Salta al menu principale di navigazione Salta al contenuto principale Salta al piè di pagina del sito
FrancoAngeli Journals

Saggi

N. 132 (2024)

Esperienze applicative e implicazioni manageriali per l’Internal Audit nel SSN: Il workshop Control Risk Self Assessment e i successivi sviluppi per il Sistema di Controllo Interno

DOI
https://doi.org/10.3280/mesa2024-132oa20676
Inviata
luglio 18, 2025
Pubblicato
2025-10-31

Abstract

Il presente studio intende approfondire il contributo che la funzione di Internal Audit (di seguito IA) può offrire al Sistema di Controllo Interno (di seguito SCI), presentando il caso particolarmente emblematico dell’Emilia-Romagna. In particolare, lo studio analizza l’applicazione del workshop Control Risk Self Assessment (di seguito CRSA) durante lo svolgimento di un audit, nonché le successive e conseguenti riflessioni in tema di sistematizzazione del SCI. Degni di attenzione appaiono non solo gli strumenti tecnici utilizzati durante il workshop CRSA, ma anche i successivi sviluppi e implicazioni. Il dialogo e il confronto, a livello sia inter- sia
intra-aziendale, tra le linee di controllo coinvolte ha, infatti, sollecitato una profonda riflessione che si è concretizzata con la stesura di Linee Guida regionali che rappresentano in modo organico e sintetico il SCI delle aziende del Servizio Sanitario Regionale (di seguito SSR) e ne definiscono i requisiti minimi e le caratteristiche organizzative e di funzionamento. Oltre a discutere i risultati alla luce della letteratura di riferimento, lo studio evidenzia una serie di importanti implicazioni manageriali.

