International Journal of Management Science and Information Technology IJMSIT
E-ISSN: 2774-5694
P-ISSN: 2776-7388
Volume 6 .
January-June 2026, 101-109 DOI: https://doi.
org/10.
35870/ijmsit.
Internal Audit Strategies in Strengthening Corporate Governance: A Risk Management and Compliance Analysis Sumardi 1*.
Fredy Arios Tiblola 2.
Anto Purwadi 3 1* Management Study Program.
Universitas Tangerang Raya.
Tangerang Regency.
Banten Province.
Indonesia.
2 Accounting Study Program.
STIE Bukit Zaitun Sorong.
Sorong City.
Southwest Papua Province.
Indonesia.
3 Graphic Technology Study Program.
Sekolah Tinggi Media Komunikasi Trisakti.
East Jakarta City.
Special Capital Region of Jakarta.
Indonesia.
Email: sumardigokasi@gmail.
com 1*, fredytiblola65@gmail.
com 2, anto.
purwadi@trisaktimultimedia.
Abstract Article history:
Received February 7, 2026 Revised February 25, 2026 Accepted February 27, 2026 This study aims to analyze the role of internal audit in strengthening corporate governance.
This study focuses on the risk management and compliance aspects of an organization's ability to comply with accepted standards, laws, and regulations, especially in this era of digital Internal audit plays a crucial role in reviewing the suitability of internal control systems, risk management, and compliance.
The application of technology in internal audit has enabled increased risk detection efficiency while ensuring better compliance.
This study uses a comparative approach, comparing companies that have switched to digital technology systems for internal audit with companies that still use traditional methods.
Data collection comes from interviews, surveys, and document analysis of 200 respondents .
nternal auditors, audit committee members, and senior manager.
in 50 companies.
Newly introduced digital technologies in internal audit have been shown to strengthen risk management and compliance, thereby improving overall corporate Organizations with strong governance structures, having more independent directors and more effective audit committees, tend to be more successful in risk management.
The study also found that clear policies on internal control play a very important role in improving However, issues such as unreliable investment costs, complete system integration, and resistance from top management remain barriers to implementing digital technologies in internal audit.
Keywords:
Internal audit.
Risk management.
Compliance.
Digital technology.
Corporate governance.
Internal control.
INTRODUCTION
Good corporate governance is essential for an organization to achieve its long-term goals.
Internal audit plays a crucial role.
Its functions include assessing internal control systems, monitoring risk management, and ensuring compliance with applicable laws, regulations, and rules.
A competent internal audit can help identify potential risks facing a company and propose improvements.
Risk management is a key link in internal audit, which primarily focuses on identifying and managing risks that could negatively impact the Meanwhile, compliance is crucial to ensuring the company remains within relevant regulations.
Properly implementing both will further strengthen governance and create a clearer and more accountable operating environment.
The purpose of this paper is to investigate and analyze how internal audit can make an appropriate contribution to corporate governance, using the tools available for risk management and Research has shown that internal auditing has a significant impact on corporate risk management and In the financial sector, effective internal auditing, as demonstrated by Kartika.
Aprilia, and Siregar .
, can help identify potential risks at an early stage, thus preventing losses for the company.
They urge attention to risk management through internal auditing to help support financial stability and gain stakeholder trust.
Research by Azizah et al.
found that integrated internal auditing can lead to better Volume 6 .
January-June 2026, 101-109.
DOI: https://doi.
org/10.
35870/ijmsit.
company performance and greater transparency in corporate governance.
Research by Wahhab et al.
also noted the important role that the professional skills of internal auditors play in matters such as risk management, finding that skilled auditors may be more effective in identifying and addressing risks and better at drafting company regulations.
Furthermore, research by Lega et al.
showed that auditing company policy documents can improve company compliance and reduce risks associated with third-party Wilkinson's .
research identified four key challenges facing corporate internal auditors.
Husain .
argued that internal audit plays a crucial role in improving financial management and corporate Internal audit is also one way for the Central Bureau of Finance to ensure that all transactions are conducted transparently and in accordance with regulations.
Syahril's .
research shows that, especially for Islamic financial institutions, internal audit and internal control systems (K.
are crucial for managing risk and adhering to Sharia principles.
