Internal Audit’s Involvement in Risk Management Process

Purpose To add to our understanding of the relation between internal audit and ERM, the purpose of the present paper is to perform a descriptive evidence of the extent to which a sample of Tunisian companies have implemented a risk management process, having a special focus on the current role of internal audit in ERM. Design/methodology/approach Findings are drawn from a questionnaire survey conducted in 2015 and administrated to 41 companies. In association with this, Pearson’s chi-square results test the dependence between ERM maturity and the presence of an internal auditor in companies. Findings The findings of this study show that an integrated ERM framework is essentially developed in credit institutions and a number of large companies; otherwise, it has not been sufficiently structured and formalized. Descriptive statistics provide evidence that ERM is a relatively new paradigm for several Tunisian companies. On the level of current role of internal audit in ERM, it seems that involvement in areas the IIA deemed “core” activities for internal audit is moderate. However, involvement in activities that the IIA recommends should not be undertaken is relatively high. Beyond providing the assurance that the portfolio of risks is well managed, internal auditors are assuming roles relating to risk treatment. Practical implications Considering Pearson’s chi-square results attesting the dependence between ERM maturity and the presence of an internal auditor in companies, there is an emerging need for the internal audit to have better involvement in risk management until a structured risk function will be developed. As recommended by the Institute of Internal Auditors (IIAS, 2011), it may be expected if an internal auditor fills roles, that may impair independence and objectivity, rather than nobody at all. Originality/value In the post-revolution context, Tunisian environment is becoming increasingly complex due to the several emerging risks. Companies are giving in present circumstances more interest to Enterprise Risk Management (ERM) but it is still in its infancy. In order to minimize the losses caused by these risks, the role of internal audit is involving into a more risk focused. Finding the right balance between internal audit objectivity and risk management remains a challenge for management. Keywords: ERM, internal audit, objectivity, Tunisian context

Le Management des risques dans les entreprises Tunisiennes Un état des lieux après la révolution

Cet article dresse un état des lieux des entreprises tunisiennes en matière de management des risques. L’objectif étant de recenser les principaux risques relevés par ces entreprises et d’avoir une vue d’ensemble du dispositif de management des risques dans le contexte tunisien post-révolution. Les résultats relatifs à l’enquête menée auprès de 30 entreprises révèlent que les principaux risques internes concernent les problèmes psychosociaux du personnel, le risque d’insolvabilité des clients ainsi que la baisse de la demande. D’autres risques sont externes à l’entreprise et sont relatifs à l’augmentation des coûts et à l’existence des marchés parallèles. Les résultats montrent, également, que le dispositif de management des risques est plutôt informel et concentré sur l’analyse des risques spécifiques, hormis le cas des établissements de crédit qui semblent être mieux outillés en matière de management des risques