Search results

This paper aims to examine the impact of the assurance and advisory role of internal audit (ADRIA) on organisational, human and technical proactive measures to enhance cybersecurity (CS).

The questionnaire was used to collect data for 97 internal auditors (IAu) from the Gulf Cooperation Council countries. The authors used partial least squares (PLS) to test the hypotheses.

The results show a positive effect of the ADRIA on each of the organisational proactive measures, human proactive measures and technical proactive measures to enhance CS. The study also found a positive effect of the confirmatory role of IA on both human proactive measures and technical proactive measures to enhance CS. No effect of the confirmatory role of IA on the organisational proactive measures is found.

This study focused on only three proactive measures to enhance CS, and this study was limited to the opinions of IAu. In addition, the study was limited to using regression analysis according to the PLS method.

The results of this study show that managers need to consider the influential role of IA as a value-adding activity in reducing CS risks and activating proactive measures. Also, IAu must expand its capabilities, skills and knowledge in CS auditing to provide a bold view of cyber threats. At the same time, the institutions responsible for preparing IA standards should develop standards and guidelines that help IAu to play assurance and advisory roles.

To the best of the authors’ knowledge, this is the first study of its kind that deals with the impact of the assurance and ADRIA on proactive measures to enhance CS. In addition, the study determines the nature of the advisory role and the assurance role of IA to strengthen CS.

This study aims to examine the extent to which external auditors (EAs) use the work of the internal audit function (IAF) based on the purpose of its primary activities. The authors rely on attribution theory, which suggests that individuals search for meaning when an event occurs. In this setting, the authors explore how the overall (assurance vs advisory) or specific (e.g. risk management and evaluating internal controls) focus of IAF activities influences perceived EA reliance on the IAF’s work.

The authors first explore the research question with data extracted from a broad, longitudinal survey conducted triennially by the national chapters of the Institute of Internal Auditors in Austria, Germany and Switzerland. The data includes responses from 2014, 2017 and 2020 administrations of the survey. The authors conduct a parallel survey with practicing EAs attending two training sessions of a European office of a global network firm. Hypotheses were tested using ordered logistic regression.

Among the chief audit executive (CAE) participants, the authors observe that a balanced or primarily assurance-related purpose of the IAF, relative to a primarily advisory-related purpose, is associated with higher perceived EA reliance. The authors observe similar perceptions of the extent of reliance among the EA participants.

With a unique data set of practicing internal auditors from three countries, coupled with a sample of EAs, to the best of the authors’ knowledge, this study is the first to examine differences in EA reliance across the IAF’s primary roles. The study relies on data from three European countries, which differs from prior EA reliance literature with a largely North American focus. Further, comparison between perceptions of EAs and CAEs is a novel approach and this paper’s findings suggest that perceptions of CAEs could be a reliable proxy for EA-intended behavior.

This study aims to verify the significance of Andersen (2008) corporate risk management (CRM) framework in Asian emerging markets (AEMs) to control firm risk and improve firm performance.

The cross-sectional analyses are performed on a sample of 4,609 firms across nine Asian emerging countries using 2SLS estimation technique.

The empirical findings show that the adoption of CRM not only enhances firm performance by increasing the firm ability to capitalize on the market opportunity but also plays a significant role in reducing firm risk. The findings of this study assert that by institutionalizing risk management practices into an integrated CRM framework, the firm can reap multiple benefits by maintaining better contractual agreements and strategic partnerships with key stakeholders.

The study shifts the focus of CRM away from Western countries toward AEMs, which has been afflicted by high risks and uncertainties. The effectiveness of CRM against firm risk is established by dividing firm risk into firm-specific risk and systematic risk. Furthermore, this study also establishes that CRM not only leads to high returns but also reduces firm operational and production costs. Overall, the study provides a compelling argument to implement CRM for improving organizational performance and managing risks in a strategic and integrated manner. The findings are also relevant to risk management practitioners, as well as to academicians interested in the broader fields of corporate finance and strategy.

