This chapter consists of three sections, which conclude the entire research report. These are the summary of findings, the Research conclusions and Recommendations. The conclusions were made in light of the research objectives and the subsequent findings and observations highlighted in the Data Analysis Chapter IV. Recommendations concerning the roles of the internal audit function in the implementation of ERM are then made.
The aim of this research was to bring to light the importance of the internal audit function in assisting entities realize the full benefits of implementation of Enterprise-Wide Risk Management (ERM), to investigate whether internal audit effectiveness could positively influence the implementation of Enterprise-wide risk management by considering what roles Internal audit plays in enhancing it. This study aimed at presenting the situation of the internal auditing function in Enterprise-wide risk management in a Zimbabwean context.
The primary data collection was through a questionnaire survey and interviews. There was 85% response rate which is favourable and allows reliance to be placed upon the results.
Get your grade
or your money back
using our Essay Writing Service!
The results obtained from the questionnaires showed that indeed the internal audit function can play a role in enhancing Enterprise-wide risk management. Enterprise-wide risk management was deduced to be largely beneficial to an organisation. Many organisations with an internal audit function where not fully utilising the function as they were at various stages of implementation. Furthermore internal auditors playing prohibitive roles and thus compromising their objectivity and independence toward the ultimate goal of ERM was highlighted by the results of the study.
5.2 Summary of Findings
The following research questions were answered:
What are the roles of the internal audit function in ERM?
What tasks do internal auditors perform in ERM that make valuable contributions towards organizational success?
What is the impact of internal audit on Enterprise-wide Risk Management?
What are the effects and benefits of a robust ERM Framework on an entity?
To what extent is incorporating and embedding Enterprise-wide risk management into an enterprise's plans and business strategy an appropriate mechanism to assist management in successfully executing their management duties?
5.2.1 Roles of the Internal Audit Function in ERM
It was confirmed that the internal audit function plays roles that fall into 3 categories which are core, legitimate and prohibitive roles. The roles played are in line with the recommendations outlined by the Institute of Internal Audit. This research also showed that the Internal audit function in the respondents' entities have legitimate assurance roles being the most prominent roles played by Internal Audit. Unique to this study however was the fact that the prohibitive roles played by Internal Audit in ERM which have the potential to affect the objectivity and independence of the internal audit function were quite significant. This indicated that ERM was not being implemented as per best practice thus creating room for improvement of internal audit enhanced ERM within organisations.
5.2.3 Tasks performed in ERM by Internal Auditors that make valuable contributions towards organizational success
The study revealed that the tasks played by Internal auditors make valuable contributions towards organisational success. The results of the study indicated that the degree of the internal auditors' roles in the ERM could improve ERM implementation. Tasks of particular importance include co-ordinating ERM activities, facilitating identification and evaluation of risks, giving assurance that risks were correctly evaluated and evaluating risk management processes. Internal audit function was overall rated as effective to very effective and not requiring immediate improvements in many circumstances.
5.2.4 The impact of Internal Audit on Enterprise-wide Risk Management
The research highlighted how Internal Audit has a positive impact on ERM. Internal audit which possesses the unique advantage of being involved in every area of an organization made it best placed to identify risks of concern to the organisation. Internal audit which is familiar with the organisation's risk-based assessments, consults with top management, and the ability to compile comprehensive amounts of information can produce clear and concise findings that make Internal Audit a valuable instrument in an organization's ERM implementation.
5.2.5 The effects and benefits of a robust ERM Framework on an entity
ERM allows entities to develop a comprehensive view of all types of risks in multiple business lines and departments enabling the entity to efficiently mitigate risks. Robust ERM that is enhanced by Internal Audit leads to a better understanding of risks and controls thereby fostering an enterprise that is intelligent about risk and enhancing its ability to maximise rewards versus risks faced. Furthermore ERM had a positive impact of enhancing management's ability to minimise operational surprises and unexpected losses by identifying any potential events, risks and responses in advance so that risks are managed and can no longer potentially threaten the entity.
5.2.6 Incorporating and embedding Enterprise-wide risk management into an enterprise's plans and business strategy as an appropriate mechanism to assist management in successfully executing their management duties
Always on Time
Marked to Standard
Incorporating and Embedding ERM can improve an organisation's management's ability to strategize effectively, think ahead, assess potential risks and evaluate opportunities and allocate capital and resources to mitigate risks or seize opportunities and thus perform their duties to their fullest potential while delivering results that maximise the value of the organisation.
While this study faced challenges, it did however overcome. One such challenge was respondents who participated in the survey requesting absolute anonymity of themselves and their institutions. Some respondents were reluctant to disclose sensitive information pertaining to risk management however this was overcome by seeking clearance from legal or marketing departments of the relevant companies. In spite of these and other constraints, the study came out with interesting findings and observations and the following conclusions were made.
Enterprises are aware that effective Internal Audit can enhance risk management and is the ideal vehicle for the creation of added value to the organisation. Through internal audit's core assurance and safeguarded consulting roles, internal audit is well positioned to add significant value to the ERM process.
Internal audit's close relationship with executive and senior management and the audit committee makes it very easy for them to push ERM to the forefront and gather their support.
A new approach of internal auditing carries out tasks focusing on the risk more than ever, and this develops enterprise-wide risk management implementation.
Internal auditing has been given a dual role in Enterprise-wide risk management process and acts as a provider of assurance as to the effectiveness of enterprise risk management
process, risks and internal controlling, as well as acts as an advisor to consult the management so as to improve key business areas.
ERM is a good way to manage complex changes and if embedded in a entity's business strategy has the ability to assist management in successfully executing their management duties and facilitating good corporate governance.
The role, tasks and responsibilities of internal auditors should be communicated throughout the organisation
Internal auditing, as a means of risk management, should assist enterprises in implementing the enterprise-wide risk management by offering specialised knowledge for challenging areas such risk data integration across the entity .
Internal audit should closely cooperate with the management of an enterprise, the Audit Committee and external auditors in terms of providing assurance and consulting activities to aid organisations as they attempt to implement and are in varying stages of ERM implementation.
Internal audit could also assist in the creation of the overall risk model to employ in Enterprise-wide risk management for the organization as the internal audit function has access to vast amounts of information about all aspects of the entity and can organize it in a way that makes it comprehensible to all parties that will be involved in mitigating risk.
Organizations planning to implement ERM or in the process of implementing it, should take note to cultivate a risk culture that supports the business' objectives which can be done through guidance from the Internal audit function, enlisting specialist support from an ERM expert and training and workshops.
Internal audit can engage in to speed up implementation ERM by carrying out of risk assessments that encourage top leadership to implement and suggesting an ERM organizational structure as internal audit can add significant value in advising on the most efficient risk management structure.
As Internal audit is carrying out prohibitive roles, it is important for the internal audit function to make sure adequate safeguards are in place in the organizational structure to guarantee the internal auditors are not assuming prohibitive roles as if they themselves are management.
5.5 Recommendations for Future Studies
This study's results revealed that the internal auditors performed 28 percent of the prohibitive
roles. The involvement of internal auditors in these roles has potential to affect their independence and objectivity. Further study could investigate the reasons why the internal auditors end up performing these prohibitive roles to discover if they voluntarily take up the prohibitive roles or have no choice but to assume these roles.