Next Article in Journal
Rand, Rates, and Returns: Unravelling the Volatility Nexus in South Africa’s Financial Markets
Previous Article in Journal
Financial-Market Forecasting and Modelling from Econometrics to AI: An Integrated Systematic and Bibliometric Review with Content Synthesis (1990–2024)
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
JRFM
Volume 19
Issue 3
10.3390/jrfm19030229
jrfm-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Artificial Intelligence (AI) Adoption and Enterprise Risk Management (ERM): The Roles of Information Technology (IT) Infrastructure Flexibility, Technology Competence, and Organizational Culture in Ghana

by
Kumah Takyi Kwasi Godson
* and
Syed Ahmed Salman
*
School of Business and Management, Lincoln University College, Petaling Jaya 47301, Selangor Darul Ehsan, Malaysia
*
Authors to whom correspondence should be addressed.
J. Risk Financial Manag. 2026, 19(3), 229; https://doi.org/10.3390/jrfm19030229
Submission received: 21 February 2026 / Revised: 11 March 2026 / Accepted: 16 March 2026 / Published: 19 March 2026
(This article belongs to the Section Risk)
Browse Figures
Versions Notes

Abstract

Artificial Intelligence (AI) is transforming audit practice by redefining traditional frameworks and enabling the automation of data analysis, risk assessment, substantive testing, and continuous monitoring. This study investigates the effect of AI adoption by audit firms on enterprise risk management (ERM). It further assesses the mediating role of Information Technology (IT) infrastructure flexibility and the moderating roles of technology competencies and organizational culture in this relationship. Data were collected from 355 top managers in Ghana using a judgmental sampling technique based on predefined inclusion and exclusion criteria. The analysis was conducted using Partial Least Squares Structural Equation Modelling (PLS-SEM) with SmartPLS 4.1.1.7. The findings indicate that AI adoption positively and significantly influences ERM and IT infrastructure flexibility. IT infrastructure flexibility also has a positive effect on ERM and partially mediates the relationship between AI adoption and ERM. In addition, technology competencies significantly strengthen the relationship between AI adoption and ERM. Organizational culture positively moderates the relationship between IT infrastructure flexibility and ERM. These insights underscore the need for strategic alignment between AI investments and organizational capabilities. The study contributes to the limited empirical literature on AI-driven ERM in emerging economies and offers insights for policymakers and regulators seeking to promote technology-aided ERM.

1. Introduction

Enterprise Risk Management (ERM) has become a central strategic function in audit firms, enabling them to address complex financial, operational, and legal risks (Stasse et al., 2025; Cohen et al., 2017). ERM offers a structured process for identifying, assessing, and mitigating risks, thereby supporting informed decision-making, strengthening internal controls, and protecting organizational reputation (Mupa et al., 2024). In a regulatory environment characterized by rapid technological change, firms that effectively implement ERM are better positioned to ensure client compliance, sustain stakeholder confidence, and maintain operational resilience (Monazzam & Crawford, 2024). Proactive risk management also contributes to sustained profitability and competitive advantage.
The integration of Artificial Intelligence (AI) into auditing has significantly reshaped the profession by enabling efficient and accurate analysis of large datasets (Singh et al., 2025). AI applications, including machine learning and predictive analytics, support auditors in detecting anomalies, evaluating risk exposure, and generating evidence-based recommendations. By automating repetitive tasks, AI reduces human error, improves audit quality, and increases productivity (Qudus, 2025). As financial systems grow more complex and regulatory requirements intensify, AI-enabled audit firms are better equipped to ensure compliance, generate deeper insights, and strengthen client trust (Victor-Mgbachi, 2024).
AI also enhances ERM by facilitating real-time risk identification, assessment, and mitigation (Chinta et al., 2024). AI-driven ERM systems leverage big data analytics and predictive models to detect patterns and anticipate potential threats more accurately than traditional methods. Integrating AI into audit-related risk frameworks strengthens internal controls, improves risk monitoring, and accelerates strategic responses (Udoh, 2024). This integration supports resilience, operational efficiency, and sound governance across financial, operational, and regulatory domains.
Despite these advantages, audit firms continue to face substantial challenges. Rapid technological change, evolving regulatory demands, and economic uncertainty increase exposure to emerging risks (Dosi, 2023). Traditional risk management approaches often struggle to address threats such as fraud, cybercrime, and operational inefficiencies. Although AI offers significant potential to improve risk assessment and decision-making, many audit firms lack the structures and expertise required to deploy it effectively. Inadequate implementation may introduce new risks that undermine audit accuracy, operational performance, and crisis response (Munoko et al., 2020).
Existing research has examined AI adoption in auditing and its implications for ERM, primarily in developed economies, reporting improvements in risk prediction and internal control effectiveness (Hu et al., 2021; Nguyen et al., 2025; Oluyombo & Ajakaiye, 2024). However, empirical evidence from developing and emerging economies such as Ghana remains limited. Differences in institutional frameworks, technological readiness, resource capacity, and risk perceptions suggest that findings from advanced economies may not be fully generalizable (Webster & Gardner, 2019). This gap underscores the need to investigate AI-driven ERM within emerging market contexts.
To address this gap, the study proposes IT infrastructure flexibility as a mediating mechanism. Flexible IT systems facilitate the integration of AI tools, support interoperability across analytics platforms, and enable rapid responses to risk assessments (Sundaramurthy et al., 2022). Although conceptually relevant, the mediating role of IT infrastructure flexibility in the relationship between AI adoption in auditing and ERM remains underexplored. In addition, technology competencies may influence the effectiveness of AI implementation (Chen & Tajdini, 2025), yet their moderating role in the AI–ERM relationship has not been sufficiently examined. Organizational culture, reflected in shared norms and risk-oriented values, may also shape how technological flexibility translates into effective risk management (Goncalves et al., 2020), but its moderating effect between IT infrastructure flexibility and ERM requires further investigation.
This study therefore examines the effect of AI adoption by auditing firms on ERM in emerging economies, evaluates the mediating role of IT infrastructure flexibility, and assesses the moderating roles of technology competencies and organizational culture. Specifically, it addresses the following research questions:
  • What is the effect of AI adoption on ERM and IT infrastructure flexibility?
  • How does IT infrastructure flexibility influence ERM?
  • Does IT infrastructure flexibility mediate the relationship between AI adoption and ERM?
  • Do technology competencies moderate the relationship between AI adoption and ERM?
  • Does organizational culture moderate the relationship between IT infrastructure flexibility and ERM?
This research makes several significant contributions to the existing literature on AI adoption in the auditing field. First, it provides empirical evidence on how AI adoption by audit firms influences ERM and IT infrastructure flexibility. Second, it clarifies the mediating role of IT infrastructure flexibility in translating AI adoption into tangible risk management outcomes. Third, it evaluates the moderating role of technology competencies on the AI–ERM relationship. Fourth, it investigates how organizational culture shapes the relationship between IT infrastructure flexibility and ERM.
The study is motivated by the increasing complexity of the auditing environment, driven by regulatory pressures, technological change, and evolving risk profiles. Understanding these relationships is essential for improving audit quality, strengthening decision-making, and enhancing organisation resilience. The findings provide practical guidance for audit firms in developing economies on leveraging AI, strengthening IT systems, and building organizational capabilities to achieve effective risk management, regulatory compliance, and sustained competitive performance.

2. Literature Review

2.1. Theoretical Background of the Study

The resource-based view (RBV) provides a relevant theoretical foundation for this study. RBV argues that firms achieve competitive advantage by effectively deploying valuable, rare, inimitable, and well-organized resources (Wernerfelt, 1984). In the auditing context, AI capabilities and flexible IT infrastructure represent strategic resources that strengthen risk management processes. Firms with advanced technological assets and adaptable IT systems are better positioned to identify, assess, and mitigate risks (Pan et al., 2015). Within this framework, IT infrastructure flexibility functions as a mechanism that converts AI investments into operational improvements by enabling the effective application of AI-generated insights. RBV also emphasizes the importance of technology competencies. Auditors’ skills and expertise determine how effectively AI tools are deployed, thereby shaping their contribution to risk assessment accuracy and operational performance (Hu et al., 2021).
The technology–organization–environment (TOE) framework offers a complementary perspective. It explains that technology adoption and effectiveness are influenced by technological characteristics, organizational capabilities, and environmental conditions (Tornatzky et al., 1990). In this study, organizational culture represents a key organizational factor that shapes how IT infrastructure flexibility translates into improved risk management. A culture that supports innovation, learning, and proactive risk management facilitates the effective integration of flexible IT systems and strengthens risk mitigation efforts (Chan et al., 2019). The TOE framework further suggests that technology alone does not guarantee improved outcomes; its value depends on alignment with human expertise and organizational structures.
By integrating RBV and TOE, this study establishes a comprehensive theoretical foundation. RBV explains how strategic technological resources such as AI and flexible IT infrastructure create potential value, while TOE clarifies the organizational conditions required to realize that value. Together, these frameworks support the examination of mediating and moderating mechanisms that influence risk management effectiveness in emerging economies.

2.2. Hypothesis Development

The proposed hypothesized relationship between the variables is presented in Figure 1 (Conceptual framework). Also, the hypothesized number assigned to each relationship, as well as the legend indicating whether each relationship is direct, mediating, or moderating, is presented in Figure 1.

2.2.1. The Relationship Between AI Use in Auditing and ERM

AI adoption in auditing enhances risk management by enabling timely detection of weaknesses (Mohammed, 2023). Machine learning algorithms and anomaly detection tools enable auditors to analyze large volumes of financial and operational data, uncovering irregularities that traditional sampling techniques may miss. Empirical evidence indicates that AI-driven continuous auditing systems detect more anomalies and potential fraud cases, thereby reducing information asymmetry and reinforcing internal controls (Wang et al., 2025). From the RBV, AI constitutes a valuable and difficult-to-imitate resource that enhances internal audit effectiveness and supports sustained competitive advantage when aligned with organizational objectives (Nunes et al., 2022).
AI also advances risk assessment by supporting real-time modeling of complex risk scenarios (Chowdhury, 2025). The application of natural language processing in audit analytics enables the examination of unstructured data, such as emails and contracts, to identify compliance risks (Qatawneh, 2025). The TOE framework explains that the effectiveness of such technologies depends on technological capability, organizational readiness, including skilled personnel, and regulatory conditions. When these factors are aligned, AI integration enhances the scope and responsiveness of ERM by consolidating multiple risk indicators and ensuring that internal processes meet external regulatory standards (Nguyen et al., 2025).
AI-driven predictive analytics further strengthens strategic decision-making and risk mitigation (Diameh et al., 2025). Empirical findings show that predictive audit models improve the accuracy of risk-event forecasts, enabling more efficient allocation of organizational resources (Saha, 2025). Within the RBV perspective, this predictive capacity represents a strategic asset that enhances resilience and long-term performance. Integrating AI into ERM frameworks supports a shift from reactive risk responses to proactive risk anticipation, reinforcing the strategic importance of AI-enabled auditing practices (Hunziker, 2025). This research posits the following:
Hypothesis 1 (H1).
AI adoption will have a positive and significant impact on ERM.

