A Conceptual Framework of Potential Conflicts with the Role of the Internal Auditor in Enterprise Risk Management
Abstract
Internal auditors are expected to be increasingly involved in Enterprise Risk Management (ERM) by adding value to the organization and providing assurance that the entity’s risk exposures are properly understood and managed. The Institute of Internal Auditors’ (IIA, 2009) revised position paper defines the internal auditor’s role in ERM as measuring and monitoring performance, and at the same time evaluating the effectiveness of management’s risk monitoring process. In this paper, the author proposes a conceptual framework to assess whether potential conflicts exist with the role of the internal auditor in companies with fully implemented ERM frameworks. The existence of conflicts would depend on whether the internal auditor’s independence and objectivity is impaired. The proposed conceptual framework suggests that the internal auditor’s independence and objectivity would not be impaired when it leads and maintains the ERM framework. In addition, the internal auditor’s independence and objectivity would not be impaired when it spends more time performing ERM consulting activities versus providing assurance on controls. Finally, the proposed conceptual framework suggests that the internal auditor’s independence and objectivity would not be impaired when it reports to a separate board risk management committee. From the review of prior literature on the internal auditor’s role in ERM, hypotheses are developed to suggest a relationship between the internal auditor’s independence and objectivity with performing a leading and maintaining role in ERM, providing assurance on controls and consulting services, and reporting to a separate risk management committee that can be empirically tested in future research.
Full Text:
PDFDOI: https://doi.org/10.5430/afr.v2n3p65
Refbacks
- There are currently no refbacks.
Copyright (c)
Accounting and Finance Research
ISSN 1927-5986 (Print) ISSN 1927-5994 (Online) Email: afr@sciedupress.com
Copyright © Sciedu Press
To make sure that you can receive messages from us, please add the 'Sciedupress.com' domain to your e-mail 'safe list'. If you do not receive e-mail in your 'inbox', check your 'bulk mail' or 'junk mail' folders.