Contribution of internal auditing to risk management: Perceptions of public sector senior management

There is a widening gap between the expectations of internal audit stakeholders and the value the function brings to the table, for example, in the management of the risks threatening an organisation. The purpose of this paper is to investigate the views of chief audit executives (CAEs), the chairs of audit committees and senior management on the contribution of the internal audit functions to risk management in the South African public sector. This contribution is considered in the context of existing risk management structures and the level of coordination between these structures and internal auditing.

The views of heads of internal auditing, chairpersons of the audit committee and the Accounting Officer (similar to the CEO of private sector organisations) of national, provincial and local government organisations were obtained and statistically analysed.

The results indicate that the CAEs have noticeably different views from the other two parties, and that the existence of risk management structures has a minor effect on how the contribution of internal auditing to risk management is perceived.

It was decided to not include the views of heads of risk management functions owing to the immaturity of risk management in this sector with in the South African public sector.

The results of the study provide internal auditing with information on narrowing the possible gap between the perceptions of senior management and their own perceptions. Senior management could streamline the efforts of these two parties in mitigating the key risk of the organisation. The audit committee, as the independent overseer of internal auditing, will obtain information on whether internal auditing contributes to risk management, and if not, how to address these issues, taking into account the existence (or a lack thereof) of risk management structures. The legislator and regulator of public sector could be influenced to provide clearer guidance or rules in this regard in order to enhance the efficiency and effectiveness of risk management policies and practices.

Limited studies have been conducted regarding the coordination of internal auditing and risk management in mitigating the key risks; especially within the public sector domain whether the existence of risk management structures would affect this coordination. Also the views of senior management, as the key stakeholder of internal auditing, on this matter have not yet been solicited.