The Relationship between Risk Management and Internal Audit Effectiveness at Local Government Level

Risk management can play important role in ensuring objective achievement of organizations. Therefore, the aim of this paper is to examine the relationship between risk management and internal audit effectiveness at local government level. The paper is a literature review paper and the paper concluded that risk management can influence the effectiveness of internal auditors at local level. The paper needs to be validated empirically.


Introduction
Internal audit provide constant review and appraisal of the systems and procedures introduced by the management with the intention to enable the management to control and utilise their resources properly and effectively. However, frequent achievement in the risk management and the maintenance of good governance in the public sector organization is essentially important for simplifying the future development of a Country (Anuntaakalakul, 2010). In recent years, enterprise risk management has received a wider international concerned (Beasley, Clune & Hermanson, 2006) also (Gordon, Loeb & Tseng, 2009;IAG, 2010;Wood, 2009) pointed that in recent years risk management has become an agenda in both public and private sectors. In line with the above, Beasley, et al (2006) noted that academic research should examine the relationship between of enterprise risk management and internal audit, in addition, Wood (2009) observed that there is still need for a lot of research to be done on risk management systems. Furthermore, the issue of internal audit effectiveness is an indispensable because it will create improvement in the government ministries (Unegbu & Kida, 2011). Therefore, Arena and Azzone (2010), Chaveerug (2011) and Mihret et al, (2010) emphasize the need for future studies to examine the factors that influence internal audit effectiveness and the possible interactions among them. Equally, it is interesting to focus on the model that will lead to the strength of internal audit effectiveness (Aguolu, 2009). In this vein, many studies that have been conducted on internal audit effectiveness give more concerned in companies' hotels, banks and few public sectors within the state level which their internal audit is a little big effective than those of local government. Similarly, Johnsen and Vakkuri (2001) noted that local government auditing has been less studied and reported in the literature. Therefore, this study examines the relationship between risk management and internal audit effectiveness at local government level. Section two of the paper present the literature review, section three provide research framework and conclusion.