This study aims to explore the adoption of enterprise risk management (ERM) in developing and developed countries. Is there a similarity or difference between the two contrasting institutional markets and the reasons behind them?

The adoption of ERM is analyzed on the basis of the institutional framework. The author draws empirical evidence by comparing the cases of a British and an Indian insurance company using evidence from multiple sources. This paper focuses on extra-organizational pressures exerted by economic, social and political situations across two countries that influenced the adoption decision of ERM.

The findings of this research revealed that early adopters of ERM in different institutional markets face coercive and normative pressure but not mimetic pressure. The adoption of ERM in India and the UK is dissimilar. Companies in the British insurance market encounter higher institutional forces than those in the Indian market because of higher coercive and normative pressure. The aspirations to adopt ERM in the Indian and UK markets included improved strategic decision-making to maintain stakeholder expectations and higher standards of corporate governance. In the UK, ERM was adopted to reduce surprises and fluctuations under flexible regulations but with stricter adoption and to improve credit ratings.

Previous literature has discussed ERM adoption in similar markets or within one market with similar institutional pressure. In contrast, this research is a comparative study that explains the analysis of institutional theory in two different institutional environments in the adoption of ERM.

The present paper aims at the identification of the critical variables of risk-based auditing (RBA). The variables under examination are the internal audit (IA), the audit committee (AC) and the cooperation between the RBA and the stakeholders (audit committee, external auditors, internal auditors, board of directors, fraud investigators, chief risk manager) (COOP).

A questionnaire survey was conducted among 176 Greek companies. The questionnaires were addressed to accountants, internal auditors, managers, chief risk managers and the board of directors. A total of 96 questionnaires have been collected and analyzed. PLS-SEM modeling was used as a tool to test hypotheses and analyze the findings.

The results show that three variables, i.e. the internal audit, the audit committee and the RBA cooperation with stakeholders have a statistically significant and positive effect on risk-based auditing (RBA). Additionally, the existence of partial-complementary mediation of the internal audit in the audit committee-RBA interaction is confirmed.

This study is an original research that identifies the essential variables of risk-based auditing in Greek companies. It attempts to analyze the perceptions of all stakeholders in risk-based auditing, including the internal audit, the audit committee, etc. and is not restricted only on internal auditors. Furthermore, the analysis is conducted with PLS-SEM Modeling, which is an innovative tool of testing hypotheses and analyzing results.

In the global context, artificial intelligence (AI) technology and environmental, social and governance (ESG) have emerged as central drivers facilitating corporate transformation and the business model revolution. This paper aims to investigate whether and how the application of AI enhances the ESG performance of enterprises.

This study uses panel data from Chinese A-share listed companies spanning the period from 2012 to 2022. Through a multivariate regression analysis, it examines the impact of AI on the ESG performance of enterprises.

The findings suggest that the application of AI in enterprises has a positive impact on ESG performance. Internal control systems within the organization and external information environments act as mediators in the relationship between AI and corporate ESG performance. Furthermore, corporate compliance plays a moderating role in the connection between AI and corporate ESG performance.

This paper underscores the pivotal role played by AI in enhancing corporate ESG performance. It explores the pathways to improving corporate ESG behavior from the perspectives of internal control and information environments. This discussion holds significant implications for advancing the application of AI in enterprises and enhancing their sustainable governance capabilities.

This study examines the relationship between internal control and corporate environmental responsibility.

Unlike US studies that concentrate solely on internal control over financial reporting, this study uses a comprehensive index that encompasses internal control over financial reporting, operations, and compliance. Corporate environmental responsibility is measured by environmental investments. Our research sample comprises Chinese listed firms from 2010 to 2018.

The results demonstrate a positive correlation between internal control and corporate environmental investments. Furthermore, we find that firms with high-quality internal control can improve their financial and environmental performance through environmental investments. After decomposing internal control into its five components, we show that the control environment, control activities, and information and communication components exhibit stronger effects on environmental investments than the risk assessment and monitoring components. Finally, the cross-sectional analyses reveal that the positive effect of internal control is more pronounced in private firms and in firms that are subject to weaker environmental regulation.

