The connectivity of internal audit and risk management research

Research Question: What are the dominant themes in the existing literature and future research patterns in the field of risk management and internal audit? Motivation: With the evolution of the concepts of risk management and internal audit starting from early 21 st century there is a significant body of literature addressing the topic, yet a variety of gaps in the research field still remain uncovered. Idea: This paper presents a wide image of the internal audit and risk management research area, aiming to map the scientific landscape and the changing trends, using a bibliometric analysis technique extended to identify the most addressed research gaps. Data: Observing the evolving research themes in the field until early 2023, a final dataset of 246 bibliometric records were extracted from Web of Science Core Collection database. Tools : The scientific mapping analysis over the internal audit and risk management dataset is conducted using VOS viewer software. The study combines co-citation, co-occurrence of the keywords and co-words analysis of abstracts and titles in analysing the themes evolution patterns and potential future research directions. Findings : The results reveal that the research themes in the field are continuously developing, but the quantity of research output is still limited for the internal audit - risk management relationship. The main attention still lies on the effectiveness, quality and improvement in both internal audit and risk management processes. There are also other directly linked concepts with the subject area, such as corporate governance or financial reporting performance. Contribution: The current research is not without limitations; however, it may offer perspectives for future studies. The paper exposes the need for further research in the field, focusing on the interaction between internal audit and risk management, extended with factors that might moderate this relationship.


Introduction
Due to the early twenty-first century's context, marked by high-profile bankruptcies, accounting scandals, and global financial crisis, the researchers' interest in the fields of internal audit and risk management has increased (Hazaea, 2022).Over time, internal audit has consolidated its position as a pivotal component of efficient corporate governance by supporting management with supervision and assurance (Behrend & Eulerich, 2019).Likewise, risk management has gained considerable interest in corporate research, as global enterprises faced a multitude of challenges with the potential of impacting decision-making process (Mazumder and Hossain, 2018).In recent years, the focus moved to internal audit and risk management effectiveness (Tamimi et al., 2021;Turetken et al., 2019) and their improvement over time, especially within the context of crisis and post-crisis periods (Lenning & Gremyr, 2021;Kobts et al., 2020).
This study contributes to the existing literature by presenting an overview on the relevant internal audit and risk management studies with the aim of highlighting the dynamic and the connectivity patterns of the research activity in the field.The bibliometric analysis is considered appropriate to address the objective of this research, as it is a pivotal technique in delineating the output of scientific research in several research fields (Öztürk et al., 2024).Previous research either reviews the literature on internal audit or focuses on risk management, but it does not link the two areas.Behrend and Eulerich (2019) conducted a bibliometric analysis which investigates the internal audit evolution within accounting research.The findings show that the literature is defined by the relationship between internal audit and corporate governance, but also has a focus on the internal audit quality.Pan et al. (2022) and Yildirim (2022) performed bibliometric analyses on risk management themes.Pan et al. (2022) argue that the main research topics, related to risk management in foreign direct investment, refer to environmental protection, energy consumption, and climate change.Yildirim (2022) claims that the USA have the most collaboration links and the most cited journal (US-based Journal of Banking and Finance) in the field of banking risk management.To fill this gap, the current paper conducts a bibliometric analysis on publications that observe both internal audit and risk management themes.The study does not only exhibit what defines internal audit and risk management research, but also draws attention on the current and potential future research directions in the field.
By using a final sample of 246 bibliometric records extracted from the Web of Science database for 1990-2023 period, this paper addresses four research questions: RQ1.What is the publishing trend in the field of risk management and internal audit research?
RQ2.What is the connectivity between the main themes in the field of risk management and internal audit research?
RQ3.What are the dominant and emerging themes in the field of risk management and internal audit research?
RQ4.What are the gaps and future research patterns in the field of risk management and internal audit?
To answer the research questions, the current study performs an analysis based on the observation of publication trend complemented by science mapping, by conducting a co-citation analysis.Complimentary, to observe the evolving themes in the field of risk management and internal audit, this paper provides a cooccurrence of analysis of the keywords, followed by co-word analysis of abstracts and titles analysis.The observations included in the final sample are processed with VOS viewer application.
The rest of the paper is structured as follows.In Section 2, a literature review is performed in order to advance a comprehensive picture of the most relevant articles in the field of internal audit and risk management.Section 3 outlines the design of the research and the data selection method.The Results section covers a descriptive analysis on the frequency of publications and a discussion of findings regarding cocitation, co-authorship and keywords co-occurrence in the area of internal audit and risk management research.The final section presents the significant conclusions of the study, its limitations and the areas for future research.

