Research Journal of Finance and Accounting

Purpose

To add to our understanding of the relation between internal audit and ERM, the purpose of the present paper is to perform a descriptive evidence of the extent to which a sample of Tunisian companies have implemented a risk management process, having a special focus on the current role of internal audit in ERM.

Design/methodology/approach

Findings are drawn from a questionnaire survey conducted in 2015 and administrated to 41 companies. In association with this, Pearson’s chi-square results test the dependence between ERM maturity and the presence of an internal auditor in companies.

Findings

The findings of this study show that an integrated ERM framework is essentially developed in credit institutions and a number of large companies; otherwise, it has not been sufficiently structured and formalized. Descriptive statistics provide evidence that ERM is a relatively new paradigm for several Tunisian companies.

On the level of current role of internal audit in ERM, it seems that involvement in areas the IIA deemed “core” activities for internal audit is moderate. However, involvement in activities that the IIA recommends should not be undertaken is relatively high. Beyond providing the assurance that the portfolio of risks is well managed, internal auditors are assuming roles relating to risk treatment.

Practical implications

Considering Pearson’s chi-square results attesting the dependence between ERM maturity and the presence of an internal auditor in companies, there is an emerging need for the internal audit to have better involvement in risk management until a structured risk function will be developed. As recommended by the Institute of Internal Auditors (IIAS, 2011), it may be expected if an internal auditor fills roles, that may impair independence and objectivity, rather than nobody at all.

Originality/value

In the post-revolution context, Tunisian environment is becoming increasingly complex due to the several emerging risks. Companies are giving in present circumstances more interest to Enterprise Risk Management (ERM) but it is still in its infancy. In order to minimize the losses caused by these risks, the role of internal audit is involving into a more risk focused. Finding the right balance between internal audit objectivity and risk management remains a challenge for management.

Keywords: ERM, internal audit, objectivity, Tunisian context.