By focusing on the effect of a comprehensive internal mechanism on corporate environmental responsibility in China, this study contributes to the literature in developed-country settings that overwhelmingly focuses on the impact of external stakeholders and regulations.

This study aims to propose an approach to assess the security of supply (SS) in a coal-fired electricity generation supply chain subject to public price regulation in Brazil. This study characterizes the Brazilian scenario of coal-fired electricity generation, which represents less than 3.5% of the energy sources.

Data from six mining companies that supply a coal plant were analyzed in a case study. The risks were characterized and objectively estimated through a synthetic multidimensional index. Structural changes in the earnings before interest, taxes, depreciation, amortization and exploration indicator time series of coal companies (CC) were statistically detected.

Empirical evidence demonstrates that the supply chain has a low disruption risk (SS index equal to 0.74). However, when suppliers are individually analyzed, 48.64% of all coal shows moderated disruption risk, and 2.51% is under high risk. In addition, this study finds a drop in the financial results of CC related to public regulation of coal prices. This impacts the security of coal supply.

This study discusses the influence of legal and regulatory policy risks in a coal power generation supply chain and the implications of the SS index as a management tool.

A novel SS index is presented and empirically operationalized, and its dimensions – environmental, occupational, operational, economic-financial and supply capacity – are analyzed.

Earned value management systems (EVMS), also called integrated project and program management systems, have been greatly examined in the literature, which has typically focused on their technical aspects rather than social. This study aims to hypothesize that improving both the technical maturity of EVMS and the social environment elements of EVMS applications together will significantly impact project performance outcomes. For the first time, empirical evidence supports a strong relationship between EVMS maturity and environment.

Data was collected from 35 projects through four workshops, attended by 31 industry practitioners with an average of 19 years of EVMS experience. These experts, representing 23 organizations, provided over 2,800 data points on sociotechnical integration and performance outcomes, covering projects totaling $21.8 billion. Statistical analyses were performed to derive findings on the impact of technical maturity and social environment on project success.

The results show statistically significant differences in cost growth, compliance, meeting project objectives and business drivers and customer satisfaction, between projects with high EVMS maturity and environment and projects with poor EVMS maturity and environment. Moreover, the technical and social dimensions were found to be significantly correlated.

Key contributions include a novel and tested performance-driven framework to support integrated project management using EVMS. The adoption of this detailed assessment framework by government and industry is driving a paradigm shift in project management of some of the largest and most complex projects in the U.S.; specifically transitioning from a project assessment based upon a binary approach for EVMS technical maturity (i.e. compliant/noncompliant to standards) to a wide-ranging scale (i.e. 0–1,000) across two dimensions.

The phenomenon of corruption requires extra handling to achieve zero corruption. The purpose of this paper is to examine the integrated governance, risk management and compliance (GRC) implementation, the quality of internal audits and management's commitment to improving the ability to detect corruption and its impact on the company's financial performance.

This paper used primary and secondary data. Financial statement data and survey results from participants in 69 state-owned companies were analyzed using the Partial Least Square method.

There was a positive and significant effect of the integrated GRC implementation, quality of internal audit and management's commitment to increasing the organization's internal capability in detecting corruption. However, the failure to detect corruption mediates the effect of management commitment on financial performance. Besides, the organization's three internal factors could be better because their functions could be more optimal and require further improvement.

State-owned companies are continuing to be restructured, so these results can be helpful for now. However, they must update continuously with developments related to the composition and classification of state-owned companies.

Organizations can improve their ability to detect corruption in the workplace by using an early warning system such as the integrated GRC, internal audit quality and a high commitment from management.

To the author's limited knowledge, empirical research on integrated GRC implementation, internal audit quality and management commitment are still rare if they improve the detection of corruption ability. It uses the factors that cause corruption in the fraud hexagon to analyze the financial performance.