2.2.2. The Relationship Between AI Use in Auditing and IT Infrastructure Flexibility

AI adoption in auditing strengthens risk management when supported by flexible IT infrastructure, which enables firms to adjust audit processes in response to emerging risks (Singh et al., 2025). Advanced AI applications, including machine learning and robotic process automation, require IT systems capable of processing large data volumes, integrating multiple platforms, and delivering real-time insights. Evidence indicates that embedding AI within agile IT frameworks improves the detection of anomalies and control deficiencies across diverse data sources (Onyenahazi, 2025). From the RBV, IT infrastructure flexibility represents a strategic asset that complements AI capabilities and enables rapid adaptation to evolving risk conditions, thereby sustaining competitive advantage (Udoh, 2024).
The TOE framework further explains the role of IT flexibility in maximizing AI effectiveness. According to TOE, successful technology integration depends on technological readiness (such as interoperable systems), organizational commitment (including IT investment), and environmental pressures (such as regulatory change). Empirical findings show that audit firms using modular, cloud-based IT architectures are more likely to implement continuous auditing and analytics, thereby improving risk assessment and compliance monitoring (Bukhari et al., 2021). Flexible infrastructure also lowers integration costs and supports timely updates to AI models to meet internal audit requirements and external regulatory standards (Rane, 2023).
IT infrastructure flexibility enhances the scalability and responsiveness of AI-driven audit practices (Ampofo et al., 2024). Organizations with adaptable IT ecosystems demonstrate greater capacity to apply predictive analytics for early risk detection (Ridwan & AlFanur, 2025). From the RBV perspective, the combined deployment of AI and flexible IT systems constitutes a distinctive organizational capability that strengthens proactive risk management and facilitates the shift from periodic audits to continuous, real-time risk monitoring. This research hypothesized the following:
Hypothesis 2 (H2).
AI adoption will have a positive and significant impact on IT infrastructure flexibility.

2.2.3. The Relationship Between IT Infrastructure Flexibility and ERM

IT infrastructure flexibility is essential for strengthening ERM, as it enables organizations to respond promptly to emerging risks and operational changes (Mupa et al., 2024). Flexible systems, such as cloud-based platforms, modular architectures, and interoperable databases, allow firms to integrate diverse risk data sources in real time. This integration improves risk identification, evaluation, and decision-making. Empirical evidence indicates that organizations with adaptable IT infrastructures implement more agile ERM processes, leading to stronger management of financial, operational, and strategic risks (Anjaria, 2025). From RBV, IT infrastructure flexibility represents a valuable and distinctive capability that supports sustained competitive advantage by enhancing the firm’s ability to manage uncertainty.
The TOE framework further clarifies how flexible IT infrastructure enhances ERM. It emphasizes the alignment of technological readiness, organizational capacity, and environmental awareness in achieving effective technology utilization. Firms with adaptable IT systems are better positioned to deploy advanced risk analytics, predictive modeling, and continuous monitoring tools, which are essential for proactive risk management (Adeniran et al., 2024a). Research shows that organizations embedding IT flexibility within ERM frameworks demonstrate greater responsiveness to regulatory and market changes (Arnold et al., 2015). TOE therefore highlights the importance of internal preparedness and sensitivity to external conditions in maximizing the value of flexible IT systems.
Flexible IT infrastructure also supports scenario analysis, stress testing, and the development of responsive control mechanisms (Oko-Odion & Angela, 2025). These capabilities enable timely adjustments to operational processes and efficient communication of risk information. Within the RBV perspective, such adaptability constitutes a strategic advantage that strengthens organizational resilience and long-term sustainability. In increasingly volatile environments, flexible IT infrastructure enables a shift from reactive risk management to proactive, strategically integrated ERM (Mupa et al., 2024). This research posits the following:
Hypothesis 3 (H3).
IT infrastructure flexibility will have a positive and significant impact on ERM.

2.2.4. The Mediation Role of IT Infrastructure Flexibility in the Relationship Between AI Use in Auditing on ERM

IT infrastructure flexibility enables organizations to fully leverage AI for proactive risk mitigation (Adenuga et al., 2024). While AI performs advanced analytics, detects anomalies, and generates forecasts, its effectiveness depends on IT systems capable of processing large volumes of structured and unstructured data in real time. Empirical findings show that firms with flexible infrastructures, such as cloud-based, modular, and interoperable systems, achieve stronger ERM outcomes when integrating AI into audit processes (Usul & Alpay, 2025). From the RBV, flexible IT infrastructure constitutes a complementary strategic asset that enhances the value derived from AI and supports sustained competitive advantage in risk management.
The TOE framework further explains the mediating role of IT infrastructure flexibility in the AI–ERM relationship. Effective AI-driven auditing requires scalable systems, integration across diverse data sources, and adaptability to regulatory changes (Sewpersadh, 2025). Evidence indicates that organizations with adaptable IT environments are more successful in applying continuous auditing and predictive analytics to convert AI insights into actionable risk mitigation strategies (Ogedengbe et al., 2023). Flexible IT systems support continuous data flows, model refinement, and scenario analysis, thereby linking AI implementation to measurable improvements in ERM performance.
Flexible IT infrastructure also enables the transition from reactive to anticipatory risk management approaches (Chester & Allenby, 2019). The integration of AI analytics with adaptable IT systems enables real-time monitoring, rapid anomaly detection, and timely decision-making. Within the RBV framework, this alignment represents a distinctive organizational capability that enhances resilience. Empirical evidence further suggests that without adequate IT flexibility, AI adoption in auditing may yield limited ERM benefits (Nguyen et al., 2025), highlighting the critical mediating role of IT infrastructure in translating technological investment into effective risk management outcomes. This study postulates the following:
Hypothesis 4 (H4).
IT infrastructure flexibility will positively and partially mediate the relationship between AI use in auditing and ERM.

2.2.5. The Moderating Role of Technology Competencies in the Relationship Between AI Use in Auditing and ERM

Technology competencies play a critical role in determining the effectiveness of AI in auditing and ERM. Organizations with strong technical expertise, particularly in applying AI to detect anomalies, prevent fraud, and forecast emerging threats, are better positioned to realize its benefits (Bello & Olufemi, 2024). Empirical evidence shows that firms with advanced technological capabilities achieve stronger ERM outcomes when implementing AI-driven audit systems (Singh et al., 2025). From the RBV, technology competencies constitute strategic assets that complement AI capabilities, enhance their value, uniqueness, and inimitability in strengthening risk management performance (Sen et al., 2020).
The TOE framework further explains this moderating role by emphasizing that technological tools alone do not guarantee improved outcomes. Effective utilization depends on organizational readiness and the ability to integrate new systems with existing processes. Technologically proficient firms can embed AI into audit workflows, interpret analytical outputs accurately, and respond effectively to emerging risks (Sewpersadh, 2025). In contrast, firms with limited technical capacity may struggle to derive meaningful ERM improvements from AI adoption. Research indicates that implementing AI without sufficient expertise yields minimal gains in risk management effectiveness (Di Palma et al., 2025).
Strong technology competencies also enable organizations to refine AI models and develop innovative risk mitigation strategies in response to evolving threats (Zeriouh & Amara, 2025). This moderating effect underscores that AI alone is insufficient for effective ERM; its value depends on the organization’s ability to manage and adapt to the technology. Within the RBV perspective, the integration of AI with advanced technological expertise forms a distinctive organizational capability that enhances resilience and supports a proactive approach to strategic risk management (Sundaramurthy et al., 2022). This study hypothesized the following:
Hypothesis 5 (H5).
Technology competencies will have a significant and positive moderating effect on the relationship between AI adoption and ERM.

2.2.6. The Moderating Role of Organizational Culture in the Relationship Between IT Infrastructure Flexibility and ERM

Organizational culture shapes how effectively technology is applied to risk governance, influencing both IT infrastructure adaptability and ERM performance (Hassan et al., 2022). A culture that promotes innovation, collaboration, and risk awareness encourages the adoption and effective use of flexible IT systems, including cloud-based, modular, and interoperable platforms. These systems enable real-time threat monitoring, scenario analysis, and timely responses to emerging risks (Ahsan, 2025). Empirical evidence shows that firms with adaptive cultures achieve stronger ERM outcomes when supported by flexible IT infrastructures, as employees are more likely to use technological tools for risk identification, assessment, and mitigation (S. A. Ahmad & Teo, 2024). From the RBV, organizational culture functions as a complementary resource that enhances the strategic value of IT flexibility and strengthens long-term competitive advantage.
The TOE framework further explains that technological resources yield optimal results when supported by conducive cultural and administrative practices. Organizations that encourage innovation and informed risk-taking are better able to align IT capabilities with strategic goals, facilitate cross-functional information sharing, and adapt to regulatory and environmental changes (J. Ahmad, 2024). Research indicates that cultural alignment enhances the translation of IT flexibility into improved ERM performance, even in complex, highly regulated environments (Arnold et al., 2015).
Organizational culture also affects knowledge sharing, organisational learning, and the effective use of IT-enabled risk management systems (Azizi et al., 2026). An open, adaptive culture strengthens risk management processes by enabling the effective deployment of flexible IT solutions. Within the RBV perspective, the interaction between supportive culture and IT adaptability constitutes a distinctive organizational capability that enhances resilience, supports strategic risk management, and contributes to long-term sustainability (Florez-Jimenez et al., 2024). This study conjectured the following:
Hypothesis 6 (H6).
Organizational culture will have a significant and positive moderating effect on the relationship between IT Infrastructure and ERM.

3. Materials and Methods

3.1. Population Target and Sample Size

This study examines audit firms in Ghana, a context characterized by a well-defined legislative and professional framework that shapes audit quality and risk management practices (Owusu-Afriyie et al., 2024). The Institute of Chartered Accountants, Ghana (ICAG), established under Act 1058, regulates accounting and auditing practice, issues licenses, and monitors audit quality nationwide. The Companies Act, 2019 requires that only auditors registered with ICAG conduct statutory audits, ensuring compliance with the International Standards on Auditing (ISA). In addition, the adoption of Global Internal Audit Standards and strengthened supervisory mechanisms has reinforced the role of audit firms in risk management and corporate governance (Amoako et al., 2023). These regulatory and professional structures provide a suitable and relevant setting for this investigation.
The study targets senior managers in AI-utilizing audit firms because of their central role in technology adoption, strategic oversight, and ERM implementation. Regulatory bodies such as the Ghana Audit Service and the Institute of Chartered Accountants, Ghana promote the use of digital technologies, including AI, to enhance audit quality and regulatory compliance (Celestin & Gidisu, 2024). Consistent with the key informant approach, senior managers were selected because they possess comprehensive knowledge of their firms’ strategic and technological activities. In many audit firms, these managers are directly involved in decisions regarding AI adoption, participate in IT infrastructure planning and technological investment decisions, and oversee or contribute to ERM implementation. Their strategic roles provide them with a broad understanding of organizational technological capabilities and risk management practices. Therefore, their responses are considered appropriate proxies for assessing firm-level constructs such as AI adoption, IT infrastructure flexibility, and ERM within Ghanaian audit firms.
Determining the exact population of top managers in Ghana’s audit firms is challenging due to the absence of a comprehensive registry. To address this limitation, the study applied the inverse-square-root method within Partial Least Squares Structural Equation Modeling (PLS-SEM) to estimate the minimum required sample size. This approach calculates the necessary sample based on the most complex structural paths and expected path coefficients. According to J. F. Hair et al. (2012), a minimum of 155 respondents were required to achieve adequate statistical power. This procedure ensured methodological rigor despite the lack of an official population database.

