Core and Legitimate Roles of Internal Audit Function and Enterprise Risk Management: Propositions for Future Research

Abstract

In the aftermath of global corporate scandals at the start of the new millennium government policy makers and international regulatory organizations launched several initiatives to anticipate and mitigate the impact of enterprise risk that can seriously damage economies of nations and bankrupt globally recognized companies. The typical roles of internal auditors have failed to prevent frauds and financial crimes from taking root in organizations. As a result, paradigms such as Enterprise Risk Management took centre-stage and became vital considerations and organizations such as the Institute of Internal Auditors along with other global platforms such as the Committee of Sponsoring Organizations of the Treadway Commission to address the issue of enterprise risk. However, despite all these measures new corporate scandals have emerged, inviting scope for further investigation on matters such as how defined internal audit functions relate to Enterprise Risk Management. This paper proposes a conceptual link between the core and legitimate roles of internal auditor function and enterprise risk management. The roles of internal auditor function are based on the Institute of Internal Auditors Position Paper (2009) and the core components of Enterprise Risk Management are identified based on the Committee of Sponsoring Organizations (2017) Enterprise Risk Management Integrated Framework. This study further proposes a set of propositions suggesting the possible association of the core and legitimate roles of internal auditors on the five core components of Enterprise Risk Management. The output of this study is expected to lay the foundation for further empirical studies to develop a finer-grained understanding of how internal auditor function roles relate to Enterprise Risk Management implementation.