The Role of Internal Audit from New Enterprise Risk Management Frameworks Perspective: Research in Turkey

Abstract

Enterprise Risk Management (ERM) has emerged as a paradigm aimed at enabling organizations to respond to ever-changing risk factors. Since the publication of the COSO Risk Management Framework and IIA report in 2004, internal audit functions have assumed a variety of roles in organizations' ERM operations. The main purpose of this study is to determine the extent to which internal auditors' activities have changed over time in relation to ERM activities and to what extent these tasks are undertaken in practice. In the first part, literature and new risk frameworks related to the role of internal audit in ERM are examined. In the study, data collected from 245 internal auditors working in organizations operating in Turkey were analyzed by t-test and analysis of variance (ANOVA). From the findings, it was determined that the opinions of internal auditors regarding ideal situations in terms of ERM tasks assumed under certain conditions differed from those in practice. The analyses showed that some of the internal auditors' opinions differed statistically according to demographic variables. It has been determined that the opinions of internal auditors differ according to age, professional experience and enterprise sector in which they worked. The results were compared with studies on different samples. Thus, internal auditors' opinions and the current situation in Turkey, can be compared to different regions. In our study, different results were obtained from the results of studies conducted in different countries.

Keywords

• Internal Audit
• Enterprise Risk Management
• Role of Auditors
• Turkey

References

1. Anders, S. B. (2019). COSO's Newest ERM Guidance. The CPA Journal, 89(3), 66-67.
2. Anderson, Doug. (2017). COSO ERM: Getting risk management right: Strategy and organizational performance are the heart of the updated framework. Internal Auditor, 74(5), 38-43.
3. Beasley, M. S., Clune, R., & Hermanson, D. R. (2005). ERM: A status report. Internal Auditors, February, 62(1), 67-73.
4. Beasley, M. S., Clune, R., & Hermanson, D. (2006). The impact of enterprise risk management on the internal audit function. Kennesaw, GA: Kennesaw State University Press.
5. Beasley, M. S., Clune, R., & Hermanson, D. (2005). Enterprise risk management: An empirical analysis of factors associated with the extent of implementation. Journal of Accounting and Public Policy, 24(6), 521-531.
6. Castanheira, N., Rodrigues, L. L. and Craig, R. (2010). Factors associated with the adoption of risk‐based internal auditing. Managerial Auditing Journal, 25(1), 79‐98.
7. Cohen, J., Krishnamoorthy, G., & Wright, A. (2017). Enterprise risk management and the financial reporting process: The experiences of audit committee members, CFO s, and external auditors. Contemporary Accounting Research, 34(2), 1178-1209.
8. Committee of Sponsoring Organizations of the Treadway Commission (COSO). (2004). Enterprise Risk Management Framework (Draft), Amerika: COSO.

