Glasgow Caledonian University/ London
Glasgow School for Business and Society
Department of Law, Economics, Accountancy & Risk
Internal Audit Roles in Risk Management from Risk Management Perspective:
Ra’ida Moh’d Suliman Mash’al
For MSc. In Risk Management
Risk management and internal auditing are both tools for an Internal Control System, but both have different objectives and roles. However, the IIA 2005 (Gramling and Myers, 2006) survey, Fraser & Henry (2007), the IIA 2009 survey (The IIARF, 2011), and De Zwaan et al (2011) all confirmed that internal auditing conducts some unsuitable activities in the ERM. These roles have a considerably negative affect on internal auditing, risk management and internal control systems. This study aimed to reveal the viewpoint of risk management regarding this issue and tried to bring out a general evaluation and analysis from the risk management perspective by applying a qualitative descriptive and explanatory research approach and conducting a questionnaire (see appendix I) filled by risk management professions to achieve its goal. The study findings confirmed the negative impact of the misplacement roles of internal auditors in risk management, and finds that risk managers are not concerned with this issue much, the responsible for this issue firstly is the boards, secondly chief audit executive (CAE) and thirdly the chief risk officer (CRO), also risk management standards impact very low in cotrolling this issue and finally the best practices is separation in roles between risk management and internal auditing . As a result, the study made four recommendations aiming to encourage risk management people to review their evaluation of this issue. This study also calls risk management researchers to consider conducting empirical studies to control the negative impacts and exploit the added value of internal auditing in risk management in particular and internal control systems in general. A call for collaboration and cooperation between professional bodies in risk management and internal auditing to raise awareness in risk management environments regarding this issue. Also a call for risk managers to work on improving their skills and knowledge due to its high influence to restore the confidence of the top management.
For those who are interested to have more details or want to share thier opionion please contact me on comments.