literature, internal Sharīʿah audit objectives do not exhibit much disparity from the traditional internal audit. This is because it is only the addition of the Sharīʿah factor that makes the scope and framework wider. With the inclusion of Sharīʿah, some additional players consequently need to be considered such as the SSB, internal Sharīʿah auditor and specific Sharīʿah regulations.
Internal Sharīʿah audit effectiveness can be achieved by laying out a comprehensive plan and working on it diligently (Khalid et al., 2018). This can be done by documenting all the findings, making recommendations and following up on previous internal Sharīʿah audit results. Ahmad et al. (2009) define internal Sharīʿah audit effectiveness as the degree to which the internal Sharīʿah auditor is able to fulfill the established objectives.
Effectiveness of internal Sharīʿah audit is also defined by BNM (2010) as having a systemized effective internal control to guarantee Sharīʿah-compliance. On the other hand, AAOIFI (1999c) defines it as: [. . .] the performance of internal Sharīʿah audit work such as the ability to plan, implementation, document information and Sharīʿah audit findings, ability to make a recommendation, numbers of repeated reports, follow up and evaluation of the extent of Sharīʿah compliance with Islamic Sharīʿah rules and principles, Fatwas, guidelines and instructions by the IFI's SSB.
Other studies define the effectiveness of internal Sharīʿah audit as the internal Sharīʿah auditors' capability of achieving IFIs' objectives, which can be obtained by improving their performance (Khalid et al., 2017). This effectiveness is affected by a wide range of factors such as the auditors' independence and competence and the professionalism of the work performance in planning, performing and reporting the results of the internal Sharīʿah audit. The following are some of the external and internal factors that play a vital role in the implementation of an effective internal Sharīʿah audit.
External factors for effective internal Sharīʿah auditing Sharīʿah auditing institutions. The existence of international and national regulations for IBs is an indication of the development taking place in this sector. Some efforts have been  Belay (2007) made, despite the short history of Islamic banking, to set up a regulatory framework and supervisory systems. This includes those made by AAOIFI and the Islamic Financial Services Board (IFSB). AAOIFI was established in Bahrain in 1991 and is considered a nonprofit corporate body. The AAOIFI standards are applied either as guidance or as compulsory requirements in some countries such as Sudan, Jordan, Saudi Arabia, Bahrain, Yemen and Syria. The IFSB is another example of an international regulatory institution for Islamic banking. It was established in 2002 and is located in Malaysia. The IFSB complements AAOIFI and the Basel Committee by means of focusing and extending their scope to cover the insurance and capital markets. In addition, there are self-regulatory associations in different countries that seek to enhance the Islamic financial sector. These include the Islamic Development Bank and the Islamic Research and Training Institute, which were set up in Saudi Arabia in 1975 and 1981, respectively. Another association that regulates and develops the international financial market along the lines of Sharīʿah is the International Islamic Financial Market, which is based in Bahrain and was founded with the cooperation of the central banks and monetary agencies of Sudan, Malaysia, Indonesia, Brunei and Bahrain. Furthermore, the International Islamic Liquidity Management Corporation in Malaysia aims to manage the fund surpluses of IBs and invest them in line with the Sharīʿah. Furthermore, there are many other supporting organizations working toward promoting the success of the Islamic financial system.
Islamic banking laws and guidelines. Islamic law is the main reference for the Islamic banking sector. However, because Islamic banking principles are derived from the Sharīʿah, the rules are significantly different from those that govern traditional banks (Alkhwaildi, 2010;Ashraf and Lahsasna, 2017). Abubakr (2013) states that despite the importance of Sharīʿah supervision, it will not be effective enough unless there is a law that obligates all IBs to have an SSB and extend all the regulations needed to have an effective Sharīʿah audit. Additionally, Abubakr (2013) recommends that the management of Sharīʿah supervision should be given high attention to ensure that Islamic finance is on the right track. On the other hand, not having a law to deter any violation in IBs will lead to increased Sharīʿah risks and, consequently, lead to a loss of the spirit of maq a Á sid al-Sharīʿah. Regarding the role of the external Sharīʿah auditor, Alkhwaildi (2010) believes that it is a fundamental aspiration to have laws and legislation in Islamic countries that oblige companies to appoint legitimate auditing bodies to control companies' operations.
