Home 1 RBIA Introduction 2 RBIA Compiling an RAU 3 RBIA Implementation 4 RBIA Audit Manual RBIA Audit programs COSO Audit program users RBIA images Links introduction

Risk based internal auditing

What is risk based internal auditing?

Let’s go back to basics:

So if you want to be sure that your organization achieves its objectives, you have to check all the controls aiming to reduce all the risks which threaten the achievement of those objectives. Which internal auditing aims to do. The term Risk based internal auditing arose from the need to distinguish internal auditing in this widest sense from ‘traditional’ internal auditing:

So risk based internal auditing is identical to the internal auditing expected by modern standards, that is involving all the risks threatening all the organization’s objectives. I believe therefore that we should not concentrate on implementing risked based internal auditing but on expanding the narrow interpretation of internal auditing. Ideally we should forget the term risk based internal auditing and make internal auditing what it should be. However, to avoid confusion, I will continue using risk based internal auditing on the website and books but think of it as internal auditing with the boundaries pushed out. Let’s sum this up in the slogan:

Risk based internal auditing: pushing out the boundaries

What’s the aim of this website?

The aim of this website, and the books and spreadsheets available from it, is to push out the boundaries of internal auditing by providing practical ideas on implementing (risk based) internal auditing. These ideas are not meant to represent ‘best practice’ but to be thought provoking.

There are four books with associated spreadsheets

1. Book 1: Risk based internal auditing - an introduction. This introduces risk-based principles and details the implementation of risk based auditing for a small charity providing famine relief, as an example. It includes example working papers.

2. Book 2: Compilation of a risk and audit universe. This book aims to show you how to assemble a Risk and Audit Universe (RAU) for a typical company and extract audit programs from it.

3. Book 3: Three views on implementation. Looks at the implementation of risk based internal auditing from three points-of-view: the board; Chief Audit Executive (CAE); internal audit staff.

4. Book 4 Audit Manual. This shows the audit working papers from an accounts payable audit and therefore provides a detailed account of how a risk based audit is carried out in practice.

Links to books and other resources

If you have any comments, please e-mail me

(My submission to the IIA on the proposed enhancements to the IPPF are here)

Aim of this site

To provide practical ideas as to how to implement risk based internal auditing. It’s based on my 30 years experience of accounting systems, about half of these being in the internal audit department of a  UK company (£5bn turnover), where I was the Group Head of Internal Audit (Chief Audit Executive).

Internal auditing

Internal auditing provides an independent and objective opinion to an organization's management as to whether its risks are being managed to acceptable levels.