Out

THE RELATION OF RISK MANAGEMENT AND INTERNAL
AUDIT FUNCTION THE CASE OF CROATIA

Ivana POKROVAC, B. Sc.
Teaching and Research Assistant
University of Zagreb, Faculty of Economics and Business
J. F. Kennedy 6, 10 000 Zagreb, Croatia
e-mail: ipokrovac@efzg.hr
Boris TUEK, Ph. D.
Full Professor
e-mail: btusek@efzg.hr
Ana OLUI, B. Sc.
Assistant
e-mail: aoluic@efzg.hr
Abstract:
Along with the development of companies and business environments the role of internal
audit function in the organization has also evolved. In that context, in the last several years
the audit literature and practice has pointed out the importance of risk-based approach in
internal audit. The main focus of this paper is to determine significance of the internal audit
function for the risk management process, and also the implications of the internal audit
engagement in the risk management process for the internal audit process model. The
following objective is to examine the pre-existing condition of internal audit involvement in
the risk management of the Croatian companies with the use of survey method. The results of
the conducted survey confirmed that the internal audits involvement in the risk management
processes greatly contributes to the quality of the risk management process. It has also been
confirmed that the internal audits active involvement in the risk management process has a
significant impact on its own quality enhancement that is on the enhancement of the efficiency
and the effectiveness of its own professional engagement.
Key words: internal auditing, internal audit process, risk management
1. Introduction
Concurrently with the growth and development of companies, and as a consequence of the
increasing complexity and variability of the environment in which companies operate, a new
paradigm of internal audit has been developed and new approaches to conceptualization of
internal audit process in an organization. In this context, the audit literature and practice over
807
the past several years, emphasizes the importance of risk-based approach. In addition, modern
internal audit function should actively contribute to the creation of added value, continuously
assess, and both its advice and suggestions contribute to the improvement of the risk
management process, especially through the shaping and monitoring internal controls, which
has become an indispensable instrument of risk management in modern conditions, and with
proposals on the possibilities of improving the overall process of risk. The following
discusses the relevant features of the theoretical connection between internal audit and risk
management, and then presents the results of empirical research in the Republic of Croatia.
2. Relationship between internal audit and risk management process

2.1. Internal audit activity as a support to a risk management process
According to the definition of the Institute of Internal Auditors risk management is "a process
to identify, assess, manage, and control potential events or situations to provide reasonable
assurance regarding the achievement of the organization's objectives."1 The traditional
approach to risk management referred to assigning responsibilities of risk monitoring to the
level of individual business functions, which means isolation of risk on the department level,
which ignored the fact that risks can be interrelated.2 Such an understanding of the risks
referred to as a Silo approach or Stove pipe approach. At the end of the last century appeared
a new concept in risk management, Enterprise Risk Management - ERM3 which represents a
change with regard to use "a holistic and integrated approach to risk management, and the
responsibility for the process is raised to the level of senior management."4
The need for effective risk management is also a response of management structures on the
growing global competition, which requires timely, reliable and quality information for
business decision making. In this regard, in recent years, there is special importance of
internal audit, as an additional, higher level of control over entire business. According to the
new, revised, the definition of internal audit for 21 Century, published by the Institute of
Internal Auditors internal auditing is an independent, objective assurance and consulting
activity designed to add value and improve an organization's operations. It helps an
organization accomplish its objectives by bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk management, control, and governance
processes.5
The role of internal audit in the process of risk management is defined by executive
management and audit committee, and the attitude of management will most often be
determined by factors such as organizational culture of the company, the ability of internal
audit staff, the conditions prevailing in certain countries, as well as its customs. However, the
The Institute of Internal Auditors Glossary [online]