According to Alomrani (2015), to organize the work involved in Sharīʿah supervision and Sharīʿah auditing, the law and its articles must provide the basic points that cover all the aspects related to it and clarify the course of its work. Clarity is, for example, required regarding such work, which may include, but is not limited to, inspection, auditing, reviewing and reporting (whether written, oral, long or short, periodic, daily, weekly, monthly, etc.) through which workflow is monitored and approved by the established standards as a measure of performance. Also, the law must define the action against any Sharīʿah non-compliant transaction or product and the pre-control given by the SSB in advance, such as written or oral regulations and instructions, to ensure good performance and compliance with the resolutions. Moreover, control during the work, which means following up on the operational process, is highly important as through its imbalance is stopped, a deviation is prevented and employees are more convinced that the work should be done in accordance with Sharīʿah rules.
External Sharīʿah auditor. The external auditor plays an important role in giving a formal and legal opinion about the adherence of IBs to Sharīʿah principles (Banaga et al., 1994;Masruki et al., 2020). The AAOIFI standards require that IFIs employ an external auditor for Sharīʿah-compliance assurance (Chapra and Habib, 2002). The work of an internal auditor differs from that of an external auditor. The internal Sharīʿah auditor assesses Sharīʿah-compliance by assessing the governance, control and monitoring of IBs, whereas the external auditor's duty gives an independent opinion about the bank's transactions (Chapra, 2014;Alama et al., 2020).
There is an obvious relationship between the internal and external auditors based on the international standards of an audit. This relationship is controlled by a set of guidelines, which includes the following: The external auditor and internal auditor should frequently meet to discuss the matters, which are in common and those that influence the external auditor's job. The external auditor should assess the internal auditor's work in relation to the scope that the internal auditor is supposed to work on. The external auditor should be familiar with the internal auditing activities so that the external auditor can examine the financial statement and ensure that it is free from material misstatements. The external auditor should ensure that the internal auditing function is planned and performed efficiently so that during meetings the plans and procedures of internal auditing can be improved.
Hence, cooperation between the external auditor and the internal auditor is important because the external auditor should inform the internal auditor of the areas that should be focused on and in return, the internal auditor should provide the external auditor with the documents needed to improve the effectiveness of the audit activities (Haron et al., 2004;M-AUD, 2016). Sharīʿah audit practices are varied among IFIs. While some perform their internal Sharīʿah audit activities by the internal department, others outsource those activities to external service providers. Furthermore, some IFIs merely conduct Sharīʿah reviews. This is a common practice among the leading IFIs.
External auditors. External auditing is a set of checking activities performed on the organization's financial statements to ensure the absence of any mistake or deceit, which may cause material misstatements. It also confirms that these statements have been prepared in accordance with applicable locally and internationally accepted financial reporting standards (Haron et al., 2004).
Banks' external auditors must be knowledgeable about the financial industry due to the complexity and systemic nature of banking activities. They also have to be highly competent in providing appropriate responses to the risk of material misstatement and work properly to fulfill all the requirements of the statutory audit. All of this should be performed with a high level of objectivity and independence while taking into consideration all ethical requirements of audit activities (Mat Zain et al., 2015).
In addition to providing the auditing report, external auditors' activities include communication with the BOD or the internal audit committee based on external auditing results. This communication is categorized in three different levels, namely, communication related to internal control matters, communication with the audit committee and communication to confirm the independence of the audit activities (Humphery-Jenner, 2012).
Internal factors for effective internal Sharīʿah auditing Sharīʿah supervisory board. The SSB is a key pillar in IBs and plays a crucial role in ensuring stakeholders that all transactions and operations are in accordance with Sharīʿah principles by means of providing guidance, direction and business supervision (Grais and Pellegrini, 2006). Based on the AAOIFI standards, the SSB is part of internal governance and consists of not less than three scholars with knowledge in fiqh muʿ amal at (Islamic commercial jurisprudence). It may also include other members specialized in fields related to Islamic finance. The SSB should be an independent body appointed by the shareholders (AAOIFI, 1999a). The SSB acts as the agent of the bank's general assembly; therefore, it should not be under the authority of the BOD. This stricture preserves SSB independence and enhances its integrity (Alkhwaildi, 2010;Aziz et al., 2019). While an audit is being conducted, the internal Sharīʿah auditor should constantly refer to SSB resolutions and fatwas and report the results of their work periodically to the SSB. Furthermore, the Sharīʿah auditor serves as the SSB's "eyes and ears" in the IFIs (Aljasser, 2009).