Literature review
Risk management has emerged as a significant research topic within the corporate area, as worldwide economic entities confront a large variety of risks that could impact the decision-making process (Mazumder & Hossain, 2018).According to the Institute of Internal Auditors (IIA, 2023), the internal audit function has an essential role in establishing a comprehensive framework for risk management.Moreover, internal audit represents a key activity for corporate governance (Xiao, 2018;Hazaea et al., 2022) and ensures the sustainability of institutions (Hazaea et al., 2022).In addition to promoting business sustainability, the implementation of an efficient integrated internal audit management system may positively impact corporate performance (Hassan et al., 2022).Similarly, DeSimone et al. (2021) claim that companies with developed and well-defined internal audit functions and risk management policies are more likely to be involved in sustainability assurance.Besides its traditional role of focusing on internal control and financial compliance, internal audit may promote good governance in organizations by taking on a larger advisory role in risk management activities (Onay, 2021).Rodrigues and Machado (2021) argue that the main purpose of the contemporary internal audit function is to evaluate the entity's risk management and governance processes in order to meet organizational needs and provide advice.
Empirical research carried out by Lois et al. (2021) highlights the significance of adopting a risk-based internal audit approach.A structured audit approach allows internal audit to provide advisory and assurance services with respect to the effectiveness of risk management and the internal control system (Tamini et al., 2021;Kahyaoglu & Caliyurt, 2018).
An effective and efficient internal audit improves the risk management mechanisms for identifying potential risks.As the efficiency of internal audit is crucial in the control of company's risk measures, many studies aim to investigate the manner in which this could impact the company's evolution.As such, the degree of success of internal audit's contribution to an organization is closely related to its influence on the organization's risk management (Onay, 2021).The International Internal Audit Standards (IIAS) encourage the proactive role of internal auditors, hence they may contribute to risk management activities of their organization (Onay, 2020).Additionally, risk management has an influential role by facilitating the identification of potential risks and specific areas for internal audit, leading to effective and efficient internal audit operations (Ardianingsih & Payamta, 2022).Weekes-Marshall (2020) examines the internal audit's involvement in the risk management process in a developing country.The result exposes that internal audit and risk management are both in an evolving stage.Nonetheless, internal audit should embrace new technologies, such as continuous auditing, and adopt a common risk language within the organization (Onay, 2020).Kobt et al. (2020) argue that more studies need to observe internal audit's effectiveness on a post-crisis period.Putra et al. (2022) provide a critical review of the literature that examines and analyses how fraud prevention mediates the effect of internal audit and risk management on the prevention of financial crime behaviour.Internal audit quality is a significant predictor of effective risk management (Kabuye et al., 2019;Islam et al., 2018).The significance of internal audit's role in risk management is essential in the implementation of preventive measures against company's risks, such as fraudulent activities (Putra et al., 2022;Tamini, 2021), supporting a good corporate governance practice.Studying the relationship between internal audit function and the process of investigating fraud on a sample of French companies, Hazami-Ammar (2019) argues that the more effective risk management is, the more likely internal auditors are to be involved in investigating fraud risks.In order to gain a comprehensive perspective on risk management effectiveness, more studies need to focus on developing and underdeveloped countries, complemented by in-depth analysis for particular sectors (Mazumder & Hossain, 2018).
Risks that lie within the cybersecurity area are often observed in many researches, for example studies conducted by Haapamaki and Sihvonen (2019), Kahyaoglu and Caliyurt (2018) or Stafford et al. (2018).Haapamaki and Sihvonen (2019) claim that there is a need for more research in the field of cybersecurity risk studying the role performed by internal auditors.Kahyaoglu and Caliyurt (2018) argue that, from a risk management perspective, the internal auditors should have a comprehensive understanding of cyber threats' full impact on the organization.Moreover, the internal audit practices in identifying cybersecurity risks may help organizations reduce their exposure to cyber threats and improve their overall risk management practices (Stafford et al., 2018).
Company's stakeholders are interested in the performance of internal audit's role in risk management (Christopher & Sarens, 2018).Their attention focuses on the degree of internal audit implementation and practice (Hazaea et al., 2022).Moreover, stakeholders play an essential role in identifying optimal strategies for a company's risk maturity level (Kiral & Karabacak, 2020), whereas internal auditors must have a thorough understanding of risk management and risk maturity (Ardianingsih & Payamta, 2022).However, White et al. (2020) argue that for the relationship between risk management and internal audit to be mutually beneficial, stakeholders need to adopt a code of practice.Abdelrahim and Al-Malkawi (2022) argue that some of the most relevant factors that may impact the internal audit effectiveness is senior management support, as well as the need of continuous improvement in processes, as nowadays internal audit is focusing more on compliance than on improvement (Lenning & Gremyr, 2021).Saleh and Chik (2022) investigate the connection between internal auditors' behavioural factors and their intention to assess the effectiveness of Enterprise Risk Management (ERM).To implement ERM at the organisational level, it is essentially for internal auditors to evaluate its effectiveness in accordance with standards, so that the risks may be managed efficiently (Cular et al., 2020).Zahaea et al. (2021) claim that there is more to be considered on the internal audit, as the literature has substantial gaps while the researchers still have a predominant interest on private sector rather on the public sector's activity.Nevertheless, the private sector needs more in-depth studies on specific areas as most of the studies are adopting holistic approaches (Mazumder & Hossain, 2018).

