Influence of Internal Audit Functions on Enterprise Risk Management: Evidence from Malaysian Transportation Industry

Abstract

This study investigates the impact of core and legitimate functions of internal auditors defined by the Institute of Internal Auditors Position Paper 2009 on the five enterprise risk management components defined by the updated Enterprise Risk Management Framework 2017 declared by the Committee of Sponsoring Organizations. It also examines whether presence of a chief risk officer influences the above relationships. The analysis is based on data obtained from the transportation sector in Malaysia. The results suggest that internal auditors perform 70% of their core roles in enterprise risk management and 65% of legitimate roles, while they are also performing about 50% of prohibitive roles in enterprise risk management. Chief risk officer has non-significant influence except for two enterprise risk management components. Finally, linear regression analysis indicates significant influence of core and legitimate functions of internal auditors on four out of five enterprise risk components.