Risk management, internal audit function, and corporate performance

Download This Article

Ahmad Saiful Azlin Puteh Salin ORCID logo, Zubaidah Ismail ORCID logo, Malcolm Smith, Suryani Abdul Raman ORCID logo, Norliana Omar ORCID logo, Siti Marlia Shamsudin ORCID logo

https://doi.org/10.22495/rgcv15i4p3

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Abstract

The purpose of this study is to determine the relationship between risk management practices and the internal audit function with the performance of companies. It is interesting to examine how competitive advantage can be achieved when the company is able to face and adapt to a complex business environment via robust risk management practices and an internal audit function. This study uses archival analysis on the annual report of the top 500 publicly listed companies in Bursa Malaysia, which represent approximately 65 percent of the total market capitalization. Both independent variables, namely risk management and internal audit function, are measured based on corporate governance requirements which are issued by the Malaysian authorities, and best practices taken from various international corporate governance recommendations. The results from the multiple regression analysis provides evidence that risk management was significantly positively related with all the performance measurements, supported the earlier findings by Krause and Thse (2016) and Nahar et al. (2016), while there is a mixed findings between the internal audit function and corporate performance. This study is original as it not only examines risk management practices and internal audit function from a local corporate governance perspective but also takes into consideration various recommendations from international best practices.

Keywords: Risk Management, Internal Audit Function, Corporate Governance, Risk, Corporate Performance, Stock Exchange, Listed Companies, Bursa Malaysia

Authors’ individual contribution: Conceptualization — A.S.A.P.S. and Z.I.; Methodology — A.S.A.P.S., Z.I., and M.S.; Formal Analysis — A.S.A.P.S., Z.I., and M.S.; Investigation — A.S.A.P.S.; Data Curation — A.S.A.P.S.; Writing — Original Draft — A.S.A.P.S., S.A.R., N.O., and S.M.S.; Writing — Review & Editing — Z.I. and M.S.; Visualization — A.S.A.P.S. and Z.I.; Supervision — Z.I. and M.S.; Project Administration — A.S.A.P.S.

Declaration of conflicting interests: The Authors declare that there is no conflict of interest.

JEL Classification: G3, M12, M14, M40, M48

Received: 25.02.2025
Revised: 16.06.2025; 07.07.2025; 07.10.2025
Accepted: 21.10.2025
Published online: 24.10.2025

How to cite this paper: Salin, A. S. A. P., Ismail, Z., Smith, M., Raman, S. A., Omar, N., & Shamsudin, S. M. (2025). Risk management, internal audit function, and corporate performance. Risk Governance and Control: Financial Markets & Institutions, 15(4), 33–42. https://doi.org/10.22495/rgcv15i4p3

Virtus InterPress

© 2003 - 2025 Virtus Interpress,
except Open Access articles

Gagarina 9, office 311-312, Sumy, Ukraine

+380-542-610360

info@virtusinterpress.org

About us

Books

Journals

For authors

CG Experts Repository

Virtus GCCG

to top