Methodology
The current study aims to provide a comprehensive review (Nobanee et al., 2020) and to discover possible directions for future research in the area of internal audit and risk management, as a bibliometric analysis approach investigates the growth of the intellectual structure of research published over time (Donthu et al., 2021).In conducting a bibliometric analysis, several techniques are adopted (co-citation analysis, and co-occurrence of the keywords, extended with an analysis of words cooccurrence in titles and abstracts) as tools for exploring the scientific mapping of research, as show in Figure 1.The bibliometric analysis is known as an effective technique (Donthu et al., 2021), using a quantitative approach in synthesizing the literature on a specific domain (Behrend & Eulerich, 2018).While the technique of bibliometric analysis has its limitations, it goes beyond the classic descriptive statistics.Notwithstanding the effectiveness of conventional approaches such as systematic literature reviews in observing development in research fields, extracting profound insights from a narrow sub-set of publications, they may fail to detect field-connected research papers (Lacey et al., 2011).Moreover, a study based on a bibliometric analysis as research method will scrutinize the specifics of the subject's scientific map and also the network structure (Pan et al., 2022), using an extensive approach (Öztürk, 2021).Most importantly, the rigour of bibliometric analysis could help elucidate both the current state and emerging areas within a particular field (Donthu et al., 2021).
In this study, the citation analysis gives a perspective on the relationships among publications and sheds light on the most significant publications in the field of risk management and internal audit, using three complementary techniques, co-citation analysis, co-occurrence of keywords, and co-occurrence of words in titles and abstracts.The co-citation analysis brings up the expansion of the foundational themes in our research area, by underlining the relationship among the cited publications.Using the co-occurrence of keywords, present and future research topics are to be revealed.Moreover, co-word analysis may draw direct lines between the research publications conceptual frameworks and determine groups (further named as clusters) of publications with a certain similarity in addressed subjects and themes.Additionally, an analysis of articles' abstracts and titles is conducted through the co-occurrence of words in title and abstract.Therefore, all methodological tools chosen to respond to study's objective are aiming at enhancing the study's foundation and validating its results.
Among the commonly scientific databases that are used for running a bibliometric analysis, Web of Science (Clarivate Analytics) and Scopus (Elsevier) stand out (Nobanee et al., 2021;Pan et al., 2020).On this basis, the dataset for this study is extracted from Web of Science scientific database, which is the world's most trusted publisher-independent global citation database (www.clarivate.com).Since the objective of this research lies on internal audit and risk management, the search criteria were set as TS = (risk management and internal audit) or TS = (risk management and internal control), since internal control is closely related to internal audit.A total of 417 initial bibliometric records were returned, with publication years starting from 1990 to 2023 (more specifically until 01.04.2023 -when the database was last updated).Further, the research areas were limited to Business Economics and the data was restricted only to those articles written in English.Hence, the final database is composed of 246 bibliometric records.