3.2. Selection Criteria and Sampling Strategy

The study established clear participation criteria to ensure the selection of relevant and knowledgeable individuals. Inclusion criteria required participants to: (1) hold a senior management position within an audit firm, reflecting accountability for strategic decisions and AI adoption; (2) actively oversee auditing operations utilizing AI tools; (3) have a minimum of two years’ tenure to ensure familiarity with organizational processes; and (4) reside in one of Ghana’s regions to ensure nationwide representation. Exclusion criteria disqualified respondents who: (1) occupied non-managerial roles, as they are not involved in strategic audit decisions; (2) lacked direct engagement with AI in auditing; (3) were interns or temporary staff, given their limited exposure to risk management practices; or (4) were employed by firms without AI adoption, ensuring all participants had relevant experience.
A judgmental sampling method was employed to deliberately select participants with the highest expertise and relevance to the research objectives (Ntona et al., 2023). This approach was appropriate because AI adoption is not uniform across all audit personnel or firms in Ghana. By targeting senior executives responsible for strategic decisions and AI oversight, the study ensured participants could provide informed perspectives on AI’s impact on ERM. This structured methodology enabled the collection of diverse insights across organizational contexts and regional settings, which would have been difficult to achieve through random sampling.
To mitigate potential biases inherent in this approach, the study included participants from all regions of Ghana, encompassing diverse managerial roles, firm sizes, and levels of audit experience. This strategy ensured broader representation and enhanced the reliability of insights regarding AI adoption across the audit sector.
Using this approach, the study gathered responses from 355 senior managers, surpassing the minimum estimated sample size of 155. Strategies that facilitated this outcome included scheduling interviews for clarification, allowing survey completion at participants’ convenience via follow-up calls or emails, coordinating with regional audit offices, sending personalized invitations emphasizing the study’s importance, and providing support to encourage participation. These measures ensured broad representation and enabled participants to share comprehensive views on AI-driven audit practices and ERM.

3.3. Procedures for Data Collection

This study employed Computer-Aided Web Interviewing (CAWI) to collect data through online surveys, enabling efficient access to senior managers across Ghana. This method allowed participants to respond at their convenience, accommodating busy schedules while ensuring timely and accurate data collection. The online platform automatically captured and organized responses, facilitating immediate verification and minimizing errors associated with manual data entry.
Data was collected between July 2025 and January 2026, providing sufficient time to reach senior executives across all regions and conduct follow-ups with non-respondents. The extended collection period allowed participants to reflect on their responses, improving the depth and quality of the data. This approach also enabled the research team to monitor response patterns, address technical issues promptly, and achieve a larger sample size than initially anticipated.

3.4. Measurement and Scale

This study utilized validated survey instruments (see Appendix A Table A1) adapted from prior empirical research to ensure the validity, reliability, and relevance of all constructs. 6 questions measuring AI adoption in auditing were drawn from Ananda et al. (2024) and focused on automation, data analytics, and AI integration in auditing processes. These items were directly applicable to Ghanaian audit firms, reflecting strategic and operational AI practices relevant to organizations using digital auditing tools.
ERM was assessed using 6 questions from Rehman and Anwar (2019), emphasizing the identification, quantification, and mitigation of risks in accordance with Ghanaian auditing regulations. IT infrastructure flexibility was measured using 9 items from Ravichandran et al. (2005) that address system scalability, connectivity, and adaptability. These items were appropriate given the diverse technological readiness among auditing firms in Ghana.
Technological competencies were evaluated using 10 questions from Compeau and Higgins (1995) that assess proficiency in computer use, system management, and data evaluation—key skills for senior executives responsible for AI implementation in audits. Organizational culture was assessed with 7 items from Lee et al. (2016), focusing on creativity, risk awareness, collaboration, and adaptability, which influence how IT flexibility and AI tools are effectively leveraged.
A five-point Likert scale, ranging from “Strongly Disagree” (1) to “Strongly Agree” (5), was used to capture participants’ responses (Mensah et al., 2026). This scale is user-friendly, minimizes respondent fatigue, captures meaningful variation, and enables comprehensive quantitative analysis of audit practices across Ghanaian firms.

3.5. Tools for Data Analysis

This study applied PLS-SEM to test the proposed causal relationships, including mediation and moderation effects. PLS-SEM was chosen for its suitability with exploratory theoretical models, small to moderate sample sizes, and non-normally distributed data, while maximizing the explained variance of endogenous constructs (J. Hair & Alamer, 2022; Obeng et al., 2026). The analysis was conducted using SmartPLS software 4.1.1.7, which employs centroid, factor, and path weighting schemes to iteratively estimate latent variable scores and structural coefficients until convergence is achieved. The measurement model was assessed for indicator reliability, internal consistency, convergent validity, and discriminant validity. To evaluate the structural model, bootstrapping with 5000 subsamples and a 95% confidence interval was applied. This approach provided robust estimates of direct, indirect, and interaction effects, allowing for a comprehensive assessment of the relationships among AI adoption, IT infrastructure flexibility, technology competencies, organizational culture, and ERM outcomes (Arhinful et al., 2026a; Asare Obeng et al., 2025a).

4. Results and Interpretation

4.1. Common Method Bias (CMB) Assessment

Harman’s single-factor test was conducted to assess the potential for common-method bias (CMB) in the self-reported survey data, with results reported in Appendix A Table A2. The unrotated exploratory factor analysis revealed that the first principal factor accounted for 15.857% of the total variance, well below the conservative 50% threshold (Edonomokumor et al., 2025). This finding indicates that the variance is distributed across multiple factors rather than dominated by a single source, suggesting that CMB is unlikely to substantially affect the relationships among constructs. Therefore, the study’s results can be considered reliable and valid.

4.2. Socio-Demographic Analysis

Table 1 summarizes the socio-demographic characteristics of the 355 senior executives who participated in the study. The sample is predominantly male (78.3%), with females representing 21.7%, reflecting the gender distribution within managerial roles in Ghana’s auditing sector. The majority of respondents work in small firms (42.0%), followed by medium-sized firms (36.6%) and large firms (21.4%), indicating that smaller and medium-sized organizations dominate the AI-enabled auditing landscape in Ghana.
Regarding firm age, 38.3% of audit firms have operated for 4 to 6 years, 29.9% for more than 10 years, 26.8% for 7 to 10 years, and 5.1% for 1 to 3 years, reflecting a mix of established and emerging firms. Regarding managerial tenure, 41.4% of respondents had held their positions for 4 to 6 years, while 31.3% had served for 7 to 10 years, suggesting substantial managerial experience.
Educationally, 45.4% of executives hold a Master’s degree, 23.9% a Bachelor’s degree, 29.3% a professional certification, and 1.4% a PhD, indicating that the senior management team is well-qualified, capable of leveraging AI, and proficient in overseeing risk management practices.

4.3. Descriptive Statistical Analysis

Table 2 presents the descriptive statistics for the study variables. The average AI adoption score indicates substantial AI use in auditing, reflecting a growing trend among Ghanaian audit firms to implement digital tools that enhance operational efficiency, accuracy, and security. The average ERM score demonstrates a strong commitment to systematic risk management, suggesting that firms actively identify and address potential issues.
The mean value for IT infrastructure flexibility indicates that audit firms maintain adaptable systems capable of supporting AI integration and proactively mitigating risks. The average technology competency score shows that managers possess the skills required to oversee and guide AI-driven auditing processes effectively. Finally, the organizational culture score reflects a supportive environment for innovation and collaboration, highlighting the potential to optimize AI utilization and promote adaptable audit practices.

4.4. PLS-SEM Model Assessment, Convergent Validity and Reliability

Table 3 presents the results of the PLS-SEM analysis, including assessments of model fit, convergent validity, and reliability. Prior to examining structural relationships, the overall model fit was evaluated to ensure alignment between the proposed theoretical structure and the empirical data. Establishing model fit is essential, as it confirms that the expected covariance structure corresponds with observed correlations, supporting valid interpretation of path coefficients. The standardized root mean square residual (SRMR) was 0.010, below the recommended threshold of 0.08 (Feng et al., 2017), indicating minimal discrepancy between predicted and observed correlations. The normed fit index (NFI) was 0.971, exceeding the minimum benchmark of 0.90 (Sathyanarayana & Mohanasundaram, 2024), confirming satisfactory model fit. Together, these indicators demonstrate that the model is robust and suitable for structural analysis.
Convergent validity was assessed to verify that multiple indicators of each latent construct effectively measure the same underlying theoretical concept (Chin & Yao, 2024). Standardized outer loadings and average variance extracted (AVE) were used for this evaluation. Indicators with loadings of 0.70 or higher, as illustrated in Figure 2, were retained, reflecting strong indicator validity (Arhinful et al., 2026b). AVE scores exceeded 0.50, indicating that each construct explains more than half of the variance in its indicators (Haji-Othman & Yusuff, 2022). These results confirm that the measurement model demonstrates adequate convergent validity and is appropriate for empirical testing.
Reliability analysis was conducted to ensure consistent measurement of constructs across items (Tavakol & Wetzel, 2020; Mensah et al., 2025). Cronbach’s alpha and composite reliability (CR) were calculated, with values of 0.70 or higher indicating satisfactory internal consistency (Asare Obeng et al., 2025b). All constructs met these thresholds, confirming that the indicators reliably represent their respective theoretical concepts and providing a solid foundation for subsequent structural model analysis.

4.5. Discriminant Validity

This study evaluated discriminant validity to ensure that the latent constructs in the measurement model are conceptually distinct and represent unique theoretical domains without excessive overlap (Rönkkö & Cho, 2022). Establishing discriminant validity is essential to avoid conceptual redundancy and to maintain clarity in the interpretation of structural relationships. The heterotrait–monotrait ratio (HTMT) was used as the primary assessment metric. As shown in Table 4, all HTMT values were below the recommended threshold of 0.85 (Ab Hamid et al., 2017), indicating that the constructs are sufficiently distinct. These results confirm that each construct captures a unique theoretical dimension, reinforcing the validity of the measurement model and enhancing confidence in the subsequent structural analysis.

