From Compliance to Strategic Partnerships: The Role of Internal Audit in Enterprise Risk Management and Opportunities for Future Research

Thumbnail Image

Files

Published version (732.68 KB)
Downloads: 79

TR Number

Date

2025-12-11

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

MDPI

Abstract

Implementing enterprise risk management (ERM) helps organizations identify, assess, and manage emerging risks. As global ecosystems face intensifying environmental, social and governance (ESG) pressures—including climate risks, regulatory demands for sustainability reporting and stakeholder expectations for ecosystem protection —the internal audit function (IAF) plays an increasingly critical role in helping organizations monitor and respond to these risks. Internal auditors’ expertise supports risk identification and assessment, though management maintains responsibility for risk management and control. Using the Committee of Sponsoring Organizations’ (COSO) ERM framework, we review 77 studies across 23 journals published between 2004 and 2024. Prior research primarily examines internal audit’s assurance and consulting roles, with considerably less attention given to activities that compromise independence. While evidence suggests that internal audit quality enhances risk management effectiveness, uncertainty remains about boundaries for consulting activities and technology-enabled assurance. Our synthesis highlights limited empirical insight into internal audit’s strategic partnership role in ERM and identifies future research opportunities for scholars, practitioners and standard setters.

Description

Keywords

Citation

Nkansa, P.; Barr-Pulliam, D.; Walker, K. From Compliance to Strategic Partnerships: The Role of Internal Audit in Enterprise Risk Management and Opportunities for Future Research. J. Risk Financial Manag. 2025, 18, 707.

Persistent link

https://hdl.handle.net/10919/140638

Collections

Journal Articles, Multidisciplinary Digital Publishing Institute (MDPI)
Scholarly Works, Accounting and Information Systems