Introduction
Over the last few years, cyber-crimes have grown in number and in the ways cybercriminals exploit them. Due to this, the need to manage risks has been recognized by organizations and adopted as a crucial part of a good governance best practice.
A Risk-Based Internal Audit (RBIA) is focused on the organization’s response to the risks they face in achieving their goals and objectives. An RBIA differs from other types of audits as it is based on the business goals and their associated risks. With this approach, internal auditors gain other responsibilities — now they not only manage the control activities, but also add an important contribution in the development of the risk management processes by defining the organization’s universe of risk.
This article focuses on RBIA and describes a method to select the high-risk fields via risk assessment as a focal point. This provides time and cost saving in the audit because other controls with minor impacts to the business risk are placed in a different “bag.”
Benefits of Conducting an RBIA
Writing in the European Journal of Accounting Auditing and Finance Research, Dr. Vahit Ferhan Benli and Duygu Celayir summed up the…
