Abstract

The primary objective of this study is to comprehensively review the literature concerning existing instruments on the measures of the ERM implementation and roles of internal auditing (IA) in the Enterprise Risk Management (ERM) implementation. The study involves review of existing ERM instruments from 2001 to 2011. The present instrument were critically reviewed in which the contributions and limitations of each is appropriately identified and summarized. The review identified four main limitations of the existing ERM instruments that limit its applicability in academic setting. First, there is no consistency on the attributes used to tap the construct, that is, the ERM. Second, most of the instruments were not based on any well accepted ERM framework. Third, almost all of the instruments do not incorporate the roles of IA in the ERM. Finally, all of the instruments do not attempt to appropriately quantify the measurement of the ERM and this is evidenced by the use of categorical scales. This review could add value to academic research by providing analysis, comments and summary of various ERM instruments for ten years. This may assist more studies in this area that currently lack academic-based measurement tools. This present review could be among the significance source of reference for academic research especially on the measurement of the ERM implementation and IA roles in the implementation. It also could serve as guidance for the development of new academic-based instrument. Further, this review offers new solution to critical research questions concerning the structure, framework and measurement procedures.

Key words: Enterprise risk management (ERM), internal auditing (IA), IA roles, COSO ERM framework, corporate governance, risk assessment tools.