Author(s): Setyo Wibowo, Noer Azam Achsani, Arif Imam Suroso, Hendro Sasongko
In a VUCA world, the board as a governing body of an organization has to see the risk management process more stringently. Their risk oversight is based on various assurance providers, which can be categorized into three lines of defence. As the third line of defense, internal audit needs to coordinate the combined assurance of the three to avoid gaps and overlaps, but little is known on this role. This study uses binary logistic regression to explore factors associated with internal audit involvement in the organization’s combined risk management assurance. We use 906 data samples drawn from the common body of knowledge survey performed by the Institute of Internal Auditors Global in 2015. We found that the use of technology, risk management maturity, frequency of management’s risk assessment, three lines of defense model adoption, and coordination with the external auditor are significantly associated with the formal combined assurance implementation. The study results fill the gap in combined assurance knowledge and are beneficial to the internal and external audit practitioners, board of directors and senior management, regulators, and standard-setting bodies.