Risk Based Internal Audit-An Emperical Model For Implementation

Abstract

Internal auditing plays an important role in the efficiency and effectiveness of internal control system in organizations. Internal auditing should provide correct information to management about effectiveness of risk management and internal controls including compliance with organizational laws and regulations. At this time, there are different types of internal auditing, which primarily accept and apply procedures such as testing transactions, testing accuracy and reliability of accounting books and financial reports, the accuracy, reliability and timeliness of control reports and testing compliance with legal and regulatory requirements. However, none of these offer an opinion about qualitative aspects of organizational management, especially risk management. Therefore, it is necessary to redefine internal auditing and to determine the new scopes for it in order to ensure from adoption of modern risk management tools, adequacy and effectiveness of these tools and also helping organizational units to reduce risks. These changes in focus and attention of internal auditing are possible by revision in attitudes to audit and changing it to risk-based internal auditing. Regarding this matter, the main purpose of this study is to provide a comprehensive and practical model for implementing and using risk-based internal auditing in companies and organizations. This model is designed based on theoretical principles presented in the literature and relevant research as well as professional experience of the authors. Also, the designed model has been implemented in one of the large Iranian organizations, which increases the value and applicability of the model.