Riferimenti bibliografici

  1. Allegrini M., D’Onza G. (2003). Internal Auditing and Risk Assessment in Large Italian Companies: an Empirical Survey. International Journal of Auditing, 7: 191-208. DOI: 10.1046/j.1099-1123.2003.00070.x.
  2. Anessi Pessina E., Cantù E., Langella C. (2024). Scelte e pratiche aziendali relative all’introduzione e allo sviluppo della funzione di Internal Audit nelle aziende sanitarie pubbliche italiane. Azienda Pubblica, 37(1): 15-46.
  3. Berry A.J., Otley D.T. (2004). Case-based research in accounting. In Humphrey C., Lee B. (a cura di). The Real Life Guide to Accounting Research, a Behind-The-Scenes View of Using Qualitative Research Methods. Amsterdam: Elsevier.
  4. Black J. (2005). The emergence of risk-based regulation and the new public risk management in the United Kingdom. Public Law, 3: 510-546.
  5. Bracci E., Tallaki M., Gobbo G., Papi L. (2021). Risk management in the public sector: a structured literature review. International Journal of Public Sector Management, 34(2): 205-223. DOI: 10.1108/IJPSM-02-2020-0049.
  6. Bromiley P., McShane M., Nair A., Rustambekov E. (2015). Enterprise risk management: review, critique, and research directions. Long Range Planning, 48(4): 265-276. DOI: 10.1016/j.lrp.2014.07.005.
  7. Brusoni M., Trinchero E., Vescia M. (2014). La gestione del rischio in sanità: elementi organizzativi e gestionali. In: Aleo S., De Matteis R., Vecchio G. (a cura di). La responsabilità in ambito sanitario. Padova: Cedam.
  8. Cantarelli P., Lega F., Longo F. (2017). La regione capogruppo sanitaria: assetti istituzionali e modelli organizzativi emergenti. In: CERGAS – Bocconi (a cura di). Rapporto OASI 2017. Milano: Egea.
  9. Cantù E. (2014). Il bilancio delle Aziende di Servizi Sanitari. Milano: Egea.
  10. Cantù E., Castellan M., De Gaspari E., Gennari M., Langella C., Ruzza I., Tiffi R. (2023). Se pretendi di avere tutto sotto controllo significa che stai andando troppo piano: L’esperienza dell’Audit sulle prestazioni in regime di Libera Professione nella Regione Veneto. Mecosan, 128: 161-180. DOI: 10.3280/mesa2023-128oa18597.
  11. Cantù E., Langella C., Vannini I.E. (2025). Making sense of the internal audit function: towards internal controls integration and organizational learning. Financial Accountability and Management, 41(2): 262-273. DOI: 10.1111/faam.12413.
  12. Chambers A., Rand G. (2010). The operational auditing handbook: auditing business and IT processes. Chichester: John Wiley & Sons.
  13. Chambers R., McDonald P. (2013). Cultivating soft skills: Nontechnical, qualitative attributes should be developed throughout every step of the audit recruitment, retention, and talent development life cycle. Internal Auditor, 70(3): 45-50.
  14. Chiucchi M.S. (2012). Il metodo dello studio di caso nel management accounting. Torino: Giappichelli Editore.
  15. Chiucchi M.S. (2014). Il gap tra teoria e prassi nel Management Accounting: il contributo della field-based research. Management Control, 3: 5-9. DOI: 10.3280/MACO2014-003001.
  16. Coetzee P. (2016). Contribution of internal auditing to risk management. International Journal of Public Sector Management, 29(4): 348-364. DOI: 10.1108/IJPSM-12-2015-0215.
  17. Coetzee P., Erasmus L.J. (2017). What drives and measures public sector internal audit effectiveness? Dependent and independent variables. International Journal of Auditing, 21(3): 237-248. DOI: 10.1111/ijau.12097.
  18. CoSO (2013). Internal Control – Integrated Framework. Executive Summary, May. Committee of Sponsoring Organizations of the Treadway Commission. -- https://www.coso.org/Documents/990025P-Executive-Summary-final-may20.pdf.
  19. CoSO (2017). Enterprise Risk Management – Integrated Framework. – Aligning risk with strategy and performance. Committee of Sponsoring Organizations of the Treadway Commission. – https://www.coso.org/documents/2017-coso-erm-integrating-with-strategy-and-performance-executive-summary.pdf.
  20. Dittmeier C.A. (2011). Internal Auditing: Chiave per la corporate governance. Milano: Egea.
  21. Eisenhardt K.M. (1989). Building theories from case study research. Academy of Management Review, 14(4): 532-550. DOI: 10.5465/amr.1989.4308385.
  22. Fountain L. (2016). Leading the Internal Audit Function. Boca Raton, FL: CRC Press.
  23. Froud J. (2003). The private finance initiative: risk, uncertainty and the state. Accounting, Organizations & Society, 28(6): 567-589. DOI: 10.1016/S0361-3682(02)00011-9.
  24. Hutter B., Power M. (a cura di) (2005). Organizational Encounters with Risk. Cambridge: Cambridge University Press.
  25. Institute of Internal Auditors (1999). Control and Risk Self Assessment, Professional Briefing Note n. 14. London, UK: Institute of Internal Auditors United Kingdom and Ireland.
  26. Institute of Internal Auditors (2013). IIA Position Paper: The Three Lines of Defense in Effective Risk Management and Control [Brochure]. Florida, USA: Altamonte Springs.