4.6. Structural Model Evaluation

The structural model was evaluated to determine whether the proposed relationships are empirically supported and statistically robust. Assessment metrics included R2, Q2 predict, f2, and VIF, with results summarized in Table 5. R2 measures the proportion of variance in endogenous constructs explained by the model, with values of 0.75, 0.50, and 0.25 representing strong, moderate, and weak explanatory power, respectively (Hossan et al., 2020). The observed R2 values for EMR exceeded acceptable thresholds, indicating strong explanatory capacity. However, the R2 values for IT infrastructure flexibility were below the commonly accepted thresholds, indicating that the model explains a limited portion of the variance for this construct.
Q2 predict, derived using a blindfolding procedure, evaluates the model’s predictive relevance. Positive Q2 predict values suggest that the model can generate accurate predictions beyond the sample data (Nagar et al., 2024). Effect sizes were assessed using f2, where values of 0.02, 0.15, and 0.35 indicate small, medium, and large effects, respectively (Samartha, 2020). The results show that the predictor variables contributed meaningfully to the endogenous constructs.
The variance inflation factor (VIF) values were all below the recommended threshold of 5 (Mensah et al., 2026), suggesting that multicollinearity is not a concern and that common method bias is unlikely to pose a serious threat to the validity of the model. Collectively, these metrics demonstrate that the structural model is robust, reliable, and suitable for examining direct, mediating, and moderating relationships.

4.7. Hypothesis Testing

Table 6 presents the results of the direct, mediating, and moderating relationships used to evaluate the study hypotheses. The structural model is also illustrated in Figure 3.
First, AI adoption was found to have a positive and significant effect on ERM (β = 0.783, t = 11.924, p < 0.01), supporting Hypothesis H1. This confirms that greater AI integration enhances enterprise risk management outcomes.
Second, AI adoption exhibited a positive and significant relationship with IT infrastructure flexibility (β = 0.154, t = 3.822, p < 0.01), confirming Hypothesis H2. This indicates that AI use encourages the development of adaptable IT systems within audit firms.
Third, IT infrastructure flexibility had a positive and significant impact on ERM (β = 0.096, t = 3.989, p < 0.01), supporting Hypothesis H3. This demonstrates that adaptable IT infrastructure directly strengthens risk management capabilities.
The analysis further revealed that IT infrastructure flexibility partially mediates the relationship between AI adoption and ERM (β = 0.015, t = 2.569, p < 0.01), supporting Hypothesis H4. The partial mediation reflects the continuing significance of the direct effect of AI adoption on ERM identified in H1.
In addition, technology competencies were found to positively moderate the relationship between AI adoption and ERM (β = 0.097, t = 2.339, p < 0.01), supporting Hypothesis H5. Figure 4 illustrates that higher technological proficiency strengthens the positive impact of AI on risk management outcomes.
Finally, the interaction between organizational culture and IT infrastructure flexibility was positive and significant for ERM (β = 0.087, t = 3.262, p < 0.01), supporting Hypothesis H6. As shown in Figure 5, a supportive organizational culture amplifies the benefits of flexible IT systems on enterprise risk management.

4.8. Robustness Testing

This study used a Gaussian Copula for endogeneity tests, and the results are presented in Table 7. The results show that the copula terms for all tested paths are not significant, with p-values of 0.433, 0.553, and 0.642 (Eckert & Hohberger, 2023). This indicates that there is no evidence of endogeneity in any of the relationships and that the structural estimates are unbiased.
The study used Finite Mixture Partial Least Squares (FIMIX-PLS) to assess unobserved heterogeneity, and the results are presented in Table 8. The results indicate that the four-segment solution produced the lowest BIC (290.220) and CAIC (329.220) values with acceptable normed entropy (0.834) and segment sizes above 10%, suggesting that the sample contains four distinct latent subgroups (Sarstedt et al., 2017). This provides clear evidence of unobserved heterogeneity in the data.

5. Discussion of the Findings

The study found that AI adoption by auditing firms had a positive and significant effect on ERM, consistent with previous research (Hu et al., 2021; Nguyen et al., 2025; Oluyombo & Ajakaiye, 2024). The strong positive relationship between AI adoption and ERM suggests that AI adoption plays a critical role in strengthening risk management capabilities within audit firms. In the context of Ghanaian audit firms, the integration of AI technologies enhances real-time data analytics, automated risk detection, and predictive monitoring, which directly support the identification, assessment, and mitigation of organizational risks. As a result, firms that adopt AI are better positioned to implement more effective ERM practices.
Technological tools enable audit firms to process data efficiently, identify risks, and generate predictive analytics that improve decision-making processes (Diameh et al., 2025). However, the effective implementation of these technologies depends on organizational readiness, including managerial expertise and flexible IT infrastructure, as well as external pressures such as compliance with corporate governance regulations in Ghana (Anomah, 2025; Marx & Mynhardt, 2021).
These findings are consistent with the TOE Framework, which emphasizes that technological outcomes are shaped by the interaction of technological resources, organizational capabilities, and environmental influences. Beyond confirming the framework, this study extends its application by demonstrating how AI adoption specifically strengthens enterprise risk management practices within audit firms in an emerging economy context, highlighting the role of technological capabilities in enhancing risk governance under regulatory and competitive pressures.
In this regard, regulatory oversight from the Institute of Chartered Accountants, Ghana (ICAG) through quality assurance assessments encourages the adoption of modern auditing technologies and risk management practices (Ainapure & Ainapure, 2009). Additionally, firm-level initiatives that train managers in risk analytics and competitive pressures within the audit industry motivate firms to adopt advanced tools and adhere to best practices (Syam et al., 2025). As financial transactions and reporting requirements become increasingly complex, the adoption of digital technologies enhances both the accuracy and efficiency of auditing processes, thereby reinforcing the strong relationship between AI adoption and ERM implementation.
The study also found that AI adoption positively influenced IT infrastructure flexibility. Optimal performance requires systems capable of handling large data volumes, supporting advanced analytics, and enabling real-time audit monitoring (Rajput & Katamba, 2024). Firms with flexible IT infrastructures are better positioned to leverage these capabilities. External factors, including Ghana’s legal and regulatory environment, further motivate investment in adaptable IT systems (Ahinsah-Wobil, 2024).
These results are consistent with the TOE framework, which emphasizes that integrating contemporary technologies with organizational readiness enhances IT flexibility. Beyond confirming the framework, the findings extend TOE by showing how AI-driven technologies in audit firms contribute to greater IT infrastructure flexibility within a regulated emerging economy context. Contributing factors include directives from the ICA, Ghana and other regulatory authorities encouraging the adoption of digital auditing tools (Celestin & Gidisu, 2024), the deployment of cloud-based or modular IT systems to support audit processes, and managerial efforts to optimize IT platforms for compatibility with advanced analytics (Mogali, 2025). Maintaining adaptable systems allows firms to implement new auditing applications efficiently, ensuring timely and accurate reporting while remaining competitive.
IT infrastructure flexibility was found to have a positive and significant impact on ERM. Scalable and interoperable IT systems enable firms to aggregate diverse risk data, monitor operations in real time, and implement system modifications rapidly in response to emerging risks (Oko-Odion & Udoh, 2024). Organizational competencies, including managerial expertise and defined IT standards, facilitate the effective use of these systems (Caldeira & Dhillon, 2010), while external pressures, such as regulatory compliance, underscore the need for robust risk management capabilities (Adeniran et al., 2024b).
These findings further support the TOE framework, demonstrating that adaptable technological systems are most effective for risk management when combined with organizational and environmental enablers. Ghanaian audit firms increasingly employ modular or cloud-based IT infrastructures in response to methodological advancements and evolving auditing requirements (Anomah et al., 2024). ICAG’s quality assurance programs and reporting standards guide firms in risk identification, regulatory compliance, and the adoption of flexible solutions (Raphael et al., 2024). By maintaining adaptable systems, firms can identify, assess, and mitigate risks efficiently in the face of growing audit complexity and competitive pressures.
The study also identified IT infrastructure flexibility as a partial mediator between technology adoption and ERM. The effectiveness of integrating advanced tools into IT systems depends on their scalability and adaptability (Hammad & Abu-Zaid, 2024). Flexible infrastructure enables real-time data processing, predictive analytics, and rapid risk monitoring, thereby linking technology implementation to improved risk management outcomes.
These results align with the TOE framework, emphasizing that technological readiness alone is insufficient, as organizational competencies enhance the effectiveness of technological tools in risk governance. Beyond confirming the framework, the findings extend TOE by illustrating how flexible IT infrastructure enables more effective enterprise risk management within audit firms in a regulated emerging economy context. Ghanaian audit firms have invested in cloud-based and modular IT systems to support advanced auditing processes (Anomah et al., 2024). Regulations and quality assurance initiatives from the Institute of Chartered Accountants, Ghana promote technologies that improve reporting accuracy. Managerial strategies, such as enhancing IT systems and training staff, further increase infrastructure flexibility. Environmental pressures, including competition and complex regulatory requirements, also motivate firms to maintain adaptable systems (Eyinade et al., 2021). Together, these factors explain how flexible IT infrastructure facilitates the effective management of business risks.
Technology competencies were found to positively moderate the relationship between AI adoption and ERM. The effectiveness of advanced tools in improving audits and risk management depends on the organization’s technical expertise (Udoh, 2024). Skilled managers can utilize these tools, interpret complex analytics, and implement data-driven strategies to mitigate risks, enhancing overall ERM performance.
These findings support the TOE framework, indicating that technology alone is insufficient; effective utilization depends on managerial competence. In Ghana, audit firms support managers through professional development programs that build proficiency in advanced auditing techniques (Anomah, 2025). Competitive pressures and ICAG quality standards further incentivize the development of technical expertise, strengthening the link between technology use and risk management. Skilled managers can translate technological capabilities into actionable insights, identify risks, and ensure effective enterprise-wide risk mitigation.
Finally, organizational culture was found to positively moderate the effect of IT infrastructure flexibility on ERM. Flexible IT systems are most effective in environments that emphasize innovation, collaboration, and risk awareness. A supportive culture enhances the use of adaptable systems for data management, real-time monitoring, and risk mitigation (Abikoye et al., 2024).
The TOE framework underscores that technological resources alone are insufficient; organizational factors are equally critical. Beyond confirming the framework, this study extends TOE by demonstrating how organizational culture in Ghanaian audit firms—emphasizing accountability, innovation, and proactive risk management—enhances the effective use of flexible IT tools. This enables managers and staff to identify emerging threats, improve risk awareness, and strengthen the firm’s capacity to assess and mitigate business risks (Afadzinu et al., 2024).