Furthermore, in the international corporate world.
Okafor et .
studied the importance of risk-based auditing and the need to comply with SOX (Sarbanes-Oxle.
regulations in preventing financial fraud.
With this approach, high-risk business areas are identified and controlled more precisely.
With technological advancements.
Adelakun .
noted that artificial intelligence (AI) has a positive impact on internal audit practices, accelerating the process of discovering or preventing compliance violations and detecting new risks.
Digital transformation has significantly changed the internal audit landscape.
By utilizing the latest technology, the audit function continues to be strengthened, according to Suwandi et al.
Risks are identified and addressed more quickly and accurately than before.
Furthermore, digital systems facilitate data management and increase audit efficiency through controlled monitoring, which in turn has helped improve the quality of a company's internal control system.
In addition to helping establish a company as a viable entity.
Sari et al.
highlight the crucial role of internal audit in managing reputational risk.
They learned that internal auditors identify potential risks facing a company that could damage its reputation and act as supervisors to ensure that ethical standards and business efficiency are maintained.
Therefore, internal audit looks not only at financial controls but also at broader aspects such as the company's image.
Fagbore et .
found that the combination of internal audit and internal control is key in managing investment When managing investment funds like this, the success of a well-executed project rests with an audit strategy that can prevent fraud and increase efficiency.
Bulkot.
Bugay et al.
added that sustainable development principles are increasingly being applied to internal auditors.
Organizations that have good internal controls not only comply with financial standards but also engage in social and environmental RESEARCH METHOD This study aims to analyze the role of internal audit in improving corporate governance and its culture.
The main focus is on risk management and compliance in the era of digital transformation.
Our analysis involves comparing companies that have implemented digital technology into their internal audit systems with those that have not.
We examine how technology contributes to improving the effectiveness of internal audit in managing risk and ensuring compliance with legal requirements.
This study is comparative, comparing two types of companies: those that conduct internal audits based on the use of computer technology, and those that conduct such audits traditionally.
A survey was conducted with internal audit practitioners, risk managers, and heads of internal control departments.
Data was collected through The survey was distributed to 200 respondents from 50 companies focused on risk management and compliance, consisting of internal auditors, audit committee members, and senior managers.
In-depth interviews were also conducted with 20 key informants from various sectors to explore the challenges and benefits of implementing technology-based internal audits.
The collected data were then analyzed using descriptive statistics and regression analysis to measure the relationship between technology implementation and internal audit effectiveness in managing risk and compliance.
The validity of the findings was strengthened through triangulation, which combined quantitative and qualitative data from the survey and Figure 1.
Research Framework Volume 6 .
January-June 2026, 101-109.
DOI: https://doi.
org/10.
35870/ijmsit.
Data collection will be conducted through surveys and primary interviews.
The surveys and interviews will be distributed to 200 respondents, including those in internal audit, audit committee members, and senior managers from 50 companies focused on risk management and compliance.
In addition, we will conduct indepth interviews with 20 key informants to understand the barriers to implementing technology-based internal audit system changes.
The information generated from the surveys and interviews will be analyzed using descriptive statistics to describe the characteristics of the respondents and the variables studied.
Regression analysis will also be used to examine the relationship between digital technology adoption and internal audit effectiveness for risk management and compliance.
Triangulation will be used to enhance the validity of the findings, namely by comparing quantitative data with interview responses and other types of information to ensure that the findings are reflected from all perspectives.
RESULTS AND DISCUSSION
Results The empirical findings of this study provide valuable insights into how internal audit can fulfill its risk and compliance functions in modern enterprises.
The findings are based on a multi-faceted analysis, including survey questionnaires, interviews, and document reviews.
The data collected here provides insights into the factors influencing the quality of digital transformation.
A correlated sample was collected from a company's database for its technology-dependent internal audit department.
Using this sample, we can then calculate statistics on technology-based audits.
The results indicate that implementing technology in internal operations can improve the efficiency of risk detection and regulatory compliance.
The trend, drawn from both traditional statistical methods and extensive empirical research, is clear: companies with robust internal control policies and sound governance structures have been highly successful in managing risk and addressing regulatory obligations.