  27. Institute of Internal Auditors (2020). The IIA’s Three Lines Model. An update of the Three Lines of Defense. -- https://www.theiia.org/globalassets/documents/resources/the-iias-three-lines-model-an-update-ofthe-three-lines-of-defense-july-2020/three-lines-model-updated-english.pdf.
  28. Institute of Internal Auditors (2024). Global Internal Audit Standards. The Institute of Internal Auditors.
  29. Kolisovas D., Andrius Š. (2011). Risk management in Lithuania’s public sector: starting point, current situation and future perspectives. Intellectual Economics, 5: 547-559.
  30. Kotb A., Elbardan H., Halabi H. (2020). Mapping of internal audit research: a post-Enron structured literature review. Accounting, Auditing & Accountability Journal, 33(8): 1969-1996. DOI: 10.1108/AAAJ-07-2018-3581.
  31. Langella C., Vannini I.E., Persiani N. (2023). What are the determinants of internal auditing (IA) introduction and development? Evidence
  32. from the Italian public healthcare sector. Public Money & Management, 43(3): 268-276. DOI: 10.1080/09540962.2022.2129591.
  33. Langella C., Vannini I.E., Persiani N., Marciacano M. (2022). L’Internal Auditing nel Servizio Sanitario Nazionale: l’esperienza della Regione Veneto e della Regione Emilia-Romagna. Mecosan, 123: 7-27.
  34. Lapsley I. (2009). New public management: the cruellest invention of the human spirit?. Abacus, 45(1): 1-21. DOI: 10.1111/j.1467-6281.2009.00275.x.
  35. Luburic R., Perovic M., Sekulovic R. (2015). Quality Management in Terms of Strengthening the “Three Lines of Defence” in Risk Management – Process Approach. International Journal for Quality Research, 9(2): 243-250.
  36. Murdock H. (2019). Auditor essentials: 100 concepts, tips, tools, and techniques for success. Boca Raton, FL: CRC Press.
  37. Mussari R. (1997). La revisione gestionale negli Enti Locali. In: Marchi L. (a cura di). La revisione nelle aziende pubbliche. Rimini: Maggioli.
  38. Parker L.D. (2012). Qualitative management accounting research: assessing deliverables and relevance. Critical Perspectives on Accounting, 23(1): 54-70. DOI: 10.1016/j.cpa.2011.06.002.
  39. Persiani N. (1996). Revisione Contabile e Gestionale negli Enti Locali. Padova: Cedam.
  40. Power M. (2007), Organized Uncertainty: Designing a World of Risk Management. New York: Oxford University Press.
  41. Roberts A. (2020). The Third and Fatal Shock: How Pandemic Killed the Millennial Paradigm. Public Administration Review, 80(4): 603-609. DOI: 10.1111/puar.13223.
  42. Roussy M. (2013). Internal auditors’ roles: From watchdogs to helpers and protectors of the top manager. Critical Perspectives on Accounting, 24(7-8): 550-571. DOI: 10.1016/j.cpa.2013.08.004.
  43. Roussy M., Perron A. (2018). New Perspectives in Internal Audit Research: A Structured Literature Review. Accounting Perspectives, 17(3): 345-385. DOI: 10.1111/1911-3838.12180.
  44. Ryan B., Scapens R.W., Theobald M. (a cura di) (2002). Research method and methodology in finance and accounting (2nd Ed.). London: Thomson Learning.
  45. Sheffield J., White S. (2004). Control self‐assessment as a route to organisational excellence: A Scottish Housing Association case study. Managerial Auditing Journal, 19(4): 484-492. DOI: 10.1108/02686900410530493.
  46. Spira L.F., Page M. (2003). Risk management: The reinvention of internal control and the changing role of internal audit. Accounting, Auditing & Accountability Journal, 16(4): 640-661. DOI: 10.1108/09513570310492335.
  47. Thomas G. (2011). A typology for the case study in social science following a review of definition, discourse, and structure. Qualitative Inquiry, 17(6), 511-521. DOI: 10.1177/1077800411409884.
  48. Trinchero E., Falivena C., Rappini V., Notarnicola E., Lecci F. (2023). Internal Auditing in Sanità: stato dell’arte e prospettive evolutive. In: CERGAS – Bocconi (a cura di). Rapporto OASI 2023. Milano: Egea.
  49. Vinnari E., Skærbæk P. (2014). The uncertainties of risk management A field study on risk management internal audit practices in a Finnish municipality. Accounting, Auditing and Accountability Journal, 27(3): 489-526. DOI: 10.1108/AAAJ-09-2012-1106.
  50. Vinten G. (2000). Control Self Assessment. For Risk Management and Other Practical Applications. Managerial Auditing Journal, 15(5): 253-255. DOI: 10.1108/maj.2000.15.5.253.2.
  51. White S., Bailey S., Asenova D. (2020). Blurred lines: exploring internal auditor involvement in the local authority risk management function. Public Money & Management, 40(2): 102-112. DOI: 10.1080/09540962.2019.1667682.
  52. Woods M. (2011). Risk Management in Organizations: An Integrated case study approach. New York, USA: Routledge.
  53. Yin R.K. (2018). Case study research and application: Design and Methods (6th Ed.). Thousand Oaks: Sage.
  54. Yin R.K. (2012). Applications of case study research (3rd Ed.). Washington D.C.: Sage.

Metriche

Caricamento metriche ...