Publication trend on internal audit and risk management research
The distribution by year for published articles with an interest in risk management and internal audit indicates increased attention for this research field from 1996 to early 2023, as presented in Figure 2. It answers the RQ1.What is the publishing trend in the field of risk management and internal audit research?Further, specific time frames, that could impact the distribution of the publications may be distinguished.
First, the distribution of the publications indicates a growing interest in this field starting from 2002.This year could be connected with the release of the Sarbanes-Oxley Act (SOX), a federal law that encourages resources allocation to the internal audit function.Behrend and Eulerich (2018) argue that the approval of the SOX may be the most significant regulation change of the early 21st century.Beside this, due to the high-profile bankruptcies and the worldwide accounting scandals of the early 2000's, from Enron in the US to Parmalat in Europe, the attention has turned to the role of internal audit, internal control, corporate governance, and risk management (Hazaea et al., 2022).

Connectivity of research themes on risk management and internal audit
The co-citation matrix of the current study consists of 7,878 unique references that were cited 9,591 times in total for the 246 bibliometric records.To avoid misunderstanding of the results, the minimum number of occurrences of a citation is set to 2, when using Vos Viewer.Figure 3 provides an overview on the co-citation network and answers RQ2.What is the connectivity between the main themes in the field of risk management and internal audit research?
Each node in Figure 3 symbolizes an article and it is noted with the author's name and publication year.The scale of the node is provided by the number of the citations of each reference.The network nodes are divided in 9 different clusters, illustrated with different colours.Under the assumption that publications cited together are thematically similar (Donthu et al., 2021), we argue that an overview on each cluster could add more value to the current study.The node with the largest degree is represented by Jensen and Meckling (1976), whose paper presents elements of agency theory and property rights theory with the aim of expanding a theory on company's ownership structure.The article also explains the agency cost and provides new perspectives on the definition of the company environment and framework.
An in-depth analysis of the clusters may lead to central themes that characterize each group of papers, as it is synthetized in Table 1.Further discussion is limited to only the largest three clusters and their relevant publications, representative of each cluster.The most representative publication for each of the tree clusters are Jensen and Meckling (1976), Spira and Page (2003) and Krishnan (2005).The largest cluster presents Jensen and Meckling (1976), as the most cited reference, developing the theory of ownership structure within a company, starting from the agency theory fundamentals.Moreover, the publication also defines the background of agency cost theory, by investigating its provenance and context.Included in the same cluster, Aebi et al. (2011) place risk management and corporate governance under the context of financial crisis in the banking sector, arguing that the improvement of the risk management is crucial for the banks' performance.Beasley et al. (2008) and Gordon et al. (2009) bring the concept of enterprise risk management to the forefront, by focusing on the implementation level and its impact on firm performance.Hoyt and Liebenberg (2011) follow the implementation level of enterprise risk management and argued that enterprise risk management is significantly bonded to the added value in the companies.Beasley et al. (2009) argue that the role of the audit committee and its commitment to the companies reporting is not clear-cut.Subramaniam et al. (2009) claim that companies with a strong collaboration between risk management committee and audit committee are efficiently managing the financial reporting risk, despite organizational complexity being notable higher.Sarens et al. (2006), the most cited reference of the second largest cluster, investigate internal auditor's role in risk management processes, arguing that internal auditors are playing an important role in establishing a higher level of risk and control consciousness and a more structured risk management system.COSO (1992) and COSO ( 2004) also set the cluster's theme to internal audit, internal control and risk management, by defining Internal Control -Integrated Framework and Enterprise Risk Management -Integrated Framework.Spira and Page (2002) argue that the importance of internal auditors is growing as the perception of a company's risks may directly impact the effectiveness of risk management.The risk management efficiency may also be corelated with the implementation of enterprise risk management (COSO, 2004), while there is a need of using quantitative methods for risk evaluation (Paape & Spekle, 2012).
The third largest cluster relates to aspects of quality processes developed within internal audits and internal controls.Krishnan (2005) conducted a study based on the examination of the audit committee quality and the internal control quality and their association.The results suggest that independent and expert audit committees are less associated with the errors that might occur within the intern control process.Doyle et al. (2007) investigates the link between internal control and financial reporting.The material weakness faced during internal controls may vary across companies, depending on company's particular challenges in the internal control process.Therefore, the impact on financial reporting may be significantly positive.

