ISSN: 2225-8329
Open access
The role of internal auditor in enterprise risk management (ERM) implementation is being highlighted by Institute of Internal Auditors (IIA) in 1999 where internal audit scope is to include assurance and consulting activities in risk management, control and governance. Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its integrated framework in 2004 (updated in 2017). After announcing of the released COSO framework in 2004, IIA then released a statement in the commencement of internal auditor’s role in risk management. Both internal and external audit are said to play a key role in the effectiveness of risk management within their organization. However, even though ERM has been introduced in 2004, the implementation is still not widely used and outgrowing. Since many organizations are still in developing their own risk management procedure, there are many arguments and debates over the involvement and the role of internal audit in risk management. The purpose of this paper is to highlight the issues and challenges which are faced by internal auditors in conducting their role in auditing risk management of an organization.
Ahlawat, S. S., & Lowe, D. J. (2004). An examination of internal auditor objectivity: in?house versus outsourcing. Auditing: A Journal of Practice & Theory, 23(2), 147-158.
Ali, A., & Ahmad, W. N. W. (2017). Challenges in fortifying the Sustainability of Internal Audit and Risk Management through Ingenious Collaborative Alliance: The Case of Professional Bodies and in Organizations.
Beasley, M. S., Clune, R., & Hermanson, D. (2006). The impact of enterprise risk management on the internal audit function.
Bou?Raad, G. (2000). Internal auditors and a value?added approach: the new business regime. Managerial auditing journal.
Brody, R. G., & Lowe, D. J. (2000). The new role of the internal auditor: Implications for internal auditor objectivity. International Journal of Auditing, 4(2), 169-176.
Carcello, J. V., Eulerich, M., Masli, A., & Wood, D. A. (2020). Are Internal Audits Associated with Reductions in Perceived Risk? Auditing: A Journal of Practice and Theory, 0000-0000.
Castanheira, N., Rodrigues, L. L., & Craig, R. (2010). Factors associated with the adoption of risk?based internal auditing. Managerial auditing journal.
COSO, I. (1994). COSO INTERNAL CONTROL – INTEGRATED FRAMEWORK:. Committee of Sponsoring Organizations of the Treadway Commission.
COSO, I. (2004). Enterprise risk management-integrated framework. Committee of Sponsoring Organizations of the Treadway Commission, 2.
Drogalas, G., & Siopi, S. (2017). Risk management and internal audit: Evidence from Greece. Risk governance & control: financial markets & institutions, 7(3), 104-110.
Ernst & Young. (2012). Survey on risk management practices in Malaysia. Retrieved from Erns &Young webpage
Fern, F. (1985). Independence: an incomplete standard. The Internal Auditor, 42(5), 30-35.
Fraser, I., & Henry, W. (2007). Embedding risk management: structures and approaches. Managerial auditing journal.
Gramling, A. A., & Myers, P. M. (2006). Internal auditing's role in ERM: as organizations lay their enterprise risk groundwork, many auditors are taking on management's oversight responsibilities, new research finds. Internal Auditor, 63(2), 52-58.
Gul, F., & Subramaniam, N. (1994). Audit committees, gifts and discounts, and familiarity as factors affecting internal auditors' professional objectivity. Review of business studies, 3(1), 89-99.
Hart, O. (1995). Corporate governance: some theory and implications. The economic journal, 105(430), 678-689.
Hoos, F., Messier Jr, W. F., Smith, J. L., & Tandy, P. (2014). The effects of serving two masters and using the internal audit function as a management training ground on internal auditors' objectivity. Available at SSRN 2358149.
Ibrahim, M. (2016). Audit as a Partner of Change. Retrieved from http://www.bnm.gov.my/index.php?ch=en_speech&pg=en_speech_all&ac=615&lang=en
IIA. (2002). International standards for the professional practice of internal auditing: Institute of Internal Auditors.
IIA. (2009). International standards for the professional practice of internal auditing: Institute of Internal Auditors.
IIA. (2013). Preparing for a Promising Future. Retrieved from
IIA. (2016). International standards for the professional practice of internal auditing: Institute of Internal Auditors.
IIA. (2017). International Standards for The Professional Practice of Internal Auditing (Standards): The Institute of Internal Auditors.