6. Conclusions

This study examined the effect of AI adoption in auditing on ERM and explored how this relationship is mediated by IT infrastructure flexibility and moderated by technology competencies and organizational culture. Data were collected from 355 senior managers in Ghana using a judgmental sampling method with clearly defined inclusion and exclusion criteria. PLS-SEM was employed to analyze the responses.
The findings indicate that AI adoption positively and significantly influences both ERM and IT infrastructure flexibility. IT infrastructure flexibility, in turn, has a positive and significant effect on ERM and partially mediates the relationship between AI adoption and ERM. Additionally, technology competencies strengthen the positive effect of AI adoption on ERM, while organizational culture enhances the impact of IT infrastructure flexibility on ERM. These results highlight the importance of technological capabilities, adaptable IT systems, and supportive organizational culture in improving risk management outcomes in auditing firms.

7. Theoretical Implications

The results indicate that integrating AI into auditing enhances enterprise risk management by enabling advanced data analysis and the detection of anomalous patterns. Audit firms in Ghana can leverage this capability by consistently applying AI tools to identify risks promptly and support informed decision-making. Establishing dedicated teams to monitor and optimize AI systems can ensure that technology effectively supports risk management objectives and streamline operations.
IT infrastructure must be flexible enough to accommodate system upgrades and expansions, which enhances AI implementation in auditing. Firms could adopt modular or cloud-based IT solutions to facilitate the integration of new technologies and enable real-time monitoring of risk indicators. Regular IT audits are recommended to detect and address issues proactively, ensuring that infrastructure can adapt to evolving operational and regulatory requirements.
The effectiveness of AI and IT flexibility in risk management is influenced by organizational culture and employees’ technical competencies. Audit firms can maximize these benefits by fostering a culture of innovation, collaboration, and risk awareness. Targeted training programs and strategic interventions, including knowledge sharing, leadership development, and continuous skill enhancement, can build a workforce capable of leveraging technology to efficiently identify, mitigate, and manage business risks.

8. Policy Implications

The findings highlight the need for regulations that support auditors in utilizing AI and adaptable IT systems. The ICAG has established guidelines that enable audit firms to implement AI-driven methodologies, including routine quality assessments and compliance with the ISA. Aligning internal processes with these regulations helps firms ensure compliance, improve risk management, and maintain a leading position in technological adoption.
Governmental and regulatory frameworks, such as the Ghana e-Government Interoperability Framework and the Data Protection Act of 2012, emphasize the importance of secure and flexible IT systems. Compliance with these mandates enhances IT adaptability, safeguards data integrity and privacy, and enables real-time reporting. Following these guidelines during audits supports effective risk monitoring and ensures adherence to both domestic and international reporting standards.
Policies promoting professional development, including ICAG’s continuing professional education (CPE) requirements, strengthen audit managers’ technical proficiency. Organizations can implement training programs and facilitate knowledge sharing to develop teams capable of effectively leveraging AI and flexible IT systems. By adhering to regulations that encourage collaboration, innovation, and ethical practices, Ghanaian audit firms can significantly enhance their capacity for enterprise risk management.

9. Practical Implications

The findings suggest that Ghanaian audit firms can strengthen risk management by leveraging technology more effectively. AI tools can automate routine auditing tasks, accelerate the identification of issues, and improve the accuracy of risk assessments, enhancing workflow efficiency and reducing errors. Establishing interdisciplinary teams can ensure AI systems are applied consistently and that operational challenges are addressed promptly.
Flexible IT infrastructure enables organizations to respond quickly to regulatory changes and operational challenges. Cloud-based platforms and adaptable systems that support real-time data visualization allow managers to allocate resources efficiently, deploy innovative tools, and continuously monitor risk exposure. Regular evaluations and system updates ensure compliance with evolving auditing standards.
Enhancing risk management also requires investment in technology and cultivating a supportive organizational culture. Firms should promote innovation, collaboration, and knowledge sharing while providing specialized training in AI applications and data analysis. Developing these competencies enables managers to make informed decisions, identify potential risks proactively, and implement measures to mitigate them, thereby improving the reliability and robustness of enterprise risk management.

10. Limitation of the Study and Future Directional Studies

The study has several limitations. First, it focused primarily on senior executives at auditing firms, which may limit the applicability of findings to lower-level staff, such as operational auditors or IT professionals, due to differences in expertise with AI and risk management. Second, the research was confined to audit firms in Ghana, which may limit the generalizability of results to organizations in countries with different regulatory, cultural, or technological contexts. Third, the use of judgmental sampling may introduce selection bias, as participants were chosen based on their experience with AI, potentially reducing sample representativeness.
Fourth, reliance on self-reported data may be influenced by social desirability or subjective perceptions, which could affect the accuracy of the findings. In addition, because all variables were collected from the same respondents using a single questionnaire at one point in time, the study may be subject to potential CMB. Although statistical procedures were conducted to assess this issue, the single-source survey design may still introduce some level of method-related bias in the responses. Future studies may reduce this limitation by collecting data from multiple sources or using longitudinal research designs. Finally, a limitation of this study is that the R2 values for IT infrastructure flexibility did not reach the commonly accepted thresholds, indicating that the model explains only a limited portion of the variance in this construct. This suggests that additional factors or predictors may need to be considered in future research to more fully capture the determinants of IT infrastructure flexibility.
Future research could broaden the scope by including additional organizational levels, such as middle management and operational staff, and by examining audit firms across multiple countries to enhance generalizability. Incorporating additional variables, such as organizational learning, digital maturity, regulatory compliance, and financial performance, would provide a more comprehensive understanding of their impact on AI adoption, IT infrastructure flexibility, technological competencies, and organizational culture within enterprise risk management.

Author Contributions

K.T.K.G.: Conceptualization, methodology, validation, formal analysis, investigation, resources, data curation, writing—original draft, writing—review & editing, visualization, project administration, funding acquisition; S.A.S.: Conceptualization, methodology, validation, formal analysis, investigation, resources, data curation, writing—original draft, writing—review & editing, visualization, supervision, project administration. All authors have read and agreed to the published version of the manuscript.

Funding

This research did not receive any specific grant from funding agencies in the public, commercial, or not-for-profit sectors.

Institutional Review Board Statement

The study was conducted in accordance with the Declaration of Helsinki and approved by the Ethics Committee of Lincoln University College, Malaysia (protocol code: LUC/EC/FOBA/20250627/007 and date of approval: 27 June 2025).

Informed Consent Statement

Informed consent was obtained from all subjects involved in the study.

Data Availability Statement

Data will be made available on reasonable request through correspondent author.

Conflicts of Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Appendix A

Table A1. Measurement and scale.
Table A1. Measurement and scale.
Constructs Dimension/ItemsSource
AI in auditing Using AI systems and tools in auditing jobs could enable me to accomplish tasks more quickly Ananda et al. (2024)
Using AI systems and tools could improve job performance in auditing
Using AI systems and tools in auditing jobs could increase my productivity
Using AI systems and tools could enhance my effectiveness of the job in auditing
Using AI systems and tools impacts positive risk management practices and compliance efforts in auditing
I would find AI systems and tools useful in my future job in auditing
ERMOur firm has a policy for handling major risks that could affect the firm’s ability to reach its strategic objectives Rehman and Anwar (2019)
We have standard procedures in place for identifying major risks and opportunities
Risks and opportunities are analysed as a basis for determining how they should be managed
We have standard procedures in place for launching risk-reducing measures
We regularly prepare risk reports for the top management and the board of directors
We have standard procedures in place for monitoring the developments in major risks and the risk-reducing measures launched
IT infrastructure flexibilityThe technology infrastructure needed to electronically link our business units is present and in place today.Ravichandran et al. (2005)
The technology infrastructure needed to electronically link our firm with external business partners is present and in place today.
The technology infrastructure needed for current business operations is present and in place today.
The capacity of our network infrastructure adequately meets our current business needs.
The speed of our network infrastructure adequately meets our current business needs.
Corporate data is currently sharable across business units and organizational boundaries.
The complexity of our current application systems seriously restricts our ability to develop a modular system with reusable software components.
Our application systems are modular; most program modules can be easily reused in other business operations.
We have standardized the various components of our technology infrastructure (hardware, OS, network, and database)
I could complete the job using the software packageCompeau and Higgins (1995)
 if there was no one around to tell me what to do as I go.
Technology competencies if I had never used a package like it before.
 if I had only the software manuals for reference.
 if I had seen someone else using it before trying it myself.
 if I could call someone for help if I got stuck.
 if someone else had helped me get started.
 if I had a lot of time to complete the job for which the software was provided.
 if I had just the built-in help facility for assistance.
 if someone showed me how to do it first.
if I had used similar packages before this one to do the same job.
Organizational culture The organization is a personal place. It is like an extended family. People share a lot of themselves with others.Lee et al. (2016)
The management style of my organization is characterized by teamwork, consensus and participation.
The glue the holds the organization together is loyalty and mutual trust. Commitment to the organization runs high.
The organization is a very controlled and structured place. Formal procedures generally govern what people do.
The management style of the organization is characterized by security of employment, conformity, predictability and stability in relationships.
The organization emphasizes permanence and stability. Efficiency, control and smooth operations are important.
(The organization defines success on the basis of efficiency. Dependable delivery, smooth scheduling and low-cost production are critical.
The organization is a personal place. It is like an extended family. People share a lot of themselves with others.
Table A2. Common Method Bias (CMB).
Table A2. Common Method Bias (CMB).
FactorInitial EigenvaluesExtraction Sums of Squared Loadings
Total% of VarianceCumulative %Total% of VarianceCumulative %
116.28242.84742.84715.85741.72941.729
27.83320.61363.460
34.64812.23175.691
41.5794.15479.845
51.2413.26683.111
60.9242.43285.543
70.6291.65687.199
80.4531.19388.391
90.4261.12289.513
100.3941.03690.549
110.3410.89791.446
120.2920.76892.214
130.2850.75192.965
140.2670.70393.667
150.2480.65394.321
160.2300.60694.927
170.2110.55495.481
180.1880.49495.975
190.1780.46996.444
200.1630.42996.873
210.1530.40397.276
220.1370.36097.636
230.1260.33297.967
240.1200.31798.284
250.1050.27698.560
260.0960.25198.811
270.0810.21299.023
280.0740.19399.217
290.0660.17499.391
300.0500.13199.522
310.0440.11799.639
320.0430.11399.752
330.0310.08199.833
340.0260.06999.902
350.0210.05499.957
360.0100.02799.983
370.0050.01499.997
380.0010.003100.000
Extraction Method: Principal Axis Factoring.

