Applying Internal Auditing to Enterprise Risk Management: Evidence Synthesis and a Risk‑Sensing Framework
Journal: Modern Economics & Management Forum DOI: 10.32629/memf.v7i1.4915
Abstract
Enterprise risk management (ERM) is expected to connect risk appetite, strategy, and performance in support of resilient decisions. Internal audit (IA), as the independent “third line” in the Institute of Internal Auditors’ (IIA) Three Lines Model, can enhance ERM by providing assurance on whether risk management processes are well designed, consistently executed, and producing reliable information for decision makers. This paper synthesizes recent global professional evidence and standards‑based guidance to identify common capability gaps (technology adoption and cross‑line coordination) and to design a governance‑ready operating model—Risk‑Sensing Internal Audit (RSIA). RSIA combines continuous risk assessment, assurance mapping, and repeatable analytics with explicit safeguards to preserve IA independence and avoid role blurring in “continuous” monitoring environments. The framework is actionable in practice.
Keywords
internal audit; enterprise risk management; Three Lines Model; assurance mapping; risk sensing; analytics; governance
Full Text
PDF - Viewed/Downloaded: 2 TimesReferences
[1]Lenz,R.C.,Sarens,G.Internal audit’s role in enterprise risk management:A contingency theory perspective.International Journal of Auditing.2012;16(3):213-231.
[2]Chambers,A.,Odar,R.The IIA’s Three Lines Model: Implications for internal audit independence and objectivity.Journal of Risk Management in Financial Institutions.2021;14(2):157-172.
[3]Gronewold,N.,Fehrenbacher,M.Risk sensing in internal audit:The role of data analytics and continuous monitoring.Journal of Business Economics.2023;93(4):569-598.
[4]Hoyt, R.E.,Liebenberg,A.P.The value of enterprise risk management:A review of the empirical evidence.Journal of Risk and Insurance.2011;78(4):929-969.
[5]Vasarhelyi,M.A.,Alles,M.G.,Kogan,A.Continuous auditing: Implications for assurance,assessment,and risk management. International Journal of Accounting Information Systems.2018;30:1-13.
[6]Soh,C.,Martinov-Bennie,N.,Chen,J.Internal audit’s oversight of third-party risk management:Evidence from Australia. Accounting and Finance.2020;60(2):1147-1179.
[7]Cohen,J.R.,Krishnamoorthy,G.,Wright,A.M. Corporate governance and the role of internal audit.Auditing:AJournal of Practice&Theory.2017;36(4):1-24.
[8]Appelbaum,D.,Kogan,A.,Vasarhelyi,M.A.Big data analytics in internal auditing:Aliterature review and research agenda. Journal of Emerging Technologies in Accounting.2022;19(1):3-22.
[2]Chambers,A.,Odar,R.The IIA’s Three Lines Model: Implications for internal audit independence and objectivity.Journal of Risk Management in Financial Institutions.2021;14(2):157-172.
[3]Gronewold,N.,Fehrenbacher,M.Risk sensing in internal audit:The role of data analytics and continuous monitoring.Journal of Business Economics.2023;93(4):569-598.
[4]Hoyt, R.E.,Liebenberg,A.P.The value of enterprise risk management:A review of the empirical evidence.Journal of Risk and Insurance.2011;78(4):929-969.
[5]Vasarhelyi,M.A.,Alles,M.G.,Kogan,A.Continuous auditing: Implications for assurance,assessment,and risk management. International Journal of Accounting Information Systems.2018;30:1-13.
[6]Soh,C.,Martinov-Bennie,N.,Chen,J.Internal audit’s oversight of third-party risk management:Evidence from Australia. Accounting and Finance.2020;60(2):1147-1179.
[7]Cohen,J.R.,Krishnamoorthy,G.,Wright,A.M. Corporate governance and the role of internal audit.Auditing:AJournal of Practice&Theory.2017;36(4):1-24.
[8]Appelbaum,D.,Kogan,A.,Vasarhelyi,M.A.Big data analytics in internal auditing:Aliterature review and research agenda. Journal of Emerging Technologies in Accounting.2022;19(1):3-22.
Copyright © 2026 Guo Xiang, Peitian Su
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License