Dominant and emerging topics in the field of risk management and internal audit research
To answer the research question RQ3.What are the dominant and emerging topics in the field of risk management and internal audit research?, the co-occurrence of the keywords' matrix was constructed.It consists of 670 unique author's keywords that occurred 1,081 times in total.In order to avoid ambiguity in the results and map visualization (Figure 5), the minimum number of occurrences of an author's keyword is set to 2. Table 2 displays the most frequently used keywords occurred in the sampled database.The highest number of occurrences is given by the keywords: risk management, internal control and internal audit.After running the analysis in VOS viewer software, nine keyword clusters were generated.The analysis of keywords co-occurrence provides relationships with one another for the grouped publications by topic.
Table 3 shows the most representative author's keyword for every cluster.A brief analysis of every cluster with a large node is further presented, as the size of the node is directly proportional with the number of occurrences.A comprehensive picture of the words that appear in every cluster may be seen in Figure 5. Cluster 1 (pink colour) is predominantly characterized by the concept of risk management.The node, which is also the largest in the visualization map, is located in close proximity to the centre of the map, alongside the internal audit and internal control nodes.Cluster 1 is directly linked to Cluster 12 (light brown colour), which comprises terms such as efficiency and profitability, as well as Cluster 13 (dark green colour), which presents the main theme of risk identification.Most of the publications from our dataset are directly linked with the risk management keyword.In some of the most recent studies, risk management is disclosed by reference to its level of practical implementation within private (Fekete, 2022) and public sector, its efficiency (Castellini & Riso, 2023), and impact on the decision-making process.Beuren et al. (2023) address the emphasis of risk management relevance and internal audit within multinational companies, while Ardianingsih and Payamta (2022) observe risk management output as a basis for internal audit performance and efficiency.
Cluster 2 (orange colour) is predominantly characterized by the keyword internal audit.The proximity of this node to the risk management node is expected, given that these two concepts are related in research and practice.It should be noted that Cluster 2 also exhibits direct interactions with Cluster 8 (lime green colour), which includes terms such as internal control system, risks, compliance, and assurance activities.Additionally, Cluster 2 is adjacent to Cluster 7 (purple colour), which presents terms such as internal audit quality, and Cluster 9 (light blue colour), which includes concepts such as governance, accountability, and public sector.Hazarea et al. (2022) address the gaps in the field of internal audit research, as companies' behaviour seem to be inclined to show constant interest in strengthening internal audit's structure.Klius et al. (2020) and Roussy et al. (2018) observe the internal audit quality and its continuous improvement, as it seems that internal audit, as well as risk management, may contribute to achieving company's projection and enhanced performance.
Cluster 3 (light red colour) includes articles that are based on the concept of internal control.This term is linked with the COSO framework and the concept of relationship.Moreover, Cluster 3 exhibits direct interactions with the risk management and internal audit clusters.Cluster 3 is also directly linked with Cluster 14 (grey colour), which presents concepts such as internal control quality, and comprehensive risk management.From the list of articles lying under this cluster, Beuren et al. (2023) links the concept of internal control to risk management, its results disclosing the importance of concepts awareness among companies.Zhang et al. (2022) bring the terms internal audit quality and ethical standards within the same study, by investigating the academic background of companies' human resources as a critical factor in determining the degree of quality in corporate internal controls.
Cluster 4 (green colour) highlights the concept of corporate governance as the dominant node of the keywords.This cluster is primarily concerned with concepts that relate to financial reporting performance.One of the most recent studies included in the sampled dataset, which aligns corporate governance with financial reporting performance, is conducted by Alkaraan et al. (2023) in the context of Industry 4.0 technologies and Circular Economy techniques.Velte (2022) develops a review study observing the implications of stakeholder agency-theoretical framework on companies' financial performance, while Jia and Bradbury (2021) find risk management commitment as a decisive corporate governance mechanism in reaching improved financial performance.Furthermore, Cluster 4 has is directly linked to Cluster 11 (light green colour), which focuses on firm performance as the main theme.
Cluster 5 (blue colour) is placed around the concept of internal audit committee as its primary theme.The top term associated with this cluster is audit committee.The researchers associated with this cluster are focused on concepts closely related to the audit process, such as internal audit effectiveness, regulation, and internal audit function, which are the remaining author's keywords for this cluster.Bananuka et al. (2022) argue that the internal audit committee and the internal audit function may have a significant positive impact on financial reporting, while Tamini (2021) observes the role of internal audit function in risk management, as provider for risk management assistance.Cular et al. (2020) argue that internal audit effectiveness might play a crucial role in external auditors' reliance on the internal audit function.The internal audit function seems to carry a notable role in enhancing the internal audit effectiveness, however the gaps in the literature need to be addressed (Hazaea et al., 2022).
Cluster 6 (red colour) includes a group of concepts that have attracted consistently garnered the attention of researchers in the field of enterprise risk management.Within this cluster, one may encounter various interlinked concepts, including financial reporting quality, internal audit function, internal controls, fraud, operational risk management, audit fees, and insurance industry.On the other hand, Cluster 10 (grey-blue colour) is closely linked to Cluster 6, as evidenced by its component terms risk assessment and bank performance.Hassan et al. (2022) investigate the interactions between risk governance practices and organizational culture, while findings exhibit a pattern of higher probability of implementing enterprise risk management practices in companies with an internal audit background.Ghafoor et al. (2022)'s research connects the concept of enterprise risk management with stocks price fluctuation, while Onay (2020) addresses the role of internal audit in enterprise risk management practice and its response to overcoming risk factors.

