In increasingly complex and dynamic business developments, this research analyzes the strategic role of internal auditors in assessing risk governance in an organization using the ISO: 31000 enterprise risk management approach and its implications for corporate performance. The assurance process carried out by internal audit can use the three-line method approach. The three-line method approach prioritizes the importance of the role of three interrelated lines of defense, namely: the first line (operational), which is the front part of the company that faces risks; the second line (supervision) which acts as the controller and supervisor of the first line, then the third line, namely internal audit which functions as the party that carries out independent evaluation and analysis of the control performance. The research that has been carried out has shown that internal audit plays a vital role in implementing ERM, such as identifying and assessing risks that may arise in the company and then providing recommendations on internal controls that are not yet effective in delivering added value to the company. Apart from that, practical assurance activities by internal auditors can provide benefits in optimizing risk governance, which can create a sound risk culture in every company's operational activity.

Beasley, M., Branson, B., & Pagach, D. (2023). An Evolving Risk Landscape: Insights from a Decade of Surveys of Executives and Risk Professionals. Journal of Risk and Financial Management, 16(1), 29. https://doi.org/10.3390/jrfm16010029

Eulerich, A., & Eulerich, M. (2020). What is the value of internal auditing? – A literature review on qualitative and quantitative perspectives. Maandblad Voor Accountancy En Bedrijfseconomie, 94(3/4), 83–92. https://doi.org/10.5117/mab.94.50375

Gleim Publications. (2021). Study Unit Four Risk Management.

Hardjomidjojo, H., Pranata, C., & Baigorria, G. (2022). Rapid assessment model on risk management based on ISO 31000:2018. IOP Conference Series: Earth and Environmental Science, 1063(1), 012043. https://doi.org/10.1088/1755-1315/1063/1/012043

Hassan, M. K., Abdulkarim, M. E., & Ismael, H. R. (2022). Risk governance: exploring the role of organisational culture. Journal of Accounting & Organizational Change, 18(1), 77–99. https://doi.org/10.1108/JAOC-01-2021-0003

Hidayat, F. (2018, August 4). Penerapan ERM Tingkatkan Value Added Perusahaan. Https://Www.Beritasatu.Com/Ekonomi/504105/Penerapan-Erm-Tingkatkan-Value-Added-Perusahaan.

Horvey, S. S., & Ankamah, J. (2020). Enterprise risk management and firm performance: Empirical evidence from Ghana equity market. Cogent Economics & Finance, 8(1), 1840102. https://doi.org/10.1080/23322039.2020.1840102

Hubbard, D. W. (2020). The Failure of Risk Management: Why It’s Broken and How to Fix It (2nd ed.). Wiley.

Insitute Internal Auditor. (2022). The IIA’s CIA Learning System Part 1. Insitute Internal Auditor.

Institute of Risk Management. (2018). A Risk Practitioners Guide to ISO 31000: 2018. Institute of Risk Management.

Jassem, S. (2022). Influence of internal audit functions on enterprise risk management: evidence from Malaysian transportation industry. International Journal of Business Excellence, 26(2), 196. https://doi.org/10.1504/IJBEX.2022.121583

Karanja, E. (2017). Does the hiring of chief risk officers align with the COSO/ISO enterprise risk management frameworks? International Journal of Accounting & Information Management, 25(3), 274–295. https://doi.org/10.1108/IJAIM-04-2016-0037

Lundqvist, S. A. (2015). Why firms implement risk governance – Stepping beyond traditional risk management to enterprise risk management. Journal of Accounting and Public Policy, 34(5), 441–466. https://doi.org/10.1016/j.jaccpubpol.2015.05.002

Miftakhatun, M. (2020). Analisis Manajemen Risiko Teknologi Informasi pada Website Ecofo Menggunakan ISO 31000. Journal of Computer Science and Engineering (JCSE), 1(2), 128–146. https://doi.org/10.36596/jcse.v1i2.76

Natasya Safitri, D., Fitria Sari, R., & Setya Dharmawan, Y. (2021). Analisis Manajemen Risiko Sistem Enterprise Resource Planning Menggunakan Kerangka Kerja ISO 31000 pada PT. XYZ. Aisyah Journal of Informatics and Electrical Engineering, 3(1), 58–67.

Putra, Z., & Chan, S. (2017). DESAIN MANAJEMEN RISIKO BERBASIS ISO 31000 PADA PDAM TIRTA MEULABOH. Jurnal Ekombis Fakultas Ekonomi Teuku Umar, 3(1).

Rachman, V. (2022, March 14). Bank Mandiri, Adopsi Tiga Elemen untuk Perkokoh Ketahanan Bisnis. Https://Swa.Co.Id/Business-Champions/Companies/Companies-Good-Corporate-Governance/Bank-Mandiri-Adopsi-Tiga-Elemen-Untuk-Perkokoh-Ketahanan-Bisnis.

Ramadhan, D. L., Febriansyah, R., & Dewi, R. S. (2020). Analisis Manajemen Risiko Menggunakan ISO 31000 pada Smart Canteen SMA XYZ. JURIKOM (Jurnal Riset Komputer), 7(1), 91. https://doi.org/10.30865/jurikom.v7i1.1791

Sekar, M. (2022). Three Lines of Defense. In Machine Learning for Auditors (pp. 3–12). Apress. https://doi.org/10.1007/978-1-4842-8051-5_1

Sheedy, E., & Griffin, B. (2018). Risk governance, structures, culture, and behavior: A view from the inside. Corporate Governance: An International Review, 26(1), 4–22. https://doi.org/10.1111/corg.12200

Stein, V. (2019). Framing risk governance. Management Research Review.

Susilo, L. J., & Kaho, V. R. (2018). Manajemen Risiko. Panduan Untuk Risk Leaders Dan Risk Practitioners. PT. Gramedia Widiasarana Indonesia.

van Asselt, M. B. A., & Renn, O. (2011). Risk governance. Journal of Risk Research, 14(4), 431–449. https://doi.org/10.1080/13669877.2011.553730

Wicaksono, A. Y. (2020). Applying ISO:31000:2018 as Risk Management Strategy on Heavy Machinery Vehicle Division. International Journal of Science, Engineering, and Information Technology, 4(2), 198–202. https://doi.org/10.21107/ijseit.v4i2.6871

Yudianto, I., Mulyani, S., Fahmi, M., & Winarningsih, S. (2021). The Influence of Enterprise Risk Management Implementation and Internal Audit Quality on Universities’ Performance in Indonesia. Journal of Southwest Jiaotong University, 56(2), 149–164. https://doi.org/10.35741/issn.0258-2724.56.2.13

Zain, M. (2022). Study Book CIA Part 1.