Integrating Enterprise Risk Management and Internal Control System in SMEs: A Preliminary Study and Literature Review

This study explores the intricate relationship between Enterprise Risk Management (ERM) and Internal Control Systems (ICS) in small and medium-sized enterprises (SMEs). Drawing from a preliminary literature review of approximately 200 academic articles identified via Scopus and Web of Science, we investigate the degree to which ERM and internal controls are integrated. The central thesis asserts that a strong and symbiotic relationship exists between the two: there can be no effective internal control without comprehensive risk analysis, and ERM frameworks are incomplete without robust control mechanisms. The findings highlight the evolving convergence of these two domains, particularly in the SME context, where resources are constrained, and informal processes often prevail. This preliminary study lays the groundwork for more empirical exploration and offers theoretical insight into the integrative design of governance mechanisms in SMEs.