Moreover, Rahman (2008) stated that the SSB should be entitled to design educational programs and train employees on Sharīʿah rules. The SSB is also responsible for providing a written report to shareholders to confirm that IBs are committed in their applications of Sharīʿah standards and Sharīʿah regulations (Lahsasna et al., 2013;Basiruddin and Ahmed, 2019). However, Alaeddin et al. (2017) found that there is a lack of transparency in IBs' yearly reports in terms of providing detailed information; for example, on the number of SSB meetings held, the products approved and resolutions passed. In addition, SSB members tend to have a lack of skills and knowledge in finance and accounting, which hampers IBs' performance. Also, according to Chapra and Habib (2002), having an SSB member sit on two or more SSBs of competitors results in a conflict of interest.
According to AAOIFI Governance Standard No. 7 in relation to SSB responsibilities, SSBs must implement adequate policies and procedures and ensure that they are in accordance with AAOIFI's standards (AAOIFI, 1999a, para. 14). Generally, the SSB should make sure that their resolutions and fatwas are applied in the IFIs. This can be monitored through the reports produced by the internal Sharīʿah auditor.
Furthermore, the SSB should have proper authority and the financial institution should not place restrictions on the SSB. Where there are such restrictions, it should be mentioned in the SSB's report (AAOIFI, 1999a). In addition, the SSB should not include members of the BOD or shareholders who have effective influence or those who have held any administrative position in the institution (AAOIFI, 1999b, para. 5, 7 and 9).
Board of directors. In IBs, the ultimate responsibility of both corporate and Sharīʿah governance falls on the BOD (Chapra and Habib, 2002). Chapra and Habib (2002) added that the effectiveness of the BOD's performance is linked to strong control systems, which can exist by having effective internal and external auditing. Therefore, according to Haniffa (2010), an efficient BOD can help to minimize agency conflicts because part of its responsibilities in an IB is to set the objectives, framework, policies, standards of appropriate behavior for the staff and code of conduct for senior management in line with the Sharīʿah and as appropriate to the business's size and complexity. The lack of competence and moral integrity in CG is the main factor that affects the BOD's efficient performance (Grant and McGhee, 2017). According to Chapra and Habib (2002), having nonexecutive directors can assist in improving CG by providing a more comprehensive understanding of the industry and can benefit the bank by a deeper understanding of the bank's external affairs. According to the BNM (2019) guidelines that are applied in Malaysia, the BOD should include at least one member of the Sharīʿah committee to strengthen communications and linkage between the board and the Sharīʿah committee.
Management support. The organization's management can support the internal Sharīʿah audit department by allocating needed resources such as assigning professional staff, which plays a vital role in the department's success (Dellai and Omri, 2016). As mentioned by the IIA, management support is part of professional management practices to guarantee an accurate internal audit in the organization (Salehi, 2016).
Furthermore, BNM's SGF (2010) noted that management support can be expressed by providing adequate resources, allocating professional experts and providing the needed training that can promote an efficient and effective Sharīʿah audit. Providing professional training for the staff of the internal Sharīʿah audit department is considered a crucial decision as the internal Sharīʿah auditors are required to be well educated in all aspects of Sharīʿah knowledge (Salehi, 2016;Roussy, 2018).
To achieve internal Sharīʿah audit effectiveness, management's role does not stop at providing the required resources and human capital only. There is also need for management's commitment to implement the recommendations provided in the audit report to confirm the compatibility with Sharīʿah in all of the bank's activities (Khalid et al., 2017) Hence, it is anticipated that management support is an important factor in assuring the effectiveness of internal Sharīʿah audit in IBs.