Literature Review
Internal audit effectiveness: A program can be seen as effective if its outcome goes along with its objectives (Ahmad et al, 2009;Mihret et al, 2010). Internal audit effectiveness can also be seen as the extent to which an internal audit office meets its purposes (Mihret & Yismaw, 2007). Therefore, for the purpose of this paper, internal audit effectiveness refers to the ability of the internal auditor to achieve the established objective within the local government. This goes along that the objectives of an internal audit for every organization are depending on the goals set out by the management of the organization (Pungas, 2003) as such, the objective of internal audit in local government should also goes a long with the set up goals by the management of the particular councils, even though the degree of internal audit effectiveness tends to vary within organizational level as well as country (Al-Twaijry et al., 2003). This mean the internal audit effectiveness can also vary within the local level. With regard to that, the internal audit should be able to achieve the established objective in order improve the performance of the organization. Internal audit effectiveness is mainly determined by the agreement between the auditing work and the goals established by the management, the skills of the internal auditor as well as the management support for the internal auditing staff (Alberta, 2005;Albrecht, Howe, Schueler & Stocks, 1988;Arena & Azzone, 2009;Beckmerhagen et al, 2004;Dhamankar & Khandewale, 2003). It is usually consider that there is a strong relationship between independence and effectiveness, this proof that the more independent the auditor, the more effective will be (Karapetrovic & Willborn, 2000;Mizrahi & Ness-Weisman, 2007;New Delhi, 2006;Ussahawanitchakit and Intakhan, 2011), this statement is argued by Cassandra et al (2008) that strongly fund that auditor independence is not the most essential aspect for effective internal auditing. Similarly, Sudsomboon and Ussahawanitchakit, (2009) affirm that audit strategies also enhancing the audit effectiveness, and thereby, the consideration that internal audit could add value to an organizations rests on the implied belief that internal audit is effective (Baltaci & Yilmaz, 2006;Mihret et al 2010). In addition, Beckmerhagen et al (2004) agreed that an effective audit cannot be taken for granted, despite the fact that they are perform by trained professionals using various techniques and in accordance with internationally accepted standards. Hence, the selection of internal auditors also plays an important role in determining the effectiveness of the internal audit function (Dhamankar & Khandewale, 2003). Therefore, the selection of such auditors should also be considered particularly at local level, because such selection also contributes toward its effectiveness.
Knowing the factors that influence internal audit effectiveness is important because effective internal audit can lead to the improvement of four important processes in the organization: learning (educating staff how to do their work better), motivation (auditing also leads to improvement of performance), deterrence (knowing that an audit is discourage any things that can lead to abuse), and process improvements (internal audit may also ensure that the right things are done in the right way) (Eden and Moriah,1996). In the same vein, the impact that internal auditors have on the achievement of the established objectives (their effectiveness) are influenced by the auditor competency as well as the extent to which management consideration over the internal auditors' work as valuable and decide to exploit it (Arena & Azzone, 2010 ), in the same context, Aguolu (2009) is of the view that the internal audit profession should form an internal audit group that will be appropriate and effective in achieving organization established objective over and above the need for reliability and accuracy of the records or ensuring compliance with relevant procedures. As such, effective internal audit system also helps to achieve performance and profitability and prevents in loss of revenues particularly in public sectors (Vijayakumar & Nagaraja, 2012) even though Pilcher Gilchrist and Singh (2011) observed that efficiency and effectiveness of audit in a public sectors context is more complex than in the private sectors. But then consideration must be given to the effectiveness of internal auditors. Several studies have been conducted on internal audit effectiveness, (Aguolu, 2009;Ahmad, et al 2009;Arena & Azzone 2009;Arena & Azzone 2010;Beckmerhagen et al 2004;Belay, 2007;Boţa & Palfi 2009;Cahill, 2006;Cassandra et al, 2008;Cohen & Sayag, 2010;Chaveerug , 2011;Dittenhoper, 2001;Dominic & Nonna, 2011;De Smet & Mention, 2011;Dhamankar & Khandewale, 2003;IIA, 2010) for example ; carried out by Arena and Azzone (2010) on internal audit effectiveness: Relevant drivers of auditees satisfaction in which they consider three variables i.e. the characteristics of the internal audit units; the characteristics of individual internal auditors working in the internal audit units; and the organizational environment . It's a multiple case study, 54 interviews were used and their analyses showed that the effectiveness of internal audit depend on a sound relation established with their auditee. Also Aguolu (2009) have the same idea with them and finally concluded that different factors are important for driven internal audit effectiveness.
In a related study carried out by Cohen and Sayag (2010) on the effectiveness of internal auditing: An empirical examination of its determinants in Israeli Organizations in which they used these variables; Sector -private versus public, Professional proficiency of internal auditors, Quality of audit work, Organizational independence, Career and advancement, Top management support in determine their relationship with the internal audit effectiveness, also used questionnaire and mail survey of 292 organization in their methodology and fund that the support of management is almost crucial to the operation and success of internal audit effectiveness. The study also reveals that other determinants of internal audit effectiveness are derive from support of top management such as proficient internal audit staff, developing career, organizational independence for internal audit work are all results of decisions made by top management. Similarly, Cassandra et al (2008) studied on the perceptions of Singaporean internal audit customers regarding the role and effectiveness of internal audit. The study found that both Singaporean senior and junior managers appreciate with the professionalism and effectiveness of the internal auditors that serve in the business. Also Feizizadeh (2012) carried out study on strengthening internal audit effectiveness and found that most of the companies measure and quantify the performance & effectiveness of their business activities. Therefore, looking at the above studies, they consider the effectiveness of internal audit at company's level, hotels and banks ignoring such effectiveness at local level. In this vein, this study extends the previous study through examining such effectiveness at local government levels.