With the introduction of digital technology into internal audit, risk management and compliance have significantly improved, and corporate governance has also improved.
Comparison of Internal Audit Practices By comparing internal audit practices based on risk management models in various provinces in Indonesia, such as DKI Jakarta.
West Java.
East Java, and Bali, with the compliance models implemented in provinces such as Yogyakarta.
North Sumatra, and South Kalimantan, this study assesses the differences in these practices.
The findings indicate that organizations with a higher proportion of independent directors are generally more successful in their internal audit practices.
Specifically, 60% of organizations in provinces with more independent directors achieved better results, while 40% did not achieve optimal results.
Furthermore, the role of the audit committee was found to impact internal audit quality.
Of organizations with strong audit committees, 70% reported better control over internal audit.
Conversely, of organizations with weak audit committees, 30% saw no significant improvement in their internal audit quality.
Furthermore, organizations with effective governance structures, such as numerous independent directors and effective audit committees, were more likely to keep risks under control than those without such structures.
This suggests that strengthening governance could significantly improve internal audit effectiveness in these These findings emphasize how the number of independent directors, the effectiveness of the audit committee, and the strength of the corporate governance structure contribute significantly to producing effective internal audits in various organizations across provinces in Indonesia.
Table 1.
Comparison of Internal Audit Practices Based on Governance Factors Factor Positive Impact (%) Negative Impact (%) Number of Independent Directors Strong Audit Committee Strong Governance Structure Table 1 compares internal audit practices based on several key governance elements.
Thus, we can see that in 60 percent of companies, increasing the number of independent directors had a positive effect on internal audit practices, but in 40 percent, no improvement was seen at all.
Strong audit committees yielded positive results for 70 percent of companies, while 30 percent experienced less success.
Beyond a solid governance structure, 75 percent of respondents reported positive results, while 25 percent saw only limited improvements within the organization.
These figures underscore the importance of governance in shaping the direction of internal audit.
Effectiveness of Risk Management Strategies The findings of this study indicate that internal audits are crucial for success.
Furthermore, approximately 80 percent of organizations that adopt risk-based audits undergo annual risk reviews.
These annual reviews detect inconsistencies and deviations in operational processes, both in practice and in practice, if the results are consistent.
Problems are detected early enough to allow effective preventative Volume 6 .
January-June 2026, 101-109.
DOI: https://doi.
org/10.
35870/ijmsit.
measures to be taken.
This not only increases risk awareness but also has positive implications for efficiency and compliance with relevant laws and standards.
However, approximately 45 percent of organizations that lack a structured risk assessment system inevitably struggle to identify risks.
For those without such an evaluation system, they only discover potential problems too late.
When they do occur, regardless of who is at fault or what the cause is, these imperfections still fail to perform their function and put the company and its reputation at risk.
Failure to provide early warnings about risks can lead to greater tragedy, as companies are unable to quickly reflect changes and new threat conditions.
Organizations that frequently conduct annual risk assessments are better prepared to face challenges and tend to have more efficient risk management methods, while organizations without a regular system experience increased operational continuity risks.
Figure 2.
Chart Frequency of Annual Risk Assessments by Organizations Compares organizations that conduct structured annual risk assessments with those that do not.
The chart illustrates that the majority of organizations .
%) perform structured annual risk assessments, while the remaining 20% lack such structured assessments.
Comparison of Compliance with Governance Standards Compliance analysis has revealed that both internal and external compliance rates for organizations with well-defined and robust internal control policies are typically higher than those without such tools.
organizations with well-established internal control policies, up to 75 percent of respondents indicated high levels of compliance with both external and internal regulations.
This indicates that effective internal control policies play a critical role in ensuring organizational compliance with established standards and regulations.
However, in organizations without clear internal control policies, 25% of reported cases describe this type of non-compliance.
Without clear internal controls, organizations are more vulnerable to regulatory violations, which can damage their image and even jeopardize their very existence.
Open and structured internal control policies are crucial as a foundation for ensuring more effective compliance within a business.
Therefore, a stronger compliance policy can be an important way to limit compliance risks and improve the overall level of organizational governance.
Figure 3.
Compliance Process with Governance Standards This diagram illustrates how internal audits are integrated with risk management and compliance within an organization.