Internal Sharīʿah audit structure Internal Sharīʿah audit references. To conduct efficient and effective auditing, the internal Sharīʿah auditor should have a set of Sharīʿah audit references. Al-Fazee (2009) stated that for the auditor or reviewer to implement Sharīʿah principles, comprehensive Sharīʿah references should be available to them, which they can refer to when undertaking their work. These references should include the following: Legislation that relates to IBs, such as Islamic banking law; Instructions and rules issued by the relevant central bank; The IB's regulations and policies, memorandum, annual strategic plan and structure; The SSB's minutes of meetings and resolutions, samples of contracts and agreements that were endorsed by the SSB and samples of contracts and agreements that were not endorsed by the SSB; Previous Sharīʿah audit results; The International Islamic Fiqh Academy resolutions and AAOIFI standards; and Sharīʿah audit manual (Al-Fazee, 2009;Alkhwaildi, 2010).
Internal Sharīʿah audit charter. According to BNM (2019) guidelines, the Sharīʿah auditor charter is important because it specifies the internal Sharīʿah auditor's tasks, responsibilities, purpose and authority in the form of formally written and detailed documents approved by the Sharīʿah committee. The Sharīʿah auditor charter should be endorsed by the BOD so that all levels of bank management will be aware of the Sharīʿah auditor's internal role. According to GSIFI 3, the internal Sharīʿah audit is an integral part of the organization's means of control and it operates in accordance with the policies established by the institution: The internal Sharīʿah auditor should have a Sharīʿah Auditor Charter that illustrates the purposes, powers and responsibilities of the internal Sharīʿah auditor. The Sharīʿah Auditor Charter should be prepared by the administration in accordance with the provisions of Sharīʿah and it should be endorsed by the SSB of the institution and issued by the BOD. Furthermore, the Sharīʿah Auditor Charter should show that the internal Sharīʿah auditor has no authority or executive authority over the business (AAOIFI, 1999b, para. 4).
Internal Sharīʿah audit plan. The Sharīʿah audit plan should be designed by the manager of the Sharīʿah supervision department in cooperation with the other departments that are more exposed to Sharīʿah risks, which include assets, treasury and credit card departments (Karim, 2001;Ashraf and Lahsasna, 2017). According to Al-Attaiwi (2015), the annual Sharīʿah audit plan should include a general introduction that shows the purpose and scope of the audit, as well as the audit objectives, which can be summarized as follows: all the contracts, transactions, products and service agreements are Sharīʿah-compliant and endorsed by the SSB. In addition, the annual Sharīʿah audit plan should include the scope of work that should be audited, the timeline of each audit task and the percentage of the samples (Aljasser, 2009;Hilmy and Hassan, 2019).
The plan's content should be reviewed frequently and may cover a period of one to five years. However, the frequency of the plan's review is dependent on the risk factors identified in the audit plan. The significance of these risk factors is based on the size of transactions, the complexity of the transactions and the quality of Sharīʿah supervision (Aljasser, 2009;Khalid et al., 2019).
The Sharīʿah audit plan can be subdivided into a strategic Sharīʿah audit plan, an annual plan and a tactical plan. The strategic Sharīʿah audit plan usually covers a period of two to five years and gives priority to high/main risks. The annual plan is related to the internal Sharīʿah audit and is valid for one year only. The tactical plan describes the procedures of the field visit for the internal Sharīʿah auditor. It is composed of three steps, namely, internal Sharīʿah audit preparation, its execution and post-execution tasks (Al-Fazee, 2009;Kamaruddin et al., 2020).
Internal Sharīʿah audit manual. The audit manual, considered one of the vital factors of the internal control system in IBs, provides details on the procedures to follow when auditing either the products or the transactions that are endorsed by the SSB. This written audit manual includes the definitions of products or transactions and the Sharīʿah control standards related to them, as well as the contracts needed to execute them so that the Sharīʿah auditor can refer to them and, consequently, produce the correct audit forms during the auditing process (Dahlawi, 2013;Alomrani, 2015). The audit manual is also defined as a set of methods to which the Sharīʿah audit department refers to get valid information that leads to the internal auditor being satisfied about the audited firm's commitment to Sharīʿah principles (Issa, 2002;Masruki et al., 2020).