Beasley, M. (2007) Audit Committee Involment in Risk Management Oversight.CPA2BIZ [online], 7.01.2008.
Available
at:
http://www.cpa2biz.com/Content/media/PRODUCER_CONTENT/Newsletters/Articles_
2008/CPA/Jan/Oversight.jsp
3
In addition to the above names, often used terms are Enterprise-wide risk management, Holistic Risk
Management and Integrated Risk Management.
4
Casualty Actuarial Society, Enterprise Risk Management Commmittee (2003) Overview of Risk Management
[online], pp.3. Available at: http://www.casact.org/research/erm/overview.pdf
5
Available at: http://www.theiia.org/guidance/standards-and-guidance/ippf/definition-of-internal-auditing/
2
808
minimum activity that internal audit should be performed periodically refers to assessing the
adequacy and effectiveness of risk management processes.
The role of internal audit in enterprise risk management process can change over time, and it
can take range from6:
- " having no role, to
- reviewing the risk management process as part of the internal audit plan to
- active, continuous support and involvement in the process of risk management as well
as participation in oversight committees, monitoring and reporting activities,
- management and coordination of risk management process."
In a report of the Institute of Internal Auditors, entitled "The Role of Internal Auditing in
Enterprise-wide Risk Management"7 issued in 2004 is given an overview of recommended
actions that internal audit could carry out in the risk management process, which are divided
into three groups:
- core internal auditing roles in regard to Enterprise Risk Management (ERM),
- legitimate internal auditing roles with safeguards,
- roles internal audit should not undertake.
The core internal auditing activities in enterprise risk management process relate to8:
- giving assurance on risk management processes,
- giving assurance that risks are correctly evaluated,
- evaluating risk management processes,
- evaluating the reporting of key risks,
- reviewing the management of key risks.
These activities relate to services of providing objective guarantees or assurance services and
are part of a larger goal, which is to provide guarantees for the risk management process.
Legitimate internal auditing activities to be conducted with safeguards include9:
- facilitating identification and evaluation of risks,
- coaching management in responding to risks,
- coordinating ERM activities,
- consolidating the reporting on risks,
- maintaining and developing the ERM framework,
- championing establishment of ERM,
- developing risk management strategy for board approval.
These activities relate to internal audit consulting services that should affect the process of
risk management, company management and control processes improvement. In order to
conduct these activities it is necessary to implement certain protection measures mainly to
ensure or preserve the independence of internal audit. Some of the protection measures
Practice Advisory 2100-3: Internal Auditing's Role in the Risk Management Process.Proffesional Practices
Framework (2007), op.cit., pp.213.
7
The Institute of Internal Auditors and the Institute of Internal Auditors UK and Ireland (2004),The Role of
Internal Auditing in Enterprise-wide Risk Management, Position Statement [online]. Available at:
www.theiia.org / IIA / download.cfm?file = 283
8
Ibd., pp.4.
9
Ibd., pp.4.
809
(safeguards) are that it should be clear that management remains responsible for risk
management, the nature of internal audits responsibilities should be documented in the audit
charter and approved by the Audit Committee, internal audit should not manage any of the
risks on behalf of management.10
Activities and responsibilities that internal audit should not undertake in the risk management
process are11:
-
"setting the risk appetite,

imposing risk management processes,
management assurance on risks,
taking decisions on risk responses,
implementing risk responses on management's behalf,
accountability for risk management.
These activities are not recommended for internal audit because they represent the
responsibilities of management and their undertaking could threaten the independence and
objectivity of internal auditors.
2.2. Implications of internal audit involvement in the risk management process
Internal audit based on the traditional approach provided assistance to the company through
giving independent and objective assurances that internal controls function in a required
manner, through helping to improve the design and operation of control systems, detection of
internal anomalies and help in better informing relatively isolated senior management.12 The
scope of internal auditing included assessing the appropriateness and adequacy of
management controls in key areas:13
- information systems management
- compliance with laws, policies, procedures and regulations,
- protection of property and interests,
- economy and efficiency in use of resources,
- achieving company goals.
Today is particularly expressed the need for focusing the internal audit toward risk, and for
the creation of added value by providing information necessary for recognition, understanding
and assessment of potential risks. The consequence of such orientations, risk-based approach
and risk-based internal audit process, is the information that, derived from such activities, has
a higher value for management in decision-making process. The aim of the risk-based audit is
to provide independent assurance to management:14
-
risk management process set up by the management acts in accordance with his
intention, and
10
Ibd., pp.5.
Ibd., pp.4.
12
Ratliff, R. L. and Beckstead, S. M. (1994) How world class management is changing internal auditing.
[online]
December
1994.
Available
at:
Internal
Auditor
http://findarticles.com/p/articles/mi_m4153/is_n6_v51/ai_16529834/pg_ 1? Tag = content; col1
13
Spencer Pickett, K. H. (assisted by Vinten, G.) (1997), The Internal Auditing Handbook.Chichester, England:
John Wiley & Sons., pp. 168.
14
Ibd., pp.29
11
810
that the answers that management is taking towards risks, which are considered
significant, are adequate and effective in terms of reducing risk to an acceptable level.
The shift of internal audits paradigm, that is shifting its focus toward risk has important
implications for the entire internal audit process, particularly in the phase of planning and
reporting of results.
Internal audit planning includes the establishment of objectives, scheduling activities,
personnel planning and budgeting, and reporting results of activities. The planning process
begins with the development plan at the level of the internal audit department and it is with
concluded planning of individual audits. According to international standards of internal
audit, internal audit planning should be based on risk, so that the internal audit plan is in
conformity with the objectives of the company. To ensure the inclusion of risk in the plan at
the level of internal audit departments it is essential that internal auditors, among other things,
gain understanding of the risk management processes, and that their plans are based on the
results of risk assessment and adjusted to the change of companys strategy, and adapted to
changes of companies exposure which derive from it.
The final result of the entire internal audits process based on risk is a report, which also
represents a means of communication between internal auditors and users of the report,
usually management, Board and Audit Committee. The main aim of reporting is to provide
information on the management of risks that may affect the achievement of company
objectives. The report should emphasize the importance of the role that risk management
processes and controls have in achieving company goals, and refer to the work done by
internal audit, as well as other important sources of information that were used for the
expression of beliefs.15 In addition to the conclusions and opinions about the processes of
risk management, the report should contain recommendations for reducing risks exposure. In
order for users of the report, especially management, to fully understand the degree of
exposure, in the auditor's report should be marked importance and identified consequences of
exposure to business risks on achievement of companies goals.16
It can be concluded that the development of internal audit scope and responsibilities, as a
result of the new paradigm shift, has the impact on changing perceptions about its position on
the company. Its role has evolved from the function of "policeman" to the activity within a
company that actively participates in the creation of value and support and assists the
company in achieving its goals.
3. Defining the objectives, hypothesis, sample and research methods

