Economic markets continue to become more complex, creating challenges for organisations with the scope, complexity, and interdependencies of emerging risks necessitating a more robust and integrated approach to risk management and internal control. To this effect, enterprise risk management (ERM) has been the topic of increased attention with regulatory, business and academic arenas alluding to the need for ERM and improved internal control systems. The traditional practices of managing risks in silos has had implications on the internal control systems of organisations as the organisational focus has been on those directly related to financial operations and reporting.
Therefore, the aim of this study was to determine the extent to which organisations have implemented ERM, particularly those in the mining industry, and then understand the impact this ERM has on the internal control system. To this end, qualitative research with an exploratory design was conducted. Twelve executives and senior managers across eight organisations, who are responsible for risk management and assurance of internal controls, were interviewed to uncover their distinctive insights regarding this phenomena. The rich data that was unearthed was analysed using thematic analysis techniques.
The evidence from the study showed that while the ERM practices of organisations are between intermediate and mature levels, more work still needs to be done in order to institutionalise ERM. Furthermore, ERM improves the internal control system of the organisation, however the maturity of the ERM process and the leadership in the organisation are big determinants of the extent to which the improvements can be realised. Other factors were identified which necessitate enhancement and sustainability of the ERM capability and formed the basis of a model for enterprise risk and control integration that was developed. The results of this research provided additional insights that will bolster the advancement of internal control management through ERM.