The Sharīʿah supervisory department is responsible for preparing the internal Sharīʿah audit manual, following up on the Sharīʿah committee's resolutions, classifying them, preparing the required Sharīʿah research studies, developing the products and training new employees on the basics of jurisprudence (AAOIFI, 1999b).
Internal Sharīʿah auditor requirements Objectivity and independence. Internal Sharīʿah audits are carried out by the internal audit department, provided that the staff is qualified for the task and independent. To ensure the independence of the internal Sharīʿah audit department, it must have similar authority to that of a traditional internal audit department (AAOIFI, 1999b, para. 5). The independence and objectivity of Sharīʿah auditors are essential for public confidence and for the ma Á sla Á hah (benefit) of the Ummah (nation) to fulfill maq a Á sid al-Sharīʿah in the economy (Mansouri et al., 2009;Kasim et al., 2009).
Independence and objectivity have been considered in the IIA standards as forming part of the framework for internal auditors. The IIA distinguished and defined both terms. Objectivity is where the assessments and judgments of an auditor are not affected by any pressure and remain unbiased (IIA, 2017). On the other hand, independence is freedom from Internal Sharīʿah audit effectiveness conditions that threaten the internal audit activity's ability to carry out internal audit responsibilities in an unbiased manner. According to Mutchler (2003), threats to objectivity can occur in the following cases: the auditor assesses his/her own work; his/her employment or salary is managed by the organization whose work is being audited, which may reflect negatively on the truthfulness of an assessment; the auditor is influenced by other members of the auditing team; the auditee has personal relations with the auditor (friend, a previous colleague in the same career or relative); or the auditor has gender, cultural or racial biases or has a cognitive bias, which may result from preconceived expectations.
Also, the auditor's engagement in consulting activities or assurance activities may raise questions as to his/her objectivity. The concept of auditor independence is widely discussed in many detailed guidelines and ethical standards, which means auditors should be educated about the culture and cognitive concept (Brody and Lowe, 2000).
Competency. Previous studies (Mat Zain et al., 2015;Naheem, 2016) have discussed the attributes of an auditor and found that the internal auditor's capability of solving problems is a sign of audit efficiency. It has also been found that expertize can reduce the influence of irrelevant factors on the judgment of an auditor. However, Naheem (2016) provided a more comprehensive description of internal auditing competency as a mix of knowledge and skills, which are the results of education and experience.
All the requirements mentioned in this definition are needed in IBs in addition to Sharīʿah knowledge (Rahman, 2008;Rahman and Mastuki, 2019). However, the recent practices of Sharīʿah auditors have highlighted that there is a lack of knowledgeable and qualified Sharīʿah auditors due to lack of training in Sharīʿah and the skills required (Rahman, 2011;Puad et al., 2019). Moreover, Kasim et al. (2009) stated that internal Sharīʿah audit faces the challenge of understanding the essence of fatwas in a way that facilitates the needs of modern businesses and in a way that does not contradict Sharīʿah principles. Therefore, arranging Sharīʿah training programs for auditors of IFIs is important to strengthen Sharīʿah governance and achieve the objectives required for implementing Sharīʿah principles in IBs' transactions.
Internal Sharīʿah audit process. To develop an appropriate conceptual framework of the factors that affect the effectiveness of the internal Sharīʿah audit process, it is important to highlight the Sharīʿah audit process and its contents as presented in the AAOIFI standards together with the insights of previously-related studies. The Sharīʿah audit process is composed of five elements, namely, preparation, planning, execution and documentation, reporting and follow-up.
The first stage is called "preparation." According to GSIFI 2: Sharīʿah audit procedures must be planned to be performed efficiently and effectively. The audit plan should be developed in a suitable manner that includes a full understanding of the operations of the organization in terms of its products, the size of its operations, subsidiaries, affiliates and divisions. The planning stage includes obtaining a list of all fatwas, decisions, and guidelines issued by the SSB (AAOIFI, 1999b).