Risk Management
In recent years, enterprise risk management has received a wider international concerned (Beasley, et al, 2006) also (Gordon, Loeb & Tseng, 2009;IAG, 2010;Wood, 2009) pointed that in recent years risk management has become an agenda in both public and private sectors. While Coetzee and Fourie (2009) argued that risk and its management is not a new phenomenon. In this circumstance, Page and Spira (2004) also argued that the conception of risk management is a modern phenomenon and it become possible as a result of the development of scientific techniques that enable the estimation of the likelihood and impact of events, this is true because events are happening more often and with greater impact than ever before (Anderson, 2012). In line with the above, many organizations have failed because they did not have comprehensive risk management in place (McPhee, 2006). Therefore, risk management should be properly organized in such a way to avoid detriment of local activities in order to enhance their operations. However, organization that experience high level of risk, is possible for them to lose the achievement of their organizational objective (Sumritsakun & Ussahawanitchakit, 2009), and failure to consider the issue of risk may give rise to serious consequences (Fraser & Henry, 2007) even though as organizations grow in size, to find effective risk management is becoming a problem (Crawford & Stein, 2004;Fraser & Henry, 2007). In this situation, the risk management standard view risk from two perspectives i.e. from the positive and negative aspects of the risk. However, as the management increasingly aware of the dynamic nature of risks then the need for periodic review of the key risks facing the organization need to be evaluated in order to take necessary action, this is because there is no such thing as environmental free risk, but many risks can be avoided, reduce it or shared through an effective risk management (IAG, 2008). Risk management plays an important role in protecting an organization's information assets; because an effective risk management process is an important component of a successful information technology security program (Stoneburner, Goguen & Feringa, 2002) additionally, effective risk management enable the achievement of organizational objective (Gordon et al, 2009). Therefore, local government should improve the effectiveness of their risk management so as to enhance the objective achievement of internal audit.
Risk management standard defined risk "as the combination of the probability of events and its consequences. That is why such events keep receiving attention on risk management in many organizations (Anderson, 2012). In addition, due to the important of risk management especially in objective achievement, the need for risk management within the public sector and even how to set up the risk management system has received a lot of publication within the period of -2002, (IAG, 2010Wood, 2009), this is because the governments at both federal and state levels have been increasingly focused their attention on achieving a better performing public sector (McPhee, 2006). Therefore, more consistent approach to risk management is required to appropriately address any kind of risks in all public and private sectors even at local government level so as to enable the achievement of established objectives. Therefore, in line with the above discussion, it's paramount to consider the definition of risk management so as to have clear direction of it. Risk management standard view risk management as the process whereby organizations systematically address the risks attaching to their activities with the aim of achieving sustained benefit within each activity and across the investment of all activities. That is why many organizations recently are transforming their risk management into enterprise risk management (Beasley, et al, 2006), that is the application of risk management in all over the organization rather than specific area within the organization. Therefore, for the purpose of this research, risk management means the process of identification of the risk up to the treatment of such risk in order to allow the achievement of organizational objective, similarly to affect the effectiveness of internal auditors within such organization. Moreover, organizations that have structure specific risk management unit is assumed to provide risk management more effectively in such organization (Anderson, 2012;Anuntaakalakul, 2010), this is consistent with this research's findings that assurance processes at high institution are most related to management of high institution, internal control and risk management (Verdina, 2011), that is why companies recently are under pressure to identify the business risks they experience ranging from: social risk, ethical risk, environmental risk as well as financial and operational risk and to give explanation on how they manage them to an acceptable level (Olga, 2007).
While Mikes (2009) argued that most of the financial institutions today are taking risk management just because to address the issue of capital adequacy (i.e. the amount of capital the bank should hold) and at the same time the internal allocation of capital to business units. However, Froot, Scharfstein and Stein (1992) are of the view that recent surveys provided that risk management is ranked by financial executives as one of their most important objectives to achieve. In the same vein Beasley, et al, (2006) fund that complete enterprise risk management affect internal audit functions in the banking and education sectors. Likewise, at local government level risk management can also play important role in achieving objective (Woods 2009). Therefore, local government should improve the standard of their risk management in order to assist in the objective achievement of internal auditors. Since the fundamental reasons for implementing risk management process in an organization was to minimize the negative effect of such risk and to improve decision making (Stoneburner et al, 2002), in this situation, Anderson, (2012), Vijayakumar and Nagaraja (2012) noted that the objective of an organization's risk management processes should be to have an action that will help in protecting the organization and enhance shareholder value. This is the same with view Nickmanesh et al (2011) which recommend that effective risk management strategy would influence performance of firm new product development in Malaysia. Also implementation of an effective risk management process on accounting activities of an organization contribute in increasing the business performance and overall performance of such organization (Vasile et al, 2012). However, the International Risk Management Standard ISO 31000 has emphasizes the relevant of risk management as a value adding processes and has identified 11 Principles that support an effective risk management system and thereby recognizes that risk management: is about value creation and protection; is embedded into organizational processes and supports decision making; is focused on improvement; is forward looking and includes the identification and assessment of uncertainties; is an repeating process and that risks change over time; effectiveness is dependent on information quality; effectiveness depends on organizational culture and transparency; the processes should be made to best fit the organization and its needs (Vasile et al, 2012). Therefore, risk management should be effective at local level so that to contribute in objective achievement of local councils.
Several research has been conducted on risk management, but most of the previous research that has been conducted on risk management focuses attention on the role of internal audit in risk management for example (Coetzee & Fourie, 2009;Fraser & Henry, 2007;Page & Spira 2004;Sarens & De Beelde, 2006;Sobel, 2011;Schneider, Sheikh& Simione, 2011;Vasile, CroitoruI & Mitran, 2012). Only few consider the impact of enterprise risk management on the internal audit function for example (Beasley, et al, 2006). They give less concerned on the examination of the relationship between risk management and the internal audit effectiveness in different organization particularly at local government level. Similarly, only few studies measured risk management with other variables for example (Anuntaakalakul, 2010& Verdina, 2011Wood, 2009). As such, considering the research that has been conducted on the impact of risk management, for instance; a study carried out by Verdina (2011) on risk management as a tool for securing internal control in the process of study programmed implementation at higher education institutions. Make used of students' opinion survey of 6 higher educational institutions of the Baltic States and used questionnaires in methodology and found that there is absence of risk management policy and strategy in those Institutions. This is consistent with the finding of Anuntaakalakul (2010) who's conducted a research on the achievement in risk management and governance of public sector organizations in Thailand: The empirical evidence of internal auditing efforts. While the study carried out by Beasley, et al (2006) on the impact of enterprise risk management on the internal audit functions. Used online survey to Institute of Internal Audit staff member of 122 organizations around the world and multivariate regression for data analysis and finally found that there is positive relationship between enterprise risk management and internal audit function. Similarly in a case study research carried out by Wood (2009) on contingency theory perspective on the risk management control system within Birmingham City Council, interview questions and the total of three variables are identified, namely information and communication technology, central government policies and organizational size toward determining risk management and finally the research found that those three variables are contingent variable which directly affects the risk management of that council. Therefore, the current study will extend the previous by considering the relationship between risk management and the effectiveness of internal audit at local government level.

