The role of internal auditing in risk management: evidence from banks in Jordan
Purpose – The purpose of this paper is to explore the current practices of internal auditors in banks in Jordan regarding risk management, especially the risks they are most involved in dealing with, the nature of their responses in the presence of these risks, and appropriateness (according to the Institute of Internal Auditors (IIA), 2009a) of these responses. Design/methodology/approach – A questionnaire surveyed views of internal auditors about their roles in risk management. It asked about 20 different types of risks, and, for each individual risk, how internal auditors would respond in its presence. Findings – The role of internal auditors in risk management in banks in Jordan was found to be limited. The risks that internal auditors were most involved in managing were those related to compliance, while the risks least dealt with by internal auditors included those related to the Jordanian economy and culture. Also, most of the respondents reported that they did undertake some inappropriate roles in dealing with the risks. Practical implications – The findings suggest the possibility that internal auditors are not aware of the importance of several types of risks and of the appropriate roles for internal auditors in risk management. Therefore, increasing awareness of these issues is very important. Originality/value – The research topic is relatively new and very under-researched in the Jordanian environment. This study is therefore likely to significantly contribute to the knowledge about how internal auditing operates in a developing country context that differs significantly from the contexts where professional internal auditing standards were issued.