The increase in the number of company failures, and in the occurrence of corporate fines and lawsuits due to
noncompliance with statutes and regulations, has been attributed to inadequate or failed governance, risk, and
compliance (GRC) processes. The purpose of this study is to explore internal audit’s role in embedding GRC
processes in state-owned companies. Internal auditors were found to be actively involved in assisting their
organisations in embedding GRC processes, and in improving their GRC maturity through spearheading and
coordinating the implementation of combined assurance protocols. In this regard internal auditors were found
to be most effective when they have buy-in from top management.