The aim of the research is to analyze connection status of internal audit and risk management
processes in Croatian companies, and explore the current state of internal audit involvement
in the risk management process in Croatian companies.
Starting from the previous theoretical knowledge of the importance of relations between
internal audit and risk management processes, the following initial hypotheses have been set:
15
PA 2120 A1-1: Assessing and reporting on control processes, Proffesional Practices Framework (2007), op.
cit., pp. 312-313.
16
PA 2010-2: Linking the Audit Plan to Risk and Exposures, Proffesional Practices Framework (2007), op. cit.
pp. 179.
811
H1 Participation of internal audit in the process of risk management contributes to

improvement of the overall process of risk management;
H2 Efficiency and effectiveness of the internal audit professional engagement in a company
increases through its involvement in the risk management process.
They are tested in the further part of this paper through the application of selected statistical
methods on empirical data.17
Empirical research, based on the poll questionnaire, was conducted on a sample of internal
auditors, members of management board, supervisory boards and managers of Croatian
companies that have established internal audit function. The poll questionnaire consisted of 28
questions for internal auditors, and 16 questions for managers, closed type with the offered
answers. For some questions there was left the possibility of complementing the answer.
The survey was realized on a sample of a total of 78 subjects in the period from October 2008.
to January 2009. Of the total number of study participants 61.5% are internal auditors, and the
remaining 38.5% is applicable to middle or senior management. The structure of the sample
on which research is conducted is shown in Table 1.
Table 1. Respondents structure
Number of
respondents
Structure in %
Internal auditor
48
61,5
Manager
25
32,1
Member of supervisory board
1,3
Member of management board
5,1
Total
78
100,0
Function
Empirical data obtained from the survey were analyzed with application of descriptive and
inferential statistics.18
4. Testing hypotheses about the relationship between internal audit and risk
management processes in the Republic of Croatia
In order to test the first hypothesis, we analyzed the opinions of both groups of respondents,
internal auditors and managers, on the contribution of internal audit processes to risk
management improvement, which is achieved through its participation in the process.
Table 2 shows the opinion of both groups of respondents on the contribution of internal audit
to the quality of the entire risk management process.
17
Because of sample size and the specific distribution of responses by individual modalities, on contingency
tables that follow below, are not applied statistical tests of independence (chi-square test).
18
The data was processed using the software package SPSS (student version).
812
Table 2: Opinions of respondents on the contribution of internal audit to the, quality of the
risk management process
Internal audit contribution to the quality of the risk management process
Respondent
contribution contribution
is negligible is mediocre
Internal
auditor
Count
Manager
Count
% within
Respondent
% within
Respondent
Total
Count
% within
Respondent
greatly
contributes
contributes
extremely
strong
don't know
Total
13
22
10
48
6,2%
27,1%
45,8%
20,8%
,0%
100,0%
12
30
3,3%
30,0%
40,0%
23,3%
3,3%
100,0%
22
34
17
78
5,1%
28,2%
43,6%
21,8%
1,3%
100,0%
All internal auditors in the sample answered the question, none of which believes that internal
audit does not contribute to quality of risk management process, and all believe that there is a
contribution, and only 6.2% of them considered that this contribution is negligible, 27.1%
thinks that internal audit contribution to the quality of risk management processes is
mediocre, and most of them considered that the contribution of internal audit to the quality of
the risk management process is significant, or 45.8% of them considered that internal audit
greatly contributes to the quality of risk management processes, while 20.8% believes that this
contribution is extremely strong.
Also, all managers in the sample responded to this question, and as well as in the case of
internal auditors, all believe that there is a contribution of internal audit to the quality of risk
management process, and only 3.3% of them characterized that contribution as negligible,
30% as mediocre, but most considered that contribution significant considering that 40% of
them thought that contribution is greatly, and 23.3% of them considered that internal audit
extremely strong contributes to the quality of the risk management processes.
Based on the above we can conclude that none of the respondents from the sample does not
consider that the internal audit process doesnt contribute to the quality of risk management,
and only 5.1% of them considered that this contribution is negligible, 28.2% thought that it
was mediocre, while 43.6% of all respondents held that the involvement of internal audit
greatly contributes to the quality of risk management process, and 21.8% of them thought that
the contribution of internal audit is extremely strong.
In order to test the existence of differences in opinions of respondents, the average ratings
have been calculated for each group of respondents on the contribution of internal audit to the
quality of the risk management process, in a way that their responses are ranked on a scale of
1 to 5, where 1 means that the internal audit does not at all contribute to the quality of risk
management process, and 5 means that it contributes extremely strong. In that manner
calculated average ratings are shown in table 3.19
19
Rating scale is an ordinal variable, which is as empirical compromise and to a clearer conclusion is treated as
numerical.Therefore, for the specified variable are calculated the arithmetic mean, standard deviation and
conducted statistical tests for numerical variables.
813
Table 3: Average ratings of respondents on the contribution of internal audit to the quality of
the risk management process
N
Mean
Std. Deviation
(SD)
Internal auditor
48
3,81
,842
Manager
30
3,93
,907
Respondent
Internal audit contribution to
the quality of the risk
management process
Arithmetic mean (or just mean), or an average rating of internal auditors is 3.81, with standard
deviation (SD) of 0.842, and the arithmetic mean of managers (middle and higher levels
together) rating was 3.93, with the value of standard deviation of 0.907.
T-test for independent samples was used to test the differences in average rates of the
respondents used the, as shown in table 4.
Table 4: Testing the differences in average rating of the respondents on the contribution of
internal audit to the quality of the risk management process with the t-test for independent
samples
Independent Samples Test
Internal audit
contribution to the
quality of the risk
management process
Equal variances
assumed
Equal variances not
assumed
Levene's Test for