References

  1. Ab Hamid, M. R., Sami, W., & Mohmad Sidek, M. H. (2017). Discriminant validity assessment: Use of Fornell & Larcker criterion versus HTMT criterion. Journal of Physics: Conference Series, 890, 012163. [Google Scholar] [CrossRef]
  2. Abikoye, B. E., Akinwunmi, T., Adelaja, A. O., Umeorah, S. C., & Ogunsuji, Y. M. (2024). Real-time financial monitoring systems: Enhancing risk management through continuous oversight. GSC Advanced Research and Reviews, 20(1), 465–476. [Google Scholar] [CrossRef]
  3. Adeniran, I. A., Abhulimen, A. O., Obiki-Osafiele, A. N., Osundare, O. S., Agu, E. E., & Efunniyi, C. P. (2024a). Strategic risk management in financial institutions: Ensuring robust regulatory compliance. Finance & Accounting Research Journal, 6(8), 1582–1596. [Google Scholar]
  4. Adeniran, I. A., Efunniyi, C. P., Osundare, O. S., & Abhulimen, A. O. (2024b). Enhancing security and risk management with predictive analytics: A proactive approach. International Journal of Management & Entrepreneurship Research, 6(8), 32–40. [Google Scholar]
  5. Adenuga, T., Ayobami, A. T., Mike-Olisa, U., & Okolo, F. C. (2024). Enabling AI-driven decision-making through scalable and secure data infrastructure for enterprise transformation. International Journal of Scientific Research in Science, Engineering and Technology, 11(3), 482–510. [Google Scholar] [CrossRef]
  6. Afadzinu, S. K., Németh, E., & Szeberényi, A. (2024). Public audit and its role in enhancing industrial policy innovation in Ghana. Journal of Ecohumanism, 3(8), 12721–12735. [Google Scholar] [CrossRef]
  7. Ahinsah-Wobil, D. I. (2024). The impact of public financial management regulations on project continuity in Ghana. SSRN Electronic Journal. [Google Scholar] [CrossRef]
  8. Ahmad, J. (2024). Strategic planning: Navigating uncertainty in business management. Journal of Management & Social Science, 1(02), 33–46. [Google Scholar]
  9. Ahmad, S. A., & Teo, P. C. (2024). The implementation of enterprise risk management (ERM) frameworks in small and medium enterprises (SMES): A literature review. International Journal of Academic Research in Business and Social Sciences, 14(9), 290–307. [Google Scholar] [CrossRef]
  10. Ahsan, M. J. (2025). Cultivating a culture of learning: The role of leadership in fostering lifelong development. The Learning Organization, 32(2), 282–306. [Google Scholar] [CrossRef]
  11. Ainapure, V., & Ainapure, M. (2009). Auditing and assurance. PHI Learning Pvt. Ltd. [Google Scholar]
  12. Amoako, G. K., Bawuah, J., Asafo-Adjei, E., & Ayimbire, C. (2023). Internal audit functions and sustainability audits: Insights from manufacturing firms. Cogent Business & Management, 10(1), 2192313. [Google Scholar] [CrossRef]
  13. Ampofo, F. O., Ziorklui, J. E. K., Nyonyoh, N., & Antwi, B. O. (2024). Integrated predictive analytics in IT audit planning. Finance & Accounting Research Journal, 6(7), 1291–1309. [Google Scholar] [CrossRef]
  14. Ananda, R. F., Rahmadhani, S. N., Pane, A. A., & Wiratama, N. H. (2024). Assessment audit: How artificial intelligence affected audit quality of sustainability report based on auditors perspective. Information Management and Business Review, 16(3), 152–158. [Google Scholar] [CrossRef]
  15. Anjaria, K. (2025). Enhancing organizational resilience and agility in S-ERP for industry 4.0. In Sustainable enterprise resource planning (S-ERP) for industry 4.0: A secure and ethical deployment approach (pp. 277–301). Springer Nature. [Google Scholar]
  16. Anomah, S. (2025). Assessing the institutional readiness and capacity for AI adoption in public audit institutions in developing countries: Evidence from Ghana. Telematics and Informatics Reports, 20, 100260. [Google Scholar] [CrossRef]
  17. Anomah, S., Ayeboafo, B., Owusu, A., & Aduamoah, M. (2024). Adapting to AI: Exploring the implications of AI integration in shaping the accounting and auditing profession for developing economies. EDPACS, 69(11), 28–52. [Google Scholar] [CrossRef]
  18. Arhinful, R., Attabra, F. K., Mensah, L., & Obeng, H. A. (2026a). The mediating role of talent management in the relationship between project manager competencies and sustainable competitive advantage in the Ghanaian construction industry. Construction Management and Economics, 44(2), 119–142. [Google Scholar]
  19. Arhinful, R., Attabra, F. K., Obeng, H. A., & Mensah, L. (2026b). Assessing how project management knowledge drives project sustainability in Ghana. Engineering, Construction and Architectural Management, 33(2), 1–20. [Google Scholar] [CrossRef]
  20. Arnold, V., Benford, T., Canada, J., & Sutton, S. G. (2015). Leveraging integrated information systems to enhance strategic flexibility and performance: The enabling role of enterprise risk management. International Journal of Accounting Information Systems, 19, 1–16. [Google Scholar] [CrossRef]
  21. Asare Obeng, H., Arhinful, R., Mensah, L., & Teneng, R. C. (2025a). Harmonizing growth: Leadership competencies’ mediation in SMEs’ organizational culture and structure through schein’s model. SAGE Open, 15(3), 21582440251364954. [Google Scholar]
  22. Asare Obeng, H., Sarwar, A., Arhinful, R., & Mensah, L. (2025b). Translating sustainability into customer-perceived value: A social exchange theory perspective on pro-environmental work behavior in ghana’s hospitality sector. Tourism and Hospitality, 6(5), 229. [Google Scholar] [CrossRef]
  23. Azizi, N., Haass, O., Centobelli, P., & Cerchione, R. (2026). The impact of cultural practices on the outcome of IT risk management implementation. Information Technology & People, 39(1), 65–92. [Google Scholar]
  24. Bello, O. A., & Olufemi, K. (2024). Artificial intelligence in fraud prevention: Exploring techniques and applications challenges and opportunities. Computer Science & IT Research Journal, 5(6), 1505–1520. [Google Scholar] [CrossRef]
  25. Bukhari, T. T., Oladimeji, O., Etim, E. D., & Ajayi, J. O. (2021). Automated control monitoring: A new standard for continuous audit readiness. International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 7(3), 711–735. [Google Scholar]
  26. Caldeira, M., & Dhillon, G. (2010). Are we really competent? Assessing organizational ability in delivering IT benefits. Business Process Management Journal, 16(1), 5–28. [Google Scholar]
  27. Celestin, M., & Gidisu, J. A. (2024). Accounting for AI: Ethical and legal considerations in financial automation among Ghana businesses. International Journal of Advanced Trends in Engineering and Technology, 9, 103–114. [Google Scholar]
  28. Chan, C. M., Teoh, S. Y., Yeow, A., & Pan, G. (2019). Agility in responding to disruptive digital innovation: Case study of an SME. Information Systems Journal, 29(2), 436–455. [Google Scholar]
  29. Chen, J., & Tajdini, S. (2025). A moderated model of artificial intelligence adoption in firms and its effects on their performance. Information Technology and Management, 26(3), 407–419. [Google Scholar]
  30. Chester, M. V., & Allenby, B. (2019). Toward adaptive infrastructure: Flexibility and agility in a non-stationarity age. Sustainable and Resilient Infrastructure, 4(4), 173–191. [Google Scholar] [CrossRef]
  31. Chin, C. L., & Yao, G. (2024). Convergent validity. In Encyclopedia of quality of life and well-being research (pp. 1398–1399). Springer International Publishing. [Google Scholar]
  32. Chinta, P. C. R., Jha, K. M., Velaga, V., Moore, C., Routhu, K., & Sadaram, G. (2024). Harnessing big data and AI-driven ERP systems to enhance cybersecurity resilience in real-time threat environments. Letters in High Energy Physics, 2024. [Google Scholar] [CrossRef]
  33. Chowdhury, T. K. (2025). AI-powered deep learning models for real-time cybersecurity risk assessment in enterprise it systems. ASRC Procedia: Global Perspectives in Science and Scholarship, 1(01), 675–704. [Google Scholar]
  34. Cohen, J., Krishnamoorthy, G., & Wright, A. (2017). Enterprise risk management and the financial reporting process: The experiences of audit committee members, CFOs, and external auditors. Contemporary Accounting Research, 34(2), 1178–1209. [Google Scholar] [CrossRef]
  35. Compeau, D. R., & Higgins, C. A. (1995). Computer self-efficacy: Development of a measure and initial test. MIS Quarterly, 19(2), 189–211. [Google Scholar] [CrossRef]
  36. Diameh, J. T., Oluwatobi, B. T., Daniels, C., Sunday, O. E., Nelson, C. A., & Quaye, M. (2025). Integrating AI-driven predictive analytics in project risk management to optimize decision-making and performance efficiency. International Journal of Engineering Technology Research & Management, 9, 373–389. [Google Scholar]
  37. Di Palma, G., Scendoni, R., Tambone, V., Alloni, R., & De Micco, F. (2025). Integrating enterprise risk management to address AI-related risks in healthcare: Strategies for effective risk mitigation and implementation. Journal of Healthcare Risk Management, 44(4), 25–33. [Google Scholar] [CrossRef] [PubMed]
  38. Dosi, G. (2023). The foundations of complex evolving economies: Part one: Innovation, organization, and industrial dynamics. Oxford University Press. [Google Scholar]
  39. Eckert, C., & Hohberger, J. (2023). Addressing endogeneity without instrumental variables: An evaluation of the gaussian copula approach for management research. Journal of Management, 49(4), 1460–1495. [Google Scholar] [CrossRef]
  40. Edonomokumor, T., Arhinful, R., Mensah, L., & Obeng, H. A. (2025). The mediating role of creative behavior in the relationship between transformational leadership and turnover intention. Future Business Journal, 11(1), 139. [Google Scholar] [CrossRef]
  41. Eyinade, W., Ezeilo, O. J., & Ogundeji, I. A. (2021). An internal compliance framework for evaluating financial system integrity under changing regulatory environments. International Journal of Multidisciplinary Research and Growth Evaluation, 2(1), 927–934. [Google Scholar] [CrossRef]
  42. Feng, A. L., Wesely, N. C., Hoehle, L. P., Phillips, K. M., Yamasaki, A., Campbell, A. P., Gregorio, L. L., Killeen, T. E., Caradonna, D. S., Meier, J. C., Gray, S. T., & Sedaghat, A. R. (2017). A validated model for the 22-item Sino-Nasal Outcome Test subdomain structure in chronic rhinosinusitis. International Forum of Allergy & Rhinology, 7(12), 1140–1148. [Google Scholar]