9. Committee of Sponsoring Organizations of the Treadway Commission (COSO). (2017). Enterprise Risk Management Aligning with Strategy and Performance. Amerika: COSO.
10. Farrell, M., & Gallagher, R. (2015). The valuation implications of enter-prise risk management maturity. Journal of Risk and Insurance, 82(3), 625–657.
11. Flanders, K. (2018). An Appetite for Risk: Internal audit departments may need to recalibrate to accept more risk. Internal Auditor, 75(2), 60-66.
12. Fox, C. (2018). Understanding the New ISO and COSO Updates. Risk Management, 65(6), 4-7.
13. Fraser, I., & Henry, W. (2007). Embedding risk management: Structures and approaches. Managerial Auditing Journal, 22(4), 392-409.
14. George, D., & Mallery, P. (1995). SPSS/PC+ step by step: A simple guide and reference. Belmont, CA: Wadsworth Publishing Company.
15. Gramling, A. & Myers, P. (2006). Internal Auditing's Role in ERM. Internal Auditor, April, 52-58.
16. Herron, A. & Dholabhai, M. (2017). COSO Enterprise Risk Management Framework- Integrating Strategy and Performance. New York: PwC Governance Insights Center.
17. Institute of Internal Auditors (IIA). (2004). The Role of Internal Auditing in Enterprisewide Risk Management. London: The Institute of Internal Auditors UK and Ireland.
18. Institute of Risk Management (IRM). (2018). A Risk Practitioners Guide to ISO 31000: 2018. United Kingdom, London: The Institute of Risk Management UK.
19. Institute of Internal Auditors (IIA). (2010). Uluslararası Mesleki Uygulama Çerçevesi (UMUÇ) Uluslararası İç Denetim Standartları. Çeviri: Türkiye İç Denetim Enstitüsü (TİDE). İstanbul: Lebib Yalkın Yayımları.
20. Paape, L., & Speklè, R. F. (2012). The adoption and design of enterprise risk management practices: An empirical study. European Accounting Review, 21(3), 533-564.
21. Pierce, E. M., Goldstein, J., & Pierce, E. (2016). Moving From Enterprise Risk Management to Strategic Risk Management: Examining the Revised COSO ERM Framework. In 14th Global Conference on Busness and Economics, (October).
22. Pickett, K. H. S. (2011). The Essential Guide to Internal Auditing. West Sussex: John Wiley & Sons.
23. Prewett, K., & Terry, A. (2018). COSO's updated enterprise risk management framework - a quest for depth and clarity. Journal of Corporate Accounting & Finance, 29(3), 16-23.
24. Prinsenberg, M., & Sluis, R. V. D. (2017). COSO Enterprise Risk Management Framework-Integrating Strategy and Performance. Netherlands, Den Bosch: PricewaterhouseCoopers.
25. Reding, F. K. Sobel, P. J. Anderson, L. U., Head, M. J. Ramamoorti, S. Salamasick, M., & Riddle, C. (2013). Internal Auditing: Assurance&Consulting Services. Altomonte Springs: The IIA Research Foundation.
26. Richtermeyer, S. B. (2018). Enterprise Risk Management Integrating with Strategy and Performance. USA, Massachusetts: COSO.
27. Sarens, G., & De Beelde, I. (2006). Internal auditors' perception about their role in risk management: A comparison between US and Belgian companies. Managerial Auditing Journal, 21(1), 63-80.
28. Shortreed, J., Fraser, J., Purdy, G., & Schanfield, A. (2012). The Future Role of Internal Audit in (Enterprise) Risk Management. The Journal of Finance, 1-13.
29. Sobel, P. J. (2018). COSO ERM: Integrating with Strategy and Performance. The Institute of Internal Auditors International Conferance, UAE, Dubai, 6-9 Mayıs 2018.
30. Steffee, S. (2016). COSO drafts ERM framework: long-awaited revision addresses changes in business environment and risk. Internal Auditor, 73(4), 13-15.
31. Thabit, T. (2019). Determining the Effectiveness of Internal Controls in Enterprise Risk Management based on COSO Recommendations. In International Conference on Accounting, Business Economics and Politics, April.
32. Tabachnik, B. G., & Fidell, S. L. (2013). Multicollinearity and singularity. Using multivariate statistics. Boston: Pearson Education Inc, 2(013), 88-91.
33. Tillinghast, P. T. (2004). Adding value through risk and capital management. New York: Tillinghast-Towers Perrin.
34. Walker, P. L., Shenkir, W. G., & Barton, T. L. (2002). Enterprise risk management: pulling it all together. Altamonte Springs, FL: Institute of Internal Auditors Research Foundation.
35. Wright, C. (2018). The CAE-CRO relationship: Chief audit executives and chief risk officers can collaborate in many ways to ensure the organization manages risks effectively. Internal Auditor, 75(1), 31-36.
36. Zwaan, L. D., Stewart, J. ve Subramaniam, N. (2011). Internal audit involvement in enterprise risk management. Managerial Auditing Journal, 26(7), 586–604.