Equality of Variances
t-test for Equality of Means

Std.
95% Confidence Interval of
Error
the Difference
Sig. (2Mean
Differen
tailed) Difference
ce
Lower
Upper
Sig.
df
,032
,858
-,599
76
,551
-,121
,202
-,523
,281
-,588
58,215
,559
-,121
,205
-,532
,290
According to the results obtained, assuming equal variances, the value of the empirical t ratio
is -0.559, empirical level of significance (p-value) is 0.551 (greater than 0.05), so it can be
concluded that the average ratings of respondents do not differ significantly (level of
significance is 5%). Given this, it can be concluded that all respondents in the sample consider
that internal audit greatly contributes to the quality of the risk management process.
Table 5. shows the opinions of both groups of respondents, categorized according to
responses on the inclusion of internal audit activities in the risk assessment as one phase in the
risk management process, on the contribution of internal audit to the quality of the risk
management process.
814
Table 5: Opinion of the internal auditors and managers on the contribution of internal audit
process to the quality of the risk management process with regard to the involvement of
internal audit activities in risk assessment
contribution contribution
greatly
contributes
is negligible is mediocre contributes extremely don't know
Inclusion of the internal audit
department (IAD) in the risk
assessment phase
always
Count
% within Inclusion of
IAD in the risk
assessment phase
sometimes Count
IAD in the risk
assessment phase
Total
Count
IAD in the risk
assessment phase
Total
20
12
39
2,6%
15,4%
51,3%
30,8%
,0%
100,0%
12
13
31
6,5%
38,7%
41,9%
9,7%
3,2%
100,0%
18
33
15
70
4,3%
25,7%
47,1%
21,4%
1,4%
100,0%
Respondents in whose companies internal audit department is actively involved in risk

assessment activities, as phase of risk management process, in the vast majority believe that
the internal audit process significantly contributes to the quality of risk management process.
Over half, or 51.3% hold that internal audit greatly contributes to the quality of the risk
management process, while 30.8% believes that this contribution is extremely strong. Smaller
number of respondents, namely 15.4% considered that internal audit mediocre contributes to
the quality of risk management processes, and only one respondent considered that its
contribution is negligible.
Most respondents in whose companies internal audit department is sometimes involved in risk
assessment activities considered that internal audit process contributes to the quality of risk
management company, with 38.7% of respondents considered that its contribution is
mediocre, 41.9% of them considered that internal audit greatly contributes, and 9.7% thinks
that internal audit extremely strong contributes to the quality of the risk management process.
Only 6.5% of respondents belive that the internal audit slightly contributes to the quality of
risk management process.
It can be concluded that of all respondents in whose companies internal audit department,
sometimes or always, participates in the activities of the risk assessment, as a phase of risk
management process, 4.3% considered that the internal audit process slightly contributes to
the quality of risk management process, and 25.7% of them holds that internal audit
contribution is mediocre. Over 60% of the respondents thought that the contribution of
internal audit to the quality of the risk management process is significant, considering that
47.1% of respondents believe that internal audit greatly contributes, and 21.4% thinks that the
contribution of internal audit to the quality of the risk management process is extremely
strong.
Table 6. shows the opinions of managers on the contribution of internal audit to the quality of
the risk management process, depending on the frequency of use of internal audit risk
assessment results.
815
Table 6: Opinions of managers who use the results of risk assessment made by the internal
audit department, of the internal audit contribution to the quality of the risk management
process
Managemet (MNG)uses results of risk