The application of digital technology plays a key role in enhancing the effectiveness of risk detection and ensuring compliance with applicable regulations.
Key Findings After analyzing the data, one of the key findings was to identify factors that influence the effectiveness of internal audits, risk management, and legal compliance in companies, both qualitatively and quantitatively.
The key findings indicate that while internal audits are not required in well-governed organizations, they are highly effective when errors occur.
However, regular and well-planned risk assessments can mask all types of acquisition failures, and without clear internal controls, none of them can be properly implemented.
Volume 6 .
January-June 2026, 101-109.
DOI: https://doi.
org/10.
35870/ijmsit.
Effective Internal Audit Internal audits are more effective in organizations with robust management systems.
These organizations have a greater number of independent directors and effective audit committees.
Independent directors who can make informed decisions in the best interest of the entire organization, rather than for their own personal gain, play a crucial role in ensuring transparent decision-making.
Furthermore, an audit committee with adequate authority and competence provides better oversight of internal audits.
Improved oversight leads to early detection of potential problems and prompt resolution.
The capabilities of internal auditors also impact internal audit effectiveness.
The more knowledgeable an auditor is about business processes, the more likely they are to identify potential risks.
The success of internal audits also depends on the implementation of clear and comprehensive procedures, which provide guidance to internal auditors and help them work efficiently.
These skills enable auditors to provide concrete advice to the company, which in turn reduces potential losses.
Risk Management This research also shows that structured risk assessments lead to more effective risk management.
Organizations that conduct regular annual risk assessments detect potential problems earlier.
Planned assessments enable companies to respond to threats or deviations more quickly and take necessary corrective measures.
Consequently, annual assessments provide organizations with the opportunity to reevaluate the effectiveness of previous preventative measures and to modify policies in response to changes in the field.
In contrast, organizations without a structured risk assessment system struggle to recognize problems in a timely manner.
Research shows that mistakes made in identifying hazards lead to greater impacts, as companies experiencing problems cannot react quickly to new threats.
Therefore, it is crucial for organizations to have a formal system for assessing and managing risks, ensuring operational continuity and maintaining optimal performance.
Compliance with Regulations In risk management, it's also worth noting that organizations with clear internal control policies are more likely to comply with all relevant laws.
A clear and firm internal control policy means that every process within the organization is consistent with established rules.
Conversely, organizations without clear internal control policies are highly vulnerable to legal violations, which can result in legal risks and reputational damage.
Corporate stability and avoiding legal issues require compliance with all regulations, both external and internal.
Therefore, organizations that effectively implement internal controls can perform well under these external requirements and also as part of their own internal style This study also highlights the importance of organizations having appropriate control policies:
Otherwise, their actions may not comply with various regulations on the topic, which in turn risks losing the trust of their stakeholders.
Challenges in Implementing Internal Audit Practices The implementation of technology-based internal audit systems in various organizations brings many One is that technology can enable more efficient and accurate risk detection and compliance However, despite these significant advantages, technology also presents many challenges.
Although many organizations have successfully developed such systems, these issues persist.
Some of the key barriers identified in this study include technology investment, complex system integration, and resistance to change within the organization, particularly from top management.
Technology Investment Costs Implementing technology-based internal auditing is expensive.
Technology mechanisms naturally require even greater investment.
Companies must allocate funds to purchase the latest software, hardware, and staff training to guide these initiatives to success.
Sophisticated software that utilizes the best technology for internal audit and risk management is expensive, not only to purchase initially .
reeregisso helps readers avoid the potentially misleading term: procurement pric.
it can be a burden, especially for smaller and less affluent companies.
However, let's not forget that there are many hidden costs, such as software upgrades and maintaining technology infrastructure.
When new software is implemented, we need to ensure that existing devices, such as PDAs or smartphones, are compatible with these systems to ensure the equipment functions Furthermore, if a company is not ready for such an investment, this high investment will not only provide long-term benefits in terms of efficiency but also become a barrier for many companies that cannot currently afford it.
System Integration Another crucial issue within organizations is how to integrate this new technology with legacy systems.
In the past, many organizations have used traditional audit methods, and now it can be difficult to find a place for these processes on computer systems.
