Integrated Governance, Risk, and Compliance (GRC) and Combined Assurance: A Comparative Institutional Study

Abstract

The combined assurance model plays a pivotal role in integrating a company’s governance, risk, and compliance (GRC) processes. More than a decade after the South African financial market initiated the model through King III Report in 2009, the Indonesian financial market strived to adopt it in 2013. However, very few companies in Indonesia have reported its implementation. We hypothesized that institutional theory could explain the phenomenon. This comparative study thus used qualitative and quantitative approaches to analyze the adoption of the combined assurance model in South African and Indonesian markets. Qualitative content analysis was employed to interrogate the annual reports of 130 companies listed on the Johannesburg Stock Exchange and the Indonesia Stock Exchange to identify professions and their activities in implementing the model. Afterwards, an estimation model was built using binary logistic regression based on the identified variables. It was found that regulative and normative pillars were the most determining factors in implementing a combined assurance model. In addition, it was found that the integrated report approach and market capitalization were associated with model implementation. These findings can be the basis for state and professions (i.e., authorities, regulators, and standard-setting bodies), especially in Indonesia, to enhance the companies’ integrated GRC.

Keywords: combined assurance; corporate governance; institutional theory; risk management; internal audit