Also, according to Al-Fazee (2009), the Sharīʿah auditor should first define the scope by means of one of the following methods: the first method is the strategic method. In this method, the Sharīʿah auditor should have full independence in checking all the documents, contracts and agreements without any exceptions with the full support of the Sharīʿah committee and the BOD. The second method is the relative importance method. In this approach, the internal auditor should categorize the activities of IBs based on one of the following three standards: (1) the "financial concentration standard," where the Sharīʿah auditor should categorize the IB's activities based on financial size compared to others; (2) the "standardized and non-standardized activities standard," where the Sharīʿah auditor should classify the activities into non-standardized activities and standardized activities and audit 80% and 20% of those activities, respectively; or (3) the "related supervised activities standard," where the Sharīʿah auditor should divide the activities in the IB into activities run by the institution itself and activities run by others, whether they are domestic or international.
The selection of one of the standards mentioned above will make it easier for the Sharīʿah auditor to choose the correct policy for adopting the most appropriate sampling method (Rahman and Mastuki, 2019). The second stage of the internal audit process is titled the "general and specific objective and prepare the plan for auditing." One of the IIA requirements is that auditors should create a sufficient plan to acquire useful audit findings and to make suitable recommendations. After defining the scope in this stage, the Sharīʿah auditor can define and evaluate the general objective, which is usually concerned with identifying the extent to which the IB is committed to Sharīʿah principles based on the fatwas issued by the SSB, contracts, agreements and the IB's memoranda (Lahsasna et al., 2013;Aziz et al., 2019). According to Lahsasna et al. (2013), the business's nature and main transactions are the essential factors that should be considered before setting the Sharīʿah audit objectives, policy and plan. Furthermore, the audit assessment should be conducted based on the specific objective of the institution's activity. When this point is reached, it will be possible to create the auditing plan and policy and its approval can then be obtained from the concerned authorities including the Sharīʿah committee of the IB under audit (Sultan, 2007;Sulub et al., 2018).
The third stage is called "preparing the forms and executing the auditing function." In this stage, the internal Sharīʿah auditor should collect, analyze, interpret and document all the information needed to support the results. The information collected should be related to the objectives and scope of the internal Sharīʿah audit. The collection of information should include an analytical examination of the documents; inquiries and discussions with the management; and general observations. The information should be adequate, reliable, appropriate and useful to provide a sound basis for final results and recommendations on the internal Sharīʿah audit. The documents should also be properly updated, organized, reviewed and kept (GSIFI 3, Article 19). Furthermore, GSIFI 2, para. 9 states: Understanding the activities and products along with management realization toward its commitment about the Sharīʿah application is very important and will have a direct impact on the nature, extent and timing of internal sharia audit procedures (AAOIFI, 1999b).
A range of audit forms needs to be completed by the internal Sharīʿah auditor. These are classified as forms for each activity, forms for periodic field visits, forms for urgent field visits and main annual audit form (Al-Fazee, 2009). After the plan which has been developed in the second stage has been accepted, communications and interviews should be conducted with the relevant parties to identify the areas that need intensive Sharīʿah auditing (Shafii et al., 2010). At this stage, the preparation of review forms is conducted and to be effective, a separate and special form should be designed for each activity performed in the bank. The Sharīʿah auditor documents all the answers needed in the forms and lists additional observations (Lahsasna et al., 2013). The information collected should be reliable and sufficient and, thus, requires the assistance of all the managers of the departments under audit to provide the auditor with the needed documents.
The fourth stage is "reporting." The head of the internal Sharīʿah audit department discusses the findings and recommendations with the appropriate administrative parties before the final report is issued in writing. The head of the internal legal supervision must prepare a written report signed by him, addressed to the BOD with a copy to the SSB and the management. It should include the opinion of the internal Sharīʿah auditor and his/her recommendations for future improvements and any suggested corrective actions. Furthermore, the internal Sharīʿah auditor should recognize outstanding performance whenever possible. As appropriate, the report should also include the views of those who have been consulted on the outcome or the final recommendations provided by the internal Sharīʿah auditor (AAOIFI, 1999b, Articles 20).
In this stage, the internal Sharīʿah auditor should also prepare a report that includes the audited transactions, observations, auditing processes and recommendations (Aljasser, 2009). According to AAOIFI, the reports can be categorized into two types. The first is the Sharīʿah audit activity report, which the Sharīʿah auditor should send regularly to the IB management, clarifying the process of implementing the plan of the Sharīʿah audit activity. In this report, any possible deviation from the plan that may occur should be mentioned and the reasons specified. The second type is the compliance report, which contains an evaluation of the extent of the IFI's commitment to Sharīʿah regulations and rules. The Sharīʿah auditor should also provide this report to the SSB to show the purpose and scope covered by the Sharīʿah auditing activities, opinions and the findings of the Sharīʿah auditor, as well as any corrective actions suggested and feedback from those reviewed.