Consequently, one of the dangers we face is that new technology may be completely out of sync with legacy systems, whether it's data management or operational This adjustment process affects various aspects, from hardware to operating modes and flowchart Failure to fully integrate new and legacy systems can cause serious problems in the ongoing audit Furthermore, the time required to connect disparate systems can negatively impact the normal Volume 6 .
January-June 2026, 101-109.
DOI: https://doi.
org/10.
35870/ijmsit.
operation of an organization's strategy.
Failure to integrate the two systems has in some cases led to delays in the arrival of audit results necessary for informed decision-making.
Resistance to Change within the Organization In the area of technology for internal audit, one of the biggest challenges is resistance to change, especially among senior management.
Many middle managers are accustomed to traditional methods, so they may be reluctant to adopt new technology systems.
Everything is fine in their current setup, and they worry that change will disrupt it.
They simply do not like the feeling, for example, that you are introducing one change after another, and increasingly complex changes are being demanded of them.
This attitude often leads to their refusal to fully support any program aimed at digital transformation in internal audit.
Furthermore, introducing new technology also requires a different approach to the way of thinking and working that has become part of the business's fabric.
Therefore, transitioning from old patterns to newer practices can be difficult for some to adjust to properly.
Unless top management provides broad support and clear explanations of the technology, internal resistance can slow or even prevent the adoption of new Discussion Effective internal auditing is used to minimize risk management, maintain corporate governance, and ensure company operations comply with relevant laws and regulations.
Research by numerous academics and entrepreneurs shows that internal audits can improve business efficiency, strengthen corporate governance, and prevent or reduce errors and fraud that harm an organization.
As in three separate studies on this subject, the analysis below attempts to identify and evaluate some of these key findings.
Internal audits are crucial for identifying and mitigating risks that threaten an organization.
Risk-based internal audits are invaluable for early detection of potential risks.
Research by Kartika et al.
found this to be particularly useful in the financial sector, where risks are high and can directly threaten a company's stability.
By leveraging technology in internal audits, companies can more adeptly identify potential risks and thus evaluate their operations.
Ritonga .
also stated that risk-based internal audits can help companies monitor risks more comprehensively.
This method takes a holistic approach to risk management, focusing on identifying, evaluating, and addressing potential risks across various aspects of a company's operations.
In a more structured system, internal audits have the added benefit of not only assessing identified risks but also predicting emerging risks.
Research shows that integrating risk-based internal audits can strengthen an organization's overall risk management mechanisms, making it better prepared to face potential threats.
With technology implemented in internal audits, risk analysis can be conducted more quickly and accurately.
Research by Hanifah et al.
supports this assertion by showing that technological assistance significantly accelerates risk identification and management.
Implementing this technology not only increases efficiency.
it also offers internal auditors a clearer and more accurate view of the organization's risk posture.
Good Corporate Governance (GCG) relies heavily on effective internal controls and the performance of internal auditors.
According to Mahaputra et al.
, internal auditors, supported by a robust control system, can enhance transparency and accountability within an organization.
Organizations with robust internal controls are effectively self-regulated by their internal auditors.
They ensure that every decision made by management complies with the law and is consistent with company policy.
Managerial decisions are subject to rigorous review by internal auditors.
This ensures that any losses to the company resulting from these decisions are promptly identified and corrected in a timely manner.
Hanifah et al.
also point out that effective internal controls play a crucial role in strengthening corporate governance.
They argue that internal auditors are responsible for ensuring not only that financial reporting complies with company policy but also that it is implemented in practice.
A robust internal audit function ensures that all operational activities adhere to established guidelines and that any deviations or potential risks that threaten the company's sustainability are promptly identified and addressed.
While it's inaccurate to say that a stronger audit committee will only result in a company with better audit activity, an active and competent audit committee has proven superior in overseeing risk management issues and ensuring regulatory compliance.
One of the most important oversights that an audit committee with appropriate authority can provide relates directly to internal audit activities, ensuring that they are conducted thoroughly, on time, or early, and that recommendations made by internal auditors are effectively implemented by management.
Fraud prevention is a key task of internal audit, especially in organizations with high-risk characteristics, such as service companies or large corporations.