Gaps and future research patterns in the field of risk management and internal audit
To address the last research question, RQ4.What are the gaps and future research patterns in the field of risk management and internal audit?, a words map at the level of titles and abstracts is designed.The terms' network consists of 5,492 unique items encountered within the database publications' titles and abstracts, generating a total of 40,894 links within 11 distinct clusters.For a clearer picture, a threshold of 5 occurrences per word was set in creating the terms' visualization map.The terms that record the highest number of occurrences are risk, risk management, internal audit, and internal control.These results might be linked to those previously presented in the keywords analysis, noticing that the most frequently occurring concepts presents a high degree of semantic similitude.This may validate the coherence of choosing the most relevant keywords to be included in the list provided by authors, as they reflect the content of the title and abstract.
For obtaining the visualization map, an analysis in VOS viewer software run resulting in eleven keyword clusters.The analysis of terms co-occurrence within titles and abstracts group publications in thematic clouds, as displayed in Figure 6.The analysis of terms co-occurrence within publications' titles and abstracts contribute to article's output by shedding light on the research objectives, as well as on limitations and gaps in literature.
An in-depth analysis presented in Table 5 summarizes the emerging research areas at the level of every dominant cluster represented in the visualization map, which could uncover new topics for the research activity.A brief analysis of gaps in the literature brought by the top 3 largest clusters, represented by risk management, internal audit, and internal control -the largest nodes on the map by the number of occurrences -is further discussed, with a brief reference to other adjacent clusters.Future research in the field of risk management and internal audit are still driven by the objective of identifying factors that might have an impact on the quality and effectiveness of these concepts.As it may be observed in the visualization map (Figure 6), effectiveness and quality are amongst the terms with the highest number of occurrences.Further, this might indicate that although risk management and internal audit quality is an often-debated issue, yet the gap in the literature still needs to be filled.
Within the analysed research, the focus frequently falls upon the risk management's role in pursuing a company's objectives and projections.However, a call for more research focusing on tracking the factors (e.g.cultural, regional factors) involved in risk management processes is justified (Beuren et al., 2023;Jia & Bradbury, 2021).Moreover, as risk management effectiveness has been identified as a determinant of financial performance (Ghazieh & Chebana, 2021), more studies may be conducted to measure risk management quality and its level of implementation (Hassan et al., 2022), with the most utilised research methodology being content analysis applied to risk management disclosures (Jia & Bradbury, 2021).
Complimentary, as the concepts of internal audit and internal control are strongly related to risk management, the most concerning aspect within the research activity over the years addresses their effectiveness and quality, as internal audit has a pivotal role in ensuring financial performance and combating fraudulent activities (Zhang et al., 2022;Mutchmann et al., 2022;Hazaea et al.,2022).Future studies proposals are oriented towards filling the gap in the literature by investigating political, cultural and economic factors' effects in cross-country studies on internal audit and internal control quality (Chen et al., 2020;Tamimi, 2021).Internal audit, similar to risk management, has a positive effect on the financial performance of large companies, however the literature targeting SMEs is still underdeveloped (Ardianingsih & Payamta, 2022;Hazaea et al., 2022).
Concepts as risk management and internal audit are often addressed in a crisis context, as it seems that, under the pressure of challenging backgrounds, their quality and effectiveness are debatable.As these two concepts are closely related, most of the studies observe one's implications and impact in another's activity, as both are targeting the companies' interest in seeking their objective and development.