assessment performed by internal audit (IA)
always
Count
% within MNG uses
results of risk
assessment
performed by IA
sometimes Count
% within MNG uses
results of risk
assessment
performed by IA
Total
Count
% within MNG uses
results of risk
assessment
performed by IA
contribution
is negligible
contribution
is mediocre
greatly
contributes
contributes
extremely
don't know
Total
17
,0%
11,8%
47,1%
41,2%
,0%
100,0%
13
7,7%
53,8%
30,8%
,0%
7,7%
100,0%
12
30
3,3%
30,0%
40,0%
23,3%
3,3%
100,0%
Of the 17 managers who have declared that management in their company always uses the
results of risk assessment performed by internal audit, the majority considers that the internal
audit significantly contributes to the quality of risk management, with respect to them 47.1%
considered that internal audit greatly contributes to the quality of the risk management
process, and 41,2% thinks that this contribution is extremely strong. Only 2 managers believe
that internal audit mediocre contributes to the quality of the risk management process.
Most of the managers who have declared that the management in their company sometimes
uses the results of internal audit risk assessment, total 13, also believe that internal audit
contributes to the quality of the risk management process, and their opinions differ about the
intensity of that contribution. More than half, namely 53.8% of managers considered that the
contribution of the internal audit is mediocre, and 30.8% of them hold that internal audit
greatly contributes to the quality of risk management process.
Given the analysis of the answers, it can be concluded that all managers who have declared
that management in their company sometimes or always uses the results of risk assessment
performed by the internal audit department, considered that internal audit contributed to the
quality of risk management process. 30% of them considered that the contribution is
mediocre, 40% held that internal audit greatly contributes, and 23.3% thought that internal
audit very strongly contributes to the quality of risk management process.
If we compare the opinions of managers and internal auditors on the importance of certain
activities of internal audit in the risk management process it can be concluded that their views
are very similar, considering that both groups of respondents gave the highest importance to
the activity of giving proposals on the possibilities of improving the risk management process
and particularly internal controls, as an risk management instrument. The following activity
which is considered the most significant is providing advices about the risk identification,
evaluation and ranking. In Figure 1. is shown the comparison of evaluating importance of
certain activities of internal audit departments in the risk management process.
816
Figure 1: Comparison of evaluating importance of certain activities of internal audit

departments in the risk management process between respondents
Considering the presented results of research it is possible to conclude that internal auditors
and managers in the sample believe that the involvement of the internal audit department in
risk management processes strongly contribute to the quality of that process. Similarly, the
majority of respondents, that is internal auditors and managers in whose companies internal
audit department is sometimes or always actively involved in the activities of risk assessment,
as one of the phases of the risk management process, believes that participation of internal
audit in the activities of risk management process significantly contributes to the quality of
the process itself. Most managers who sometimes or always used the results of risk
assessment performed by the internal audit department, which incorporates the results of the
internal audit activities in the risk management process, believe that the internal audit
involvement in risk management processes significantly affect on the quality increasement of
the process. In fact, in the opinion of managers and internal auditors in the sample, the most
important activities of the internal audit department in the risk management process are
proposals on the possibilities of improving the risk management process and particularly
internal controls, as a risk management instrument, and giving advices regarding the risk
identification, evaluation and ranking. Given all the above we can conclude that the
hypothesis H1 is confirmed as internal audit participation in the risk management process
contributes to improving the overall risk management process.
In order to prove the second hypothesis H2, attitudes of both groups of respondents, internal
auditors and managers, were analyzed on the impact of internal audit involvement in the risk
management process on increasement of its quality, which is efficiency and effectiveness of
the internal audit professional engagement.
Table 7. contains opinions of the internal auditors and managers, about the impact of active
participation of internal audit department in the activities of the entire risk management
process on the increasement of quality of internal audit work.
817
Table 7: Opinions of both groups of respondents about the impact of active participation of
internal audit in the activities of the entire risk management process on the quality of internal
audit work
Impact of active participation of internal audit in the risk management
activities on the quality of internal audit work
Respondent
Internal
auditor
Manager
Count
% within
Respondent
Count
% within
Respondent
Total
Count
% within
Respondent
impact is
negligible
impact is
mediocre
greatly
impacts
impact is
extremely
strong
Total
10
27
48
4,2%
20,8%
56,2%
18,8%
100,0%
18
30
,0%
20,0%
60,0%
20,0%
100,0%
16
45
15
78
2,6%
20,5%
57,7%
19,2%
100,0%
Most internal auditors in the sample considered that the active participation of the internal
audit department in the activities of the risk management process can also significantly affect
on the increase of the internal audit quality, regarding that 56.2% of them consider that its
inclusion greatly affects on the increasement of the work quality and 18.8% belives how that
influence is extremely strong. The rest of the internal auditors also thought that the active
participation of the internal audit department in the risk management activities has an impact
on the increasement of internal audit quality, but to a lesser extent, because 20.8% of them
considered that the impact of inclusion is mediocre, while 4.2% of internal auditors hold that
it is negligible.
As in the case of internal auditors, the majority of managers, namely 80% are of the opinion
that the active participation of the internal audit department in the activities of risk
management process also significantly affects the quality improvement of her work since 60%
of managers in the sample holds that there is a strong influence, while 20% considered that
influence to be extremely strong. The rest of 20% of managers believe that internal audit
active participation in the activities of the risk management process has a mediocre impact on
quality improvement of her work.
With regard to the conducted analysis, it can be concluded that, on average, the survey
participants believe, that the internal audit active involvement in the activities of risk
management process has an impact on the quality increasement of her work, with 20.5% of
them who saw that impact as mediocre, 57.7% hold that there is a strong influence, while
19.2% thought that influence is extremely strong.
As in the case of testing the first hypothesis, in order to test the existence of differences in
respondents opinions about the impact of internal audit involvement in risk management
activities on the quality of her work, average ratings have been calculated based on previously
expressed opinions, in a way that the answers of the respondents were ranked on the scale of 1
to 5, where 1 means that the active participation of internal audit in the activities of risk
management process does not at all affect the quality improvement of her work, and 5 means
818
that the influence is extremely strong. Average ratings for both groups of respondents are
shown in table 8.20
Table 8: Average ratings of respondents on the impact of internal audit department's
involvement in the risk management activities on the quality of internal audit work
Respondent
Impact of active participation of internal
audit in the risk management activities on
the quality of internal audit work
Number of
respondents
AM
SD
Internal auditor
48
3,90
,751
Manager
30
4,00
,643
Average score or the arithmetic mean (AM) rating on the impact of internal audit involvement
in risk management activities on the quality increasement of her work is 3.90, with standard
deviation (SD) of 0.751.Average rating of managers is 4.00, with standard deviation of 0.643.
Table 9: Testing the differences in average rating of the respondents about the impact of
internal audit department involvement in the risk management activities on the quality
increasement of the internal audit
Independent Samples Test
Impact of active participation of