Wibowo and Fauzi .
point out that effective internal audit is crucial for detecting and preventing fraud that can harm the business.
Risk-based internal auditing means auditors can systematically examine all operational processes within a company, not only the financial side but also the procedures followed, as well as ethical ones.
Tafalina et al.
emphasize that risk-based internal auditing also plays a crucial role in improving operational efficiency in the sales cycle.
For example, by incorporating audits into the sales process, companies can easily detect potential fraud in sales transactions.
This not only helps prevent financial losses but also optimizes operational processes to ensure the company operates efficiently.
Risk-based internal auditing allows companies to more easily monitor and consider the entire sales cycle.
As long as companies strengthen internal audits that target Volume 6 .
January-June 2026, 101-109.
DOI: https://doi.
org/10.
35870/ijmsit.
fraud prevention, their internal controls will improve, while at the same time preventing errors or violations that could impact financial management from slipping through the cracks.
This study highlights that an efficient internal audit system can maintain a company's integrity and enhance its market position.
The internal audit function plays a crucial role in ensuring that institutions continue to comply with the rules of both Sharia authorities and their respective governments.
Rahma et al.
illustrate the vital role that internal audit plays in Sharia compliance work in banking institutions.
This needs to be done correctly and precisely to meet the strict principles of Sharia rules for regular banking business.
Furthermore, things need to be verified.
Internal audits for Islamic banks can ensure that all products and services comply with Sharia requirements, and that all activities are conducted transparently within these guidelines.
Good internal control and sound internal audits serve as a guarantee for the healthy development of Islamic banking.
This is the only way they can meet the stringent requirements under Sharia law.
If they can ensure their operations run according to Sharia-approved lines, they can profit from every hundred dollars.
Internal audits, when conducted correctly and in good condition with the right techniques, ensure that the bank has sufficient integrity to ensure its compliance with Sharia regulations and market norms, thereby maintaining stable customer trust.
Despite the many advantages offered by technology-based internal audits, organizations also face some The main challenge may be the high initial investment costs associated with purchasing all the necessary software, hardware, and staff training.
If a company wants to use audit technology, it requires significant costs.
This is a burden for companies, especially small ones (Rahmah et al.
, 2.
Another challenge is integrating new systems with legacy systems.
Companies that have previously implemented traditional audit methods may struggle to integrate modern systems with existing ones.
This is a process that requires careful planning and a deep understanding of both systems for optimal operation.
This, coupled with resistance to change at the top management level, is another barrier to implementing technology-based internal audits.
Many senior managers are already accustomed to legacy systems and may be reluctant to switch to new technology.
Without strong support from top management and clear communication of the benefits of this technology, the adoption process will be hampered.
Ultimately, this will reduce operational CONCLUSION The implementation of technology-based internal audits has had a significant positive impact on corporate governance, risk management, and compliance with legal requirements.
Technology means risks are identified more quickly and accurately in internal audits conducted by companies.
Furthermore, technology improves operational efficiency and compliance with policies and laws.
Integrating technology into internal audit systems further enhances risk transparency, enhancing the overall quality of corporate governance.
Research findings indicate that organizations with clear internal control policies and strong governance structures are more likely to manage risk effectively than others.
The Role of Independent Directors and Active Audit Committees in Achieving Higher Standards of Internal Audit Quality Strong evidence is provided that governance-enhancing factors such as independent leadership and close oversight have a significant influence on the successful implementation of technology-based internal audits.
However, despite the many advantages technology brings to internal audit, companies also face a number of challenges.
major barrier is the high fixed costs of hardware, software, and required staff training.
This can be prohibitive for many companies, especially those with limited resources.
Furthermore, we cannot ignore the difficulties that arise from introducing new technology into existing systems.
Modern systems often conflict with previously implemented conventional methods.
Another major barrier to the widespread adoption of new technologies is resistance from top management.
This research shows that while challenges must be faced and overcome, implementing technology-based internal audits can improve risk management efficiency and enhance compliance with laws and regulations.
Organizations with successful technology-based internal audits will benefit significantly across the board, from improved understanding of risk management boundaries to improved performance metrics.
To get technology-based internal audits on the right track, strengthening internal control policies and fostering an organizational culture that fosters change is key.
REFERENCES