The fifth and final stage is called "follow-up." The responsibility for conducting this function lies with the internal auditor (Keating, 1995). According to a number of studies (Keating, 1995;Mihret and Yismaw, 2007), the duties of the internal audit cannot be fulfilled unless the auditor issues a report, follows up on the result and ensures that the desired results are maintained.
Based on the procedure outlined above, Figure 1 below summarizes the proposed framework of the Sharīʿah audit effectiveness factors identified by this study.

Conclusion
Internal Sharīʿah audit does not reject all the techniques and mechanisms of conventional internal auditing as they can be used to test the values, which are based on the Sharīʿah. There are a few common objectives shared between the internal Sharīʿah audit and its counterpart in conventional financial institutions. However, differences exist when one considers the ASIFI Sharīʿah auditing standards, which require the provision of an assurance that the contracts and products of IBs are made according to Sharīʿah rules and regulations. The nature of the risks that may occur in IBs differs from that of conventional ones. Thus, Sharīʿah auditing is very important as it is considered one of the tools that strengthen Sharīʿah governance and, consequently, minimizes violations or risks, which can either be internal risks or external risks. However, the lack of Sharīʿah guidelines and supervisory framework may reduce the effectiveness of IBs, which can lead to these banks being viewed as less Sharīʿah-compliant. An internal Sharīʿah audit is different from a traditional audit because the latter mainly focuses on auditing traditional banks and such an audit focuses only on the materialistic perspective, which is shown in the financial statement. In IBs, Sharīʿah audit has a wider scope because it covers the overall work essential to give an informed opinion as to whether or not the IB is following the Sharīʿah guidance and fatwas issued by the IB's Sharīʿah committee. Therefore it is vital to identify what makes a Sharīʿah audit different and to clearly define the related terminology to fully understand Sharīʿah auditing and assess its effectiveness correctly.
From an Islamic perspective, there is a strong need for Sharīʿah audit to fulfill maq a Á sid al-Sharīʿah and thereby protect people's wealth, make transactions fair and transparent for clients and prevent any deals or transactions that are not Á hal al (permissible). However, it should be noted that the Sharīʿah audit is not a newly created method as it has been applied throughout Islamic history in the form of Á hisbah (accountability). Nevertheless, currently, due to some differences between Sharīʿah governance and CG, an audit framework and audit programs that focus on Sharīʿah-compliance should become part of overall Sharīʿah governance.
The internal Sharīʿah audit framework has a vital role in monitoring and maintaining the objectives of IBs by mitigating the Sharīʿah non-compliance risks that can be found in products, activities and operations. Therefore, to study the effectiveness of the Sharīʿah audit, this research examined previous studies, which highlighted some factors that significantly affect the internal audit. These factors include external and internal factors, as well as internal Sharīʿah audit structure, processes and requirements. The factors that impact on internal Sharīʿah audit effectiveness are not totally different from those related to  Internal Sharīʿah audit effectiveness traditional internal audit. However, the principles of Sharīʿah should be considered in all those factors, which could have an effect on a traditional audit. In addition, there are some additional factors and players that need to be considered in Sharīʿah governance such as the Sharīʿah committee of the central bank. The propositions that were formed in this study were based on the selection of some of those factors, which were deemed to support the research objectives.
The practical implications of this study are: first, the regulators need to provide a detailed framework for internal Sharīʿah audit, which covers the main requirements for effective Sharīʿah governance. Second, IFIs need to pay more attention to following the internal Sharīʿah audit process that can attain the objective of effective Sharīʿah governance. Finally, the lack of empirical work in studying the role and effectiveness of internal Sharīʿah audit draws attention to the importance of developing an appropriate method to enhance the effectiveness of Sharīʿah governance practices.
For further studies, it is recommended that empirical research be conducted to test the relationship of the above-mentioned factors on internal Sharīʿah audit effectiveness based on real data from IFIs.