Risk Management
Internal Audit Effectiveness Proposition: P1 Risk management is relates to the internal audit effectiveness at local government level.

Underpinning Theory
Contingency theory is not a new theory in an organizational research because it has a well established concepts in organizational literature (Donaldson, 2001;Sauser, Reilly & Shenhar, 2009) mean while, for the past three decades, contingency theory has been the subject of wider research area but yet it is still developing (Ayman, Chemers & Fiedler, 1995), even though the early researchers on contingency theory in organization design mainly focuses on the effects of uncertainty on the organizational structure (Chenhall, 2003;Drazin & Van de Ven, 1985;Reid & Smith, 2000). However, contingency theory is known as one of those theory that are usually been used recently in management accounting and auditing research (Abushaiba & Zainuddin, 2012;Reid & Smith, 2000;Sudsomboon & Ussahawanitchakit, 2009;Valanciene & Gimzauskiene, 2009) though the utilization of the theory may have different effect, and equally it effectiveness depend upon the stage/or field that is been proposed (Chenhall, 2003;Drazin & Van de Ven, 1985). Additionally, the relevant of any given factor should be contingent upon other factors (Krishnamoorthy, 2002) in addition contingency theory enables a researcher to systematically introduce factors to explain or predict expected phenomena (Umanath, 2003). This is because it does depend on one's interpretation of the theory, and such theory has the capability of producing accurate hypotheses and consistent functions (Schoonhoven, 1981). Therefore, indicate the possibility of applying contingency framework in the public sectors (Wood, 2009). Mean while a contingency theory also differs with other theories in the form of their specific propositions; this is because it's hypothesized a conditional relationship between independent variables with a dependent variable and subject it to an empirical test. In addition, Woods (2009) in his research work on contingency theory perspective on risk management at local level a case study research, the study reveals that risk management is contingent upon four variables i.e. organizational size, external environment, strategy and technology. Similarly, Gordon et al (2009) found that the relationship between enterprise risk management and firms performance is significantly contingent upon five variable; firm complexity, size of the firm, environmental uncertainty, monitoring by board of directors and competition in industry. Therefore, this study proposes that internal audit effectiveness at local government level is contingent upon risk management.

Conclusion
This paper presents the relationship between the risk management and internal audit effectiveness at local level. The paper is constraint to only considering the risk management; it is a conceptual literature review paper at local government level. However, despite the limitation of the paper, the paper contribute to knowledge by extending the existing literature on the internal audit effectiveness through determining the effectiveness of internal audit at local level in relating to risk management, the paper also contribute on the internal audit effectiveness at local level since most of the previous studies fail to develop a model showing the relation between risk management and internal audit effectiveness at local level. Despite the fact that this paper is part of ongoing PhD thesis of the researcher. Future research should validate it in other countries using different kind of analysis. Likewise future research should look at the possibility of inserting other variables from other field of studies not necessary from auditing such as management, so that to measure the internal audit effectiveness. Also future studies should incorporate the possibility of inserting mediating variable between risk management and internal audit effectiveness relationship.