internal audit in the risk
management activities on the
quality of internal audit work
Levene's Test
for Equality of
Variances
Equal variances assumed
1,201
Equal variances not assumed
Sig.
,277
t-test for Equality of Means
-,629
df
76
-,652 68,672
Sig. (2Mean
Std. Error
Tailed) Difference Difference
95% Confidence
Interval of the
Difference
Lower
Upper
,531
-,104
,166
-,434
,226
,517
-,104
,160
-,423
,215
Assuming equal variances, the value of the empirical t ratio is -0.629 (for 76 degrees of
freedom), and the empirical significance level is 0.531 (greater than 0.05) which means that
the average ratings of the two groups do not differ significantly (at theoretical significance
level of 5 %). Given the results of tests conducted, it can be concluded that both groups of
respondents, internal auditors and managers, believe that the active participation of the
internal audit department in the risk management activities at the same time strongly affects
on the quality increasement of internal audit activity.
In table 10. are shown opinions of both groups of respondents in whose companies internal
audit department is included in the risk assessment phase, as one of the phases of the risk
management process, on the impact of the internal audit activities in risk management
20
Ordinal variable is discussed as a numerical variable
819
processes on the quality of her work with regard to the involvement of the internal audit
department in risk assessment.
Table 10: Respondents opinion about the impact of internal audit participation in the risk
management activities on the quality of internal audit with regard to the involvement of
internal audit in risk assessment
Inclusion of the internal

audit department (IAD) in
the risk assessment (RA)
Impact of active participation of internal audit in the risk