  43. Florez-Jimenez, M. P., Lleo, A., Danvila-del-Valle, I., & Sánchez-Marín, G. (2024). Corporate sustainability, organizational resilience and corporate purpose: A triple concept for achieving long-term prosperity. Management Decision, 62(7), 2189–2213. [Google Scholar] [CrossRef]
  44. Goncalves, D., Bergquist, M., Bunk, R., & Alänge, S. (2020). Cultural aspects of organizational agility affecting digital innovation. Journal of Entrepreneurship, Management and Innovation, 16(4), 13–46. [Google Scholar] [CrossRef]
  45. Hair, J., & Alamer, A. (2022). Partial Least Squares Structural Equation Modeling (PLS-SEM) in second language and education research: Guidelines using an applied example. Research Methods in Applied Linguistics, 1(3), 100027. [Google Scholar] [CrossRef]
  46. Hair, J. F., Sarstedt, M., Ringle, C. M., & Mena, J. A. (2012). An assessment of the use of partial least squares structural equation modeling in marketing research. Journal of the Academy of Marketing Science, 40(3), 414–433. [Google Scholar] [CrossRef]
  47. Haji-Othman, Y., & Yusuff, M. S. S. (2022). Assessing reliability and validity of attitude construct using partial least squares structural equation modeling. International Journal of Academic Research in Business and Social Sciences, 12(5), 378–385. [Google Scholar] [CrossRef]
  48. Hammad, A., & Abu-Zaid, R. (2024). Applications of AI in decentralized computing systems: Harnessing artificial intelligence for enhanced scalability, efficiency, and autonomous decision-making in distributed architectures. Applied Research in Artificial Intelligence and Cloud Computing, 7(6), 161–187. [Google Scholar]
  49. Hassan, M. K., Abdulkarim, M. E., & Ismael, H. R. (2022). Risk governance: Exploring the role of organisational culture. Journal of Accounting & Organizational Change, 18(1), 77–99. [Google Scholar]
  50. Hossan, D., Aktar, A., & Zhang, Q. (2020). A study on partial least squares structural equation modeling (PLS-SEM) as emerging tool in action research. LC International Journal of STEM, 1(4), 130–146. [Google Scholar]
  51. Hu, K. H., Chen, F. H., Hsu, M. F., & Tzeng, G. H. (2021). Identifying key factors for adopting artificial intelligence-enabled auditing techniques by joint utilization of fuzzy-rough set theory and MRDM technique. Technological and Economic Development of Economy, 27(2), 459–492. [Google Scholar] [CrossRef]
  52. Hunziker, S. (2025). Adapting ERM to a digitally connected world. In Enterprise risk management: Modern approaches to balancing risk and reward (pp. 233–257). Springer Fachmedien. [Google Scholar]
  53. Lee, J. C., Shiue, Y. C., & Chen, C. Y. (2016). Examining the impacts of organizational culture and top management support of knowledge sharing on the success of software process improvement. Computers in Human Behavior, 54, 462–474. [Google Scholar] [CrossRef]
  54. Marx, J., & Mynhardt, R. H. (2021). Towards an implementation framework for governance in the Ghanaian securities trading industry. Qualitative Research in Financial Markets, 13(3), 342–358. [Google Scholar] [CrossRef]
  55. Mensah, L., Arhinful, R., Obeng, H. A., & Gyamfi, B. A. (2025). Navigating investment choices: Determinants of corporate investment strategies in Japan’ s nonfinancial sector. Journal of Investment Strategies, 14, 1–41. [Google Scholar]
  56. Mensah, L., Arhinful, R., Obeng, H. A., & Gyamfi, B. A. (2026). Punishment or catalyst? The role of environmental fines in driving corporate environmental innovation in the frankfurt stock exchange. The moderating role of financial slack, firm size, and board environmental expertise. Business Strategy and the Environment, 35(1), 1–22. [Google Scholar] [CrossRef]
  57. Mogali, S. K. (2025, May). AI-powered cloud-based ERP solutions transforming product lifecycle management in the manufacturing sector. In 2025 global conference in emerging technology (GINOTECH) (pp. 1–7). IEEE. [Google Scholar]
  58. Mohammed, A. (2023). Elevating cybersecurity audits: How AI is shaping compliance and threat detection. Aitoz Multidisciplinary Review, 2(1), 35–43. [Google Scholar]
  59. Monazzam, A., & Crawford, J. (2024). The role of enterprise risk management in enabling organisational resilience: A case study of the Swedish mining industry. Journal of Management Control, 35(1), 59–108. [Google Scholar] [CrossRef]
  60. Munoko, I., Brown-Liburd, H. L., & Vasarhelyi, M. (2020). The ethical implications of using artificial intelligence in auditing: I. Munoko et al. Journal of Business Ethics, 167(2), 209–234. [Google Scholar] [CrossRef]
  61. Mupa, M. N., Chiganze, F. R., Mpofu, T. I., Mubvuta, R. E. G. I. S., & Mangeya, R. (2024). The role of enterprise risk management (ERM) in supporting strategic decision-making processes in the energy sector. Iconic Research and Engineering Journals, 8(2), 826–848. [Google Scholar]
  62. Nagar, K., Rana, S., & Kasana, A. (2024). The mediating role of work engagement between happiness at work and employee performance: Smart PLS approach. Journal of Informatics Education and Research, 4(1), 123–136. [Google Scholar] [CrossRef]
  63. Nguyen, T. H., Abu Afifa, M., Van, H. V., & Bui, D. V. (2025). Artificial intelligence in accounting, risk management, sustainable competitiveness and managerial IT infrastructure: A moderation-mediation model. Asia-Pacific Journal of Business Administration, 17(2), 1–25. [Google Scholar] [CrossRef]
  64. Ntona, M. M., Chalikakis, K., Busico, G., Mastrocicco, M., Kalaitzidou, K., & Kazakis, N. (2023). Application of judgmental sampling approach for the monitoring of groundwater quality and quantity evolution in Mediterranean catchments. Water, 15(22), 4018. [Google Scholar] [CrossRef]
  65. Nunes, M., Bagnjuk, J., Abreu, A., Saraiva, C., Nunes, E., & Viana, H. (2022). Achieving competitive sustainable advantages (CSAs) by applying a heuristic-collaborative risk model. Sustainability, 14(6), 3234. [Google Scholar] [CrossRef]
  66. Obeng, H. A., Gyamfi, B. A., Mensah, L., Arhinful, R., & Sarwar, A. (2026). Employees’ behavioral intention to use AI and organizational efficiency in an emerging economy: The serial mediating roles of technology readiness and digital culture. Discover Artificial Intelligence, 6(1), 1–18. [Google Scholar] [CrossRef]
  67. Ogedengbe, A. O., Friday, S. C., Jejeniwa, T. O., Ameyaw, M. N., Olawale, H. O., & Oluoha, O. M. (2023). A predictive compliance analytics framework using AI and business intelligence for early risk detection. Shodhshauryam, International Scientific Refereed Research Journal, 6(4), 171–195. [Google Scholar]
  68. Oko-Odion, C., & Angela, O. (2025). Risk management frameworks for financial institutions in a rapidly changing economic landscape. International Journal of Science and Research Archive, 14(1), 1182–1204. [Google Scholar] [CrossRef]
  69. Oko-Odion, C., & Udoh, O. R. (2024). Leveraging technology in internal audit processes for streamlined management and risk oversight. International Journal of Science and Research Archive, 13(2), 3077–3100. [Google Scholar] [CrossRef]
  70. Oluyombo, O. O., & Ajakaiye, O. (2024). The implications of adopting artificial intelligence in the auditing process. In Artificial intelligence, finance, and sustainability: Economic, ecological, and ethical implications (pp. 287–300). Springer Nature. [Google Scholar]
  71. Onyenahazi, O. (2025). Integrating artificial intelligence in financial auditing to enhance accuracy, efficiency, and regulatory compliance outcomes. International Journal of Research Publication and Reviews, 2, 23–44. [Google Scholar] [CrossRef]
  72. Owusu-Afriyie, R., Awunyo-Vitor, D., Gyimah, P., & Appiah, K. O. (2024). Monitoring and audit quality: Does quality standards compliance matter? Cogent Business & Management, 11(1), 2416095. [Google Scholar] [CrossRef]
  73. Pan, G., Pan, S. L., & Lim, C. Y. (2015). Examining how firms leverage IT to achieve firm productivity: RBV and dynamic capabilities perspectives. Information & Management, 52(4), 401–412. [Google Scholar] [CrossRef]
  74. Qatawneh, A. M. (2025). The role of artificial intelligence in auditing and fraud detection in accounting information systems: Moderating role of natural language processing. International Journal of Organizational Analysis, 33(6), 1391–1409. [Google Scholar] [CrossRef]
  75. Qudus, L. (2025). Leveraging artificial intelligence to enhance process control and improve efficiency in manufacturing industries. International Journal of Computer Applications Technology and Research, 14(02), 18–38. [Google Scholar]
  76. Rajput, A., & Katamba, I. (2024). Leveraging artificial intelligence and big data in public accounting: Redefining audit practices and financial reporting. International Journal of Research Publication and Reviews, 5(11), 5516–5531. [Google Scholar] [CrossRef]
  77. Rane, N. (2023). Integrating building information modelling (BIM) and artificial intelligence (AI) for smart construction schedule, cost, quality, and safety management: Challenges and opportunities. SSRN Electronic Journal. [Google Scholar] [CrossRef]
  78. Raphael, A. M. P. E. D. U., Bright, A. A., Peter, M. A. F., Gifty, B. B., Cornelius, N. O. M., & Richmond, M. E. N. S. A. H. (2024). The influence of regulatory framework and environmental factors on accounting practices by companies in Ghana. International Journal of Advanced Business Studies, 3(4), 127–155. [Google Scholar] [CrossRef]
  79. Ravichandran, T., Lertwongsatien, C., & Lertwongsatien, C. (2005). Effect of information systems resources and capabilities on firm performance: A resource-based perspective. Journal of Management Information Systems, 21(4), 237–276. [Google Scholar] [CrossRef]
  80. Rehman, A. U., & Anwar, M. (2019). Mediating role of enterprise risk management practices between business strategy and SME performance. Small Enterprise Research, 26(2), 207–227. [Google Scholar] [CrossRef]
  81. Ridwan, M., & AlFanur, F. (2025). The Influence of Digital Transformation on Organizational Performance in Tokopedia Startup in Indonesia. Eduvest-Journal of Universal Studies, 5(11), 14008–14017. [Google Scholar] [CrossRef]
  82. Rönkkö, M., & Cho, E. (2022). An updated guideline for assessing discriminant validity. Organizational Research Methods, 25(1), 6–14. [Google Scholar] [CrossRef]
  83. Saha, B. (2025). AI-driven predictive analytics for financial risk management and financial risk prevention with ranking cost scheduling. International Journal of Advance Research and Innovation (IJARI), 13(1), 12–22. [Google Scholar]