IIARF. (2011). Internal Auditing’s Role in Risk Management. Retrieved from https://na.theiia.org/iiarf/Public%20Documents/Internal%20Auditings%20Role%20in%20Risk%20Management.pdf
Jallow, K., Sarens, G., Abdolmohammadi, M. J., & Lenz, R. (2012). Factors associated with the internal audit function's role in corporate governance. Journal of Applied Accounting Research.
Keasey, K., & Wright, M. (1993). Issues in corporate accountability and governance: An editorial. Accounting and business research, 23(sup1), 291-303.
Kiral, H., & Karabacak, H. (2020). Resolution of the Internal Audit-Based Role Conflicts in Risk Management: Evidence from Signaling Game Analysis. Group Decision and Negotiation, 29(5), 823-841.
KPMG. (2008). The evolving role of the internal auditor: Value creation and preservation from an internal audit perspective: KPMG LLP.
Leech, T. (2017). Is Internal Audit the Next Blackberry? EDPACS, 55(4), 1-11.
Marks, N. (2017). What Are the Biggest Risks for Internal Audit This Year and Next Year?.
Mihret, D. G., & Woldeyohannis, G. Z. (2008). Value?added role of internal audit: an Ethiopian case study. Managerial auditing journal.
Miller, P. K., & Rittenberg, L. E. (2015). The Politics of Internal Auditor: The IIA Research Foundation.
Moeller, R. R. (2011). COSO enterprise risk management: establishing effective governance, risk, and compliance processes (Vol. 560): Wiley Online Library.
Mohamed, Z. (2012). The age of internal audit function and internal audit’s contribution to financial statement audit: Implications on audit fees. The Journal of American Academy of Business, Cambridge, 18(2), 303-311.
Najah, E. A., & Omar, T. (2018). The Contribution of Internal Audit to the Improvement of Internal Control System. European Scientific Journal, ESJ, 14, 200.
Protiviti. (2018). The Next Generation of Internal Auditing-Are You Ready? Catch the Innovation Wave. Internal Audit, Risk, Business & Technology Consulting
Protiviti. (2019). Revamping Risk Culture in the Digital Age. Board Perspective: Risk Oversight.
Seago, J. (2015). Delivering on the Promise: Measuring Internal Audit Value and Performance. Altamonte Springs: The Institute of Internal Auditors Research Foundation (IIARF).
Short, H., Keasey, K., Wright, M., & Hull, A. (1999). Corporate governance: From accountability to enterprise. Accounting and business research, 29(4), 337-352.
Sobel, P. J. (2011). Internal auditing’s role in risk management. The Institute of Internal Auditors Research Foundation, Florida, Amerika Serikat.
Sobel, P. J., & Reding, K. F. (2004). Aligning corporate governance with enterprise risk management. Management Accounting Quarterly, 5(2), 29.
Soh, D. S., & Martinov-Bennie, N. (2011). The internal audit function: Perceptions of internal audit roles, effectiveness and evaluation. Managerial auditing journal, 26(7), 605-622.
Subramaniam, N., Carey, P., De Zwaan, L., & Stewart, J. (2011). Internal audit involvement in enterprise risk management. Managerial auditing journal.
Teoh, A. P., Lee, K. Y., & Muthuveloo, R. (2017). The Impact of Enterprise Risk Management, Strategic Agility, and Quality of Internal Audit Function on Firm Performance. International Review of Management and Marketing, Econjournals, 7(1), 222-229.
Weekes?Marshall, D. (2020). The role of internal audit in the risk management process: A developing economy perspective. Journal of Corporate Accounting & Finance, 31(4), 154-165.
Yazid, A. S., Razali, A. R., & Hussin, M. R. (2012). Determinants of enterprise risk management (ERM): A proposed framework for Malaysian public listed companies. International Business Research, 5(1), 80.
In-Text Citation: (Johari et al., 2022)
To Cite this Article: Johari, R. J., Razali, F. M., & Hashim, A. (2022). Enterprise Risk Management: Internal Auditor’s Role Perspective. International Journal of Academic Research in Accounting Finance and Management Sciences, 12(1), 1–14.
Copyright: © 2022 The Author(s)
Published by Human Resource Management Academic Research Society (www.hrmars.com)
This article is published under the Creative Commons Attribution (CC BY 4.0) license. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this license may be seen at: http://creativecommons.org/licences/by/4.0/legalcode