Enhance Combined Assurance Coordination using Internal Auditor’s Assurance Map: A Case Study
Main Article Content
Abstract
Purpose & ndash; This paper aims to provide insight into how internal auditors, with their assurance maps, can support integrated governance, risk, and control (GRC) oversight by the board in a low combined assurance institutional setting.Design/methodology/approach – This paper uses the case study method to answer theoretical propositions related to board oversight functions in the GRC and assurance activities by the three lines of defense. This paper obtained evidence through documentary reviews and in-depth interviews with audit committees, risk managers, compliance, and internal audits. Findings – The results showed that although in a low institutional combined assurance setting, where state and professions institutions are silent, internal auditors can support the integration of GRC oversight by the board with assurance maps. The assurance map showed the entire area that the board must supervise and the level of assurance of all the three lines to those areas in one space. The assurance map can visually help the board quickly and precisely areas that require greater attention. Research limitations/implications – Although the analysis is performed using theory and a typical enterprise case, a single case may limit its generalizability. Practical implications – This paper can provide internal auditors with knowledge on integrating all three lines of assurance activities, although there are no formal arrangements for implementing a combined assurance model.Originality/value – This paper fulfills an identified need to study how internal auditor supports the board oversight in an integrated manner.