management activities on the quality of internal audit work
always
Count
% within Inclusion of the
IAD in the RA
sometimes
Count
IAD in the RA
Count
Count
IAD in the RA
impact is
mediocre
greatly
impacts
impact is
extremely
strong
Total
23
12
39
10,3%
59,0%
30,8%
100,0%
21
31
22,6%
67,7%
9,7%
100,0%
11
44
15
70
15,7%
62,9%
21,4%
100,0%
Most of the respondents in whose companies internal audit is sometimes or always included
in the risk assessment activities, believed that the involvement of internal audit in risk
management activities significantly affect the quality increasement of its work, or 62.9% of
respondents feel that involvement strongly influenced the quality increasement of its work,
and 21.4% of them believed that the influence is extremely strong. The rest of 15.7% of
respondents saw the influence of internal audit involvement in risk management activities on
the quality of her work as mediocre.
Based on the results of the conducted research it can be concluded that the active involvement
of the internal audit in the risk management activities also strongly affects the quality
increasement of its work. The same opinion was shared by most respondents, the internal
auditors and managers in whose companies internal audit department participates in the phase
of the risk assessment. Based on the above, it is possible to conclude that another hypothesis
(H2) is confirmed and that the efficiency and effectiveness of the internal audit professional
engagement increases through its involvement in the risk management process.
5. Conclusion
Risk management is necessary for the company's survival and the necessary prerequisite for
the achievement of its objectives. Well-designed risk management processes ensure the
company to minimize the negative consequences of unwanted events or capitalize the
opportunity which may have impact on increasing its value.
Historically, risk management approach has developed from the risk isolation on the level of
individual departments or business functions, into a comprehensive and integrated approach
in which the risks are treated from the perspective of the entire company. In parallel with the
development of new concepts of risk management, internal audit also developed a new risk820
based approach. Internal audit, as an independent, objective assurance and consulting activity,
has been given a key role in assessing the appropriateness and effectiveness of risk
management process.
Exploring the role and importance of internal audit in the process of risk management, and
consequences of that internal audit involvement on the internal auditing process is the subject
of this paper. For the purpose of testing two hypotheses an empirical research was conducted
on a sample of 78 respondents, internal auditors and managers of Croatian companies that
have established internal audit function. According to the obtained research results, internal
auditors and managers from the sample, on average, believe that the involvement of the
internal audit in risk management processes strongly contribute to the quality of the process.
This opinion is shared by the most of the internal auditors and managers in companies whose
internal audit department is, sometimes or always, actively, included in the activities of risk
assessment, as one of the phases of the of risk management process, and managers who
sometimes or always used the results of risk assessment performed by internal audit
department, which confirmed the first hypothesis (H1). .Analysis of the participants views
also confirmed the second hypothesis (H2) considering that internal auditors and managers
from the sample, on average, believe that the internal audit active involvement in the risk
management activities also strongly affects on the quality increasement of its work. The same
opinion was shared by most respondents, the internal auditors and managers in whose
companies internal audit department participates in the phase of the risk assessment.
Taking into account the theoretical knowledge and the results of this research, it can be
concluded that there is mutual benefit from the mutual connection between internal audit
activity and risk management processes. From this arises the need for maintaining and
strengthening this connection, given that increased efficiency and effectiveness of internal
audit and risk management processes can contribute to the company's ability to achieve
established goals.
References
Beasley, M. (2007) Audit Committee Involment in Risk Management Oversight. CPA2BIZ [online], 7.01.2008.
Available
at:
http://www.cpa2biz.com/Content/media/PRODUCER_CONTENT/Newsletters/Articles_2008/CPA/Jan/Oversig
ht.jsp
Casualty Actuarial Society, Enterprise Risk Management Commmittee (2003) Overview of Risk Management
[online], Available at: http://www.casact.org/research/erm/overview.pdf
Ratliff, R. L. and Beckstead, S. M. (1994) How world class management is changing internal auditing. Internal
Auditor
[online]
December
1994.
Available
at:
http://findarticles.com/p/articles/mi_m4153/is_n6_v51/ai_16529834/pg_1?tag=content;col1
Spencer Pickett, K. H. (assisted by Vinten, G.) (1997) The Internal Auditing Handbook. Chichester, England:
John Wiley & Sons.
Spira, L. and Page, M. (2003) Risk Management: The reinvention of internal control and the changing role of the
internal audit. MCB UP Limited: Accounting, Auditing and Accountability Journal, 16 (4), pp 640-661.
The IIA Research Foundation (2007), Proffesional Practices Framework. Altamonte Springs, Florida: IIARF.
The Institute of Internal auditors and The Institute of internal auditors UK and Ireland (2004) The Role of
Internal Auditing in Enterprise-wide Risk Management, Position Statement [online]. Available at:
www.theiia.org/iia/download.cfm?file=283
Tuek, B. and ager, L. (2007) Revizija, drugo izmijenjeno i dopunjeno izdanje. Zagreb: HZRIFD.
821
Mori Milovanovi, Bojan

University of Zagreb, Faculty of
Economics and Business
Trg J. F. Kennedya 6, 10000 Zagreb,
Croatia
bmoric@efzg.hr
Mrela, Ante
pina XXL Ltd. Dugopolje
Ivana Gundulia 22, 21000 Split, Croatia
amrcela9@gmail.com
Mrtinovski, Zoran
IFC Europe and Central Asia
Varavska 3-5, 10000 Zagreb
zmartinovski@ifc.org
Mugler, Josef
Vienna University of Economics and
Business, Institute for Small Business
Management and Entrepreneurship
2-6 Augasse, Vienna, Austria
Josef.Mugler@wu.ac.at
Muresan, Anamaria
Babes-Bolyai University
Mihail Kogalniceanu street no.1 Cluj
Napoca, Cluj, Romania
anamaria.muresan@econ.ubbcluj.ro
Nainovi, Ivana
Croatia
ivana.nacinovic@efzg.hr
Nefat, Ariana
University of Pula- Juraj Dobrila,
Department of Economics and Tourism
Dr Mijo Mirkovi
Preradovieva 1, 52100 Pula, Croatia
astok@efpu.hr
Niezgoda, Agnieszka
Poznan University of Economics
Al. Niepodlegoci 10, 61-875 Pozna,
Poland
a.niezgoda@ue.poznan.pl
Nini, Bojan
University of Sarajevo, School of
Trg osloboenja Alija Izetbegovi 1, 71
000 Sarajevo, Bosnia and Herzegovina
najlon_@hotmail.com
Obadi, Alka
Croatia
aobadic@efzg.hr
Olgi- Draenovi, Bojana