  84. Samartha, V. (2020). Measuring the effect size of coefficient of determination and predictive relevance of exogenous latent variables on endogenous latent variables through PLS-SEM. International Journal of Pure and Applied Mathematics, 119, 39–48. [Google Scholar]
  85. Sarstedt, M., Ringle, C. M., & Hair, J. F. (2017). Treating unobserved heterogeneity in PLS-SEM: A multi-method approach. In Partial least squares path modeling: Basic concepts, methodological issues and applications (pp. 197–217). Springer International Publishing. [Google Scholar]
  86. Sathyanarayana, S., & Mohanasundaram, T. (2024). Fit indices in structural equation modeling and confirmatory factor analysis: Reporting guidelines. Asian Journal of Economics, Business and Accounting, 24(7), 561–577. [Google Scholar] [CrossRef]
  87. Sen, S., Kotlarsky, J., & Budhwar, P. (2020). Extending organizational boundaries through outsourcing: Toward a dynamic risk-management capability framework. Academy of Management Perspectives, 34(1), 97–113. [Google Scholar] [CrossRef]
  88. Sewpersadh, N. S. (2025). Adaptive structural audit processes as shaped by emerging technologies. International Journal of Accounting Information Systems, 56, 100735. [Google Scholar] [CrossRef]
  89. Singh, K., Bojilov, M., & Best, P. (2025). Implementing AI in auditing in organizations. Accounting and Management Information Systems, 24(3), 456–478. [Google Scholar]
  90. Stasse, L. J., Hilhorst, C. A., & Rouwelaar, J. A. T. (2025). Enterprise risk management revisited: A study to identify the elements of ERM. Journal of Risk Research, 28(7), 768–793. [Google Scholar] [CrossRef]
  91. Sundaramurthy, S. K., Ravichandran, N., Inaganti, A. C., & Muppalaneni, R. (2022). AI-powered operational resilience: Building secure, scalable, and intelligent enterprises. Artificial Intelligence and Machine Learning Review, 3(1), 1–10. [Google Scholar]
  92. Syam, M., Djaddang, S., & Roziq, M. (2025). The digital transformation of auditing: Navigating the challenges and opportunities. Economics and Business Quarterly Reviews, 8(2), 49–66. [Google Scholar] [CrossRef]
  93. Tavakol, M., & Wetzel, A. (2020). Factor Analysis: A means for theory and instrument development in support of construct validity. International Journal of Medical Education, 11, 245. [Google Scholar] [CrossRef]
  94. Tornatzky, L. G., Eveland, J. D., & Fleischer, M. (1990). Technological innovation as a process. The Processes of Technological Innovation, 3, 27–50. [Google Scholar]
  95. Udoh, O. R. (2024). Enhancing internal audit efficiency for effective risk management and corporate governance frameworks. International Journal of Research Publication and Reviews, 5(12), 3646–3659. [Google Scholar] [CrossRef]
  96. Usul, H., & Alpay, B. Y. (2025). Digital transformation in internal audit: Paradigm shifts, emerging risks, and strategic resilience. European Journal of Digital Economy Research, 6(1), 23–36. [Google Scholar]
  97. Victor-Mgbachi, T. O. Y. I. N. (2024). Leveraging artificial intelligence (AI) effectively: Managing risks and boosting productivity. IRE Journals, 7(7), 54–69. [Google Scholar]
  98. Wang, M., Zhang, X., & Han, X. (2025). AI driven systems for improving accounting accuracy fraud detection and financial transparency. Frontiers in Artificial Intelligence Research, 2(3), 403–421. [Google Scholar] [CrossRef]
  99. Webster, A., & Gardner, J. (2019). Aligning technology and institutional readiness: The adoption of innovation. Technology Analysis & Strategic Management, 31(10), 1229–1241. [Google Scholar] [CrossRef]
  100. Wernerfelt, B. (1984). A resource-based view of the firm. Strategic Management Journal, 5(2), 171–180. [Google Scholar]
  101. Zeriouh, K., & Amara, M. (2025). AI–driven frameworks for strategic risk management: A systematic review and model for organizational resilience and decision support. Journal of Intelligent Management and Decision, 4(3), 44–61. [Google Scholar] [CrossRef]
Jrfm 19 00229 g001
Figure 1. Conceptual framework. Source: Author’s own work.
Figure 1. Conceptual framework. Source: Author’s own work.
Jrfm 19 00229 g001
Jrfm 19 00229 g002
Figure 2. Measurement model.
Figure 2. Measurement model.
Jrfm 19 00229 g002
Jrfm 19 00229 g003
Figure 3. Structural model.
Figure 3. Structural model.
Jrfm 19 00229 g003
Jrfm 19 00229 g004
Figure 4. The interaction between technology competencies and AI adoption on ERM.
Figure 4. The interaction between technology competencies and AI adoption on ERM.
Jrfm 19 00229 g004
Jrfm 19 00229 g005
Figure 5. The interaction between organizational culture and IT infrastructure flexibility on ERM.
Figure 5. The interaction between organizational culture and IT infrastructure flexibility on ERM.
Jrfm 19 00229 g005
Table 1. Socio-demographic analysis (top managers).
Table 1. Socio-demographic analysis (top managers).
NMarginal Percentage
Gender Males 27878.310
Female 7721.690
Audit firm sizeSmall14941.972
Medium13036.620
Large7621.408
Age of the audit firm1–3 years185.070
4–6 years13638.310
7–10 years9526.761
More than 10 years10629.859
Tenure of the managers 2–3 years3610.141
4–6 years14741.408
7–10 years11131.268
More than 10 years6117.183
Education level of the managers Bachelor’s degree8523.944
Master’s degree16145.352
PhD51.408
Professional qualification 10429.296
Total355100
Table 2. Descriptive analysis.
Table 2. Descriptive analysis.
VariablesNMinMaxiMeanStd. Deviation
AI adoption 355154.0940.944
ERM355154.4820.984
IT infrastructure flexibility355153.9830.879
Technology competencies355153.8560.851
Organizational culture 355153.7570.847
Table 3. PLS-SEM model assessment, convergent validity and reliability.
Table 3. PLS-SEM model assessment, convergent validity and reliability.
Construct (Dimension)ItemStandardized LoadingsAverage Variance Extracted (AVE)Composite Reliability (CR)Cronbach Alpha (CA)
AI AdoptionAIAUD10.936 0.900 0.982 0.978
AIAUD20.973
AIAUD30.922
AIAUD40.954
AIAUD50.963
AIAUD60.942
ERMERM10.805 0.707 0.935 0.919
ERM20.833
ERM30.845
ERM40.846
ERM50.850
ERM60.866
IT infrastructure flexibility ITINFR10.870 0.645 0.942 0.937
ITINFR20.894
ITINFR30.875
ITINFR40.845
ITINFR50.741
ITINFR60.769
ITINFR70.721
ITINFR80.785
ITINFR90.701
Technological competenciesTECCOM10.9170.849 0.983 0.980
TECCOM20.940
TECCOM30.914
TECCOM40.914
TECCOM50.943
TECCOM60.920
TECCOM70.933
TECCOM80.936
TECCOM90.895
TECCOM100.904
Organizational cultureORCUT10.951 0.899 0.984 0.981
ORCUT20.958
ORCUT30.966
ORCUT40.962
ORCUT50.935
ORCUT60.961
ORCUT70.904
Normed Fit Index (NFI) (0.971), Standardized Root Mean Square Residual (SRMR) (0.010)
Table 4. Discriminant validity.
Table 4. Discriminant validity.
Constructs (1)(2)(3)(4)
(1) AI Adoption
(2) ERM 0.817
(3) IT infrastructure flexibility 0.1240.146
(4) Organizational culture 0.8240.7150.072
(5) Technological competencies 0.3510.5690.2120.346
Table 5. Structural model assessment.
Table 5. Structural model assessment.
Constructs Q2 PredictR-Square
IT infrastructure flexibility 0.0170.024
ERM 0.7680.799
VIFF-square
AI Adoption → ERM 1.1230.741
AI Adoption → IT infrastructure flexibility 1.0000.024
IT infrastructure flexibility → ERM 1.1800.039
Organizational culture × IT infrastructure flexibility → ERM 1.1180.025
Technological competencies × AI Adoption → ERM 1.0340.028
Table 6. Direct, mediation and moderating relationships (result).
Table 6. Direct, mediation and moderating relationships (result).
Relationship HypothesisβS. Et-Testp Values
Direct effect
AI Adoption → ERM H10.783 ***0.066 11.924 0.000
AI Adoption → IT infrastructure flexibility H20.154 ***0.040 3.822 0.000
IT infrastructure flexibility → ERM H30.096 *** 0.024 3.989 0.000
Mediation effect
AI Adoption → IT infrastructure flexibility → ERMH40.015 *** 0.006 2.569 0.005
Moderating effect
Technological competencies × AI Adoption → ERMH50.097 ***0.041 2.339 0.010
Organizational culture × IT infrastructure flexibility → ERMH60.087 ***0.027 3.262 0.001
Control effect
Audit firm age → Enterprise risk management 0.051 0.063 * 0.807 0.210 0.051
Audit firm size → Enterprise risk management 0.193 0.064 3.008 0.001 0.193
*** p < 0.01, * p < 0.10.
Table 7. Endogeneity tests.
Table 7. Endogeneity tests.
βS. Et-Testp Values
GC (AI Adoption → Enterprise risk management) → Enterprise risk management −0.0700.0900.7840.433
GC (AI Adoption → IT infrastructure flexibility) → IT infrastructure flexibility 0.0460.0770.5930.553
GC (IT infrastructure flexibility → Enterprise risk management) → Enterprise risk management 0.0600.0720.8330.642
Gaussian Copula (CC)
Table 8. Unobserved heterogeneity.
Table 8. Unobserved heterogeneity.
AICBICCAICENSegment Size (%)
Segment 11456.7961491.6451500.6450.000100
Segment 21096.3981169.9681188.9680.78562/38
Segment 3240.213352.504381.5040.93252/28/20
Segment 3139.207290.220329.2200.83446/22/15/17/11
AIC (Akaike’s information criterion), BIC (Bayesian information criterion), CAIC (consistent AIC), EN (normed entropy statistic)
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Godson, K.T.K.; Salman, S.A. Artificial Intelligence (AI) Adoption and Enterprise Risk Management (ERM): The Roles of Information Technology (IT) Infrastructure Flexibility, Technology Competence, and Organizational Culture in Ghana. J. Risk Financial Manag. 2026, 19, 229. https://doi.org/10.3390/jrfm19030229

AMA Style

Godson KTK, Salman SA. Artificial Intelligence (AI) Adoption and Enterprise Risk Management (ERM): The Roles of Information Technology (IT) Infrastructure Flexibility, Technology Competence, and Organizational Culture in Ghana. Journal of Risk and Financial Management. 2026; 19(3):229. https://doi.org/10.3390/jrfm19030229

Chicago/Turabian Style

Godson, Kumah Takyi Kwasi, and Syed Ahmed Salman. 2026. "Artificial Intelligence (AI) Adoption and Enterprise Risk Management (ERM): The Roles of Information Technology (IT) Infrastructure Flexibility, Technology Competence, and Organizational Culture in Ghana" Journal of Risk and Financial Management 19, no. 3: 229. https://doi.org/10.3390/jrfm19030229

APA Style

Godson, K. T. K., & Salman, S. A. (2026). Artificial Intelligence (AI) Adoption and Enterprise Risk Management (ERM): The Roles of Information Technology (IT) Infrastructure Flexibility, Technology Competence, and Organizational Culture in Ghana. Journal of Risk and Financial Management, 19(3), 229. https://doi.org/10.3390/jrfm19030229

Article Metrics

Back to TopTop