Risk-based internal auditing begins by first assessing an organisation’s objectives and providing an opinion as to whether internal controls are reducing the risks threatening them to acceptable levels. Based on the opinions formed, it is then determined if those objectives will be achieved.
According to the Chartered Institute of Internal Auditors, risk-based auditing allows internal audit to conclude that:
- Management has identified, assessed and responded to risks above and below the risk appetite
- Responses to risks are effective but not excessive in managing inherent risks within the risk appetite
- Risk management processes, including the effectiveness of responses and the completion of actions, are being monitored by management to ensure they continue to operate effectively
- Risks, responses and actions are being properly classified and reported
Download this whitepaper by CaseWare Africa to find out how you can assess, respond to and analyse the risks in a risk-based audit.