University of Rijeka, Faculty of
Economics
Ivana Filipovia 4, 51000 Rijeka, Croatia
bolgic@inet.hr
Olui, Ana
Croatia
aoluic@efzg.hr
Peri, Tanja
Organization and Informatics
Pavlinska 2, 42000 Varadin, Croatia
tanja.peric@foi.hr
Perucic, Doris
University of Dubrovnik, Department of
Economy and Business Economy
Lapadska obala 7, 20000 Dubrovnik,
Croatia
doris.perucic@unidu.hr
Petek, Almir
almir.pestek@efsa.unsa.ba
Petrievi, Darko
Petrakom d.o.o. / Ventilator - TVUS
d.o.o.
Vlaka 78/II, 10000 Zagreb, Croatia
darko@petrakom
Pines, Mario
DEAMS University of Trieste
Piazzale Europa 1, Trieste, Italy
mario.pines@econ.units.it
Pinogorsky, Dimitry
The Plekhanov Russian Academy of
Economics, Marketing Department
36Stremyany pereulok, Moscow, Russia
dpinogorskiy@gmail.com
Piplica, Damir
Ministry of Interior, PNUSKOK
Department Split
Trg HBZ 9, 21000 Split, Croatia
damir.piplica@st.t-com.hr
Plankar, Ksenija
University of Ljubljana, Faculty of
Economics
Kardeljeva pl. 17, 1000 Ljubljana,
Slovenia
Plescan, Melinda
Babes-Bolyai University, Faculty of
Economics and Business Administration,
Teodor Mihali
Street no. 58-60, Cluj Napoca, Cluj,
Romania
melinda.plescan@econ.ubbcluj.ro
Pokrovac, Ivana
Croatia
ipokrovac@efzg.hr
Ponikvar, Nina
University of Ljubljana, Faculty of
Economics
Kardeljeva pl. 17, 1000 Ljubljana,
Slovenia
nina.ponikvar@ef.uni-lj.si
Poropat, Amorino
Institute of Agriculture and Tourism
C. Huguesa 8, Pore, Croatia
amorino@iptpo.hr
Tuek, Boris
Croatia
btusek@efzg.hr
Tukan, Branka
Croatia
btuskan@efzg.hr;
Urban, Andras
Budapest University of Technology and
Economics
Muegyetem rkp. 9., 1111,Budapest,
Hungary
urban@finance.bme.hu
Uzagalieva, Ainura
University of the Azores,Centre of Applied
Economics Studies of the Atlantic at the
Department of Economics and
Management
Rua da Mne de Deus, 9501-801, Ponta
Delgada, S. Miguel Azores, Portugal
uzagali@uac.pt
Vadnjal, Jaka
GEA College of Entrepreneurship
Kidrievo nabreje 2, 6330 Piran, Sovenia
jaka.vadnjal@gea-college.si
Vasilj, Marijana
University of Split, University Center for
professional studies
Livanjska 5, 21000 Split, Croatia
mvasilj@oss.unist.hr
Vitezi, Neda
University of Rijeka, Faculty of Economics
nevit@efri.hr
Vlahini-Dizdarevi, Nela
University of Rijeka, Faculty of Economics
nela@efri.hr
Vlahov, Antonio
Croatia
avlahov@efzg.hr
Vlahov, Rebeka Danijela

Croatia
rvlahov@efzg.hr
Vrdoljak-Ragu, Ivona
University of Dubrovnik, Department of
Economy and Business Economy
Lapadska obala 7, 20000 Dubrovnik,
Croatia
ivona.vrdoljak@unidu.hr
Vuji, Saa
sasa.vujic@efsa.unsa.ba
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.

Out

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Out

Uploaded by

Copyright:

Available Formats

THE RELATION OF RISK MANAGEMENT AND INTERNAL

AUDIT FUNCTION THE CASE OF CROATIA

2. Relationship between internal audit and risk management process

The Institute of Internal Auditors Glossary [online]

"setting the risk appetite,

3. Defining the objectives, hypothesis, sample and research methods

H1 Participation of internal audit in the process of risk management contributes to

Member of supervisory board

Member of management board

Levene's Test for

t-test for Equality of Means

Respondents in whose companies internal audit department is actively involved in risk

Managemet (MNG)uses results of risk

Internal audit contribution to the quality of the risk management process

Figure 1: Comparison of evaluating importance of certain activities of internal audit

Impact of active participation of

Equal variances assumed

Equal variances not assumed

t-test for Equality of Means

Ordinal variable is discussed as a numerical variable

Inclusion of the internal

Impact of active participation of internal audit in the risk

Mori Milovanovi, Bojan

Olgi- Draenovi, Bojana

Vlahov, Rebeka Danijela

You might also like