Risk based internal auditing
Let’s go back to basics:
So if you want to be sure that your organization achieves its objectives, you have to check all the controls aiming to reduce all the risks which threaten the achievement of those objectives. Which internal auditing aims to do. The term Risk based internal auditing arose from the need to distinguish internal auditing in this widest sense from ‘traditional’ internal auditing:
So risk based internal auditing is identical to the internal auditing expected by modern standards, that is involving all the risks threatening all the organization’s objectives. I believe therefore that we should not concentrate on implementing risked based internal auditing but on expanding the narrow interpretation of internal auditing. Ideally we should forget the term risk based internal auditing and make internal auditing what it should be. However, to avoid confusion, I will continue using risk based internal auditing on the website and books but think of it as internal auditing with the boundaries pushed out. Let’s sum this up in the slogan:
Risk based internal auditing: pushing out the boundaries
The aim of this website, and the books and spreadsheets available from it, is to push out the boundaries of internal auditing by providing practical ideas on implementing (risk based) internal auditing. These ideas are not meant to represent ‘best practice’ but to be thought provoking.
There are four books with associated spreadsheets
1. Book 1: Risk based internal auditing -
2. Book 2: Compilation of a risk and audit universe. This book aims to show you how to assemble a Risk and Audit Universe (RAU) for a typical company and extract audit programs from it.
4. Book 4 Audit Manual. This shows the audit working papers from an audit introduced in Book 1 and therefore provides a detailed account of how a risk based audit is carried out in practice. It is now inconsistent with the other books and I am thoroughly revising it. It is still available on the website as it will provide some ideas.
If you have any comments, please e-