Conclusion
The study offers a perspective on the relationship between internal audit and risk management research as it provides an overview on various research themes that frequently occur within the indexed set of articles from Web of Science.The results show that the distribution of the publications indicates a growing interest in this field starting from the early twenty-first century.The establishing of the SOX Act raised the researchers' interest in the field, as the academic trend towards publications is noticeable in the post-SOX era.As well, a noticeable growing trend is also observed in contexts characterized by high-profile bankruptcies, accounting misconducts, or financial crisis.
The chosen bibliometric tools for conducting the study allow us to observe the evolution of the research themes over time.Subjects, such as the effectiveness, quality and improvements in the field of internal audit and risk management (Lin et al., 2011;Soh & Martinov-Bennie, 2011), are in constant development, with researchers' interest in the field still growing.
The co-occurrence of the author's keywords matrix allows the display of the most frequently used keywords in the sampled database.Thus, the analysis provides grouped publications by thematic relationship with one another.One of the main themes linked to internal audit and risk management is risk management implementation (Hassan et al., 2022;Ghafoor et al., 2022;Onay, 2020).In addition, other major concepts directly linked to internal audit and risk management are corporate governance and financial reporting performance (Alkaraan et al., 2023;Velte, 2022;Jia & Bradbury, 2021).The topic of internal audit and risk management effectiveness are discussed in most of the publication.According to Turetken et al. (2019), internal audit is crucial in ensuring that a company's practices conform to regulations.The results show that the concepts of internal audit and risk management are strongly linked among publications, but there are still gaps to fill (Roussy & Perron, 2018).
The analysis of co-words patterns within publications' titles and abstracts contributes to article's output by shedding light on the research objectives, as well as on the limitations and gaps in literature.Further research is required to identify the factors that influence internal audit effectiveness.Also, there is a need for more studies observing the factors directly affecting the risk management processes (Beuren et al., 2023;Jia & Bradbury, 2021), along with tracking the quality of risk management (Hassan et al., 2022).Numerous studies focus their research directions on prior crisis contexts.Hazaea et al. (2022) claim that more studies must be conducted on the impact of the current crisis period on internal audit and risk management.In this way, the improvements of internal audit and risk management processes can be observed from past crisis contexts (Kotb et al., 2020).Muchmore, to gain a comprehensive understanding of internal audit's role in risk management, future studies must continue to investigate the actual role of internal audit in general, as prior literature suggests that it plays a more versatile role within governance, rather than capturing its actual role (Roussy & Perron, 2018).Prior research also suggests a wider focus on investigating political, cultural and economic factors' effects in cross-country studies on internal audit and internal control quality (Chen et al., 2020;Tamimi, 2021).
This research is not without limitations.However, it may offer perspectives for future studies.The limitations include the dataset size, that may not support generalized inference of the results.Muchmore, the performance analysis and science mapping only provide a general perspective on the research field.Therefore, future research may address a more detailed analysis of the studies included in the sample, with an in-depth examination of the full papers text, research methods used, and the main results, as well as the distribution of topics per journal or the collaboration among universities.

Figure 1 .
Figure 1.Research framework Source: Authors' projection based on Donthu et al., 2021 is the publishing trend in the field of risk management and internal audit research?RQ3.What are the dominant and emerging themes in the field of risk management and internal audit research?RQ2.What is the connectivity between the foundational themes in the field of risk management and internal audit?

Figure 2 .
Figure 2. Distribution of risk management and internal audit related publications in Web of Science data collection cut-off date is 1 st of April 2023

Figure 3 .
Figure 3. Co-citation network of risk management and internal audit related publications in Web of Science Note.Results are generated with VOS viewer software.

Figure 5 .
Figure 5. Keywords co-occurrence network in the field of risk management and internal audit Note.Results are generated with VOS viewer software.

Figure 6 .
Figure 6.Terms' co-occurrence network within publications' titles and abstracts in the field of risk management and internal audit Note.Results are generated with VOS viewer software.

Table 1 .
Most relevant document per cluster

Table 2 .
Top 10 keywords by the number of occurrences

Table 3 .
Most representative keyword on each cluster

Table 4
highlights the concepts addressed within publications titles and abstracts, by the number of occurrences.

Table 4 .
Top concepts by the number of occurrences

Table 5 .
Overview of research gaps in the field of risk management and internal audit