Internal audit involvement in enterprise risk management

Abstract

Purpose The paper examines the impact of internal auditors’ involvement in Enterprise Risk Management (ERM) on perceptions of their willingness to report a breakdown in risk procedures and whether a strong relationship with the audit committee affects such willingness to report. The study also investigates the use of ERM and the role of internal audit in ERM in Australian private and public sector entities. Design/methodology/approach The study uses an experimental design, manipulating (i) the internal auditor’s involvement in ERM and (ii) the strength of the relationship between internal audit and the audit committee. Participants are 117 certified internal auditors. The study also gathers descriptive data on the use of ERM. Findings The study indicates that a high involvement in ERM impacts the perceptions of internal auditors’ willingness to report a breakdown in risk procedures to the audit committee. However, a strong relationship with the audit committee does not appear to affect their perceived willingness to report. The study also finds that the majority of organisations have recently adopted ERM. Internal auditors are involved in ERM assurance activities but some also engage in activities that could compromise objectivity