Internal audit risk management in metropolitan municipalities

Abstract

Internal audit functions (IAFs) of organisations are regarded as crucial components of the combined assurance model, alongside the audit committee, management and external auditors. The combined assurance model aims at having integrated and aligned assurance in organisations with the overall aim of maximising risk and governance oversight and control efficiencies. In this regard, internal audit plays a crucial role, insofar as it consists of experts in risk, governance and control consultancy who provide assurance to senior management and the audit committee. Audit committees are dependent on internal audit for information and their effectiveness revolves around a strong and well-resourced internal audit function which is able to aid audit committees to meet their oversight responsibilities. There is thus a growing demand for managing risk through the process of risk management and internal audit is in a perfect position to assist with the improvement of such processes. If internal auditors wish to continue being an important aspect of the combined assurance model, they need to address the critical area, amongst others, of risk management as part of their work. If not, it follows that the board, audit committees and other levels of management will remain uninformed on the status of these matters which, in turn, will negatively impact the ability of these stakeholders to discharge their responsibilities. This study therefore focuses on analysing the functioning of IAFs, with specific reference to their risk management mandate. The study followed a mixed method approach to describe internal audits risk management functioning in the big eight metropolitan municipalities in South Africa. The results show that internal audit provide a broad scope of risk management work which assist senior management in the discharge of their responsibilities. However, in the public eye, internal audits risk management functioning is scant.