2012 | 1–2/2012 (14–15) | 48 - 58
Article title

Risk Based Internal Audit An Empirical Model For Implementation

Title variants
Languages of publication
nternal auditing plays an important role in the efficiency and effectiveness of internal control system in organizations. Internal auditing should provide correct information to management about effectiveness of risk management and internal controls including compliance with organizational laws and regulations. At this time, there are different types of internal auditing, which primarily accept and apply procedures such as testing transactions, testing accuracy and reliability of accounting books and financial reports, the accuracy, reliability and timeliness of control reports and testing compliance with legal and regulatory requirements. However, none of these offer an opinion about qualitative aspects of organizational management, especially risk management. Therefore, it is necessary to redefine internal auditing and to determine the new scopes for it in order to ensure from adoption of modern risk management tools, adequ- acy and effectiveness of these tools and also helping organizational units to reduce risks. These changes in focus and attention of internal auditing are possible by revision in attitudes to audit and changing it to risk-based internal auditing. Regarding this matter, the main purpose of this study is to provide a␣comprehensive and practical model for implementing and using risk-based internal auditing in companies and organizations. This model is designed based on theoretical principles presented in the literature and relevant research as well as professional experience of the authors. Also, the designed model has been implemented in one of the large Iranian organizations, which increases the value and applicability of the model.
48 - 58
Physical description
  • Ferdowsi University of Mashhad
  • Rahyaft and Partners
  • Research and Development Center of the Rahyaft and Partners
  • Basel Committee on Banking Supervision (2000). Internal audit in banking organizations and the relationship of the Supervisory authorities with internal and external auditors.
  • Basu, V., Hartono, E., Lederer, A.L. and Sethi, V. (2002). The impact of organizational commitment, senior management involvement and team involvement on strategic information systems planning. Information and Management, 39: 513–524.
  • Bou-Raad, G. (2000). Internal Auditors and a Value- Added Approach: The New Business Regime. Managerial Auditing Journal, 15(4): 182–186.
  • Brody, R.G. and Lowe, D.J. (2000). The New Role of Internal Auditor: Implications for Internal Auditor Objectivity. International Journal of Auditing, 4(2): 169–176.
  • Cooper, B.J., Leung, P. and Mathews, C. (1996). Benchmarking-a Comparison of Internal Audit in Australia, Malaysia and Hong Kong. Managerial Auditing Journal, 11(1): 23–29.
  • Dean, M., Feucht, S.J. and Smith, L.M. (2008). International Transfer Pricing Issues and Strategies for the Global Firm. Internal Auditing, 23(1): 12–19.
  • Deloitte (2005). Optimizing the Role of Internal Audit in the Sarbanes-Oxley Era. Available from:
  • Earl, M.J. (1993). Experiences in strategic information systems planning. MIS Quarterly, 22: 1–24.
  • Eden, D. and Moriah, L. (1996). Impact of Internal Auditing on Branch Bank Performance: A Field Experiment. Organization Behavior and Human Decision Processes, 68(3): 262–271.
  • Elahi, S., Abdi, B. and Shayan, A. (2006). E-Banking and Managerial Challenges: Change Management. First Annual Summit E-Banking. Teheran, Iran.
  • Gramling, A.A. (1999). External auditors’ reliance on work performed by internal auditors: the influence of fee pressure on this reliance decision. Auditing: A Journal of Practice & Theory, 18: 117–135.
  • Griffiths, D.M. (2006). Risk Base Internal Auditing- an Introduction. Available from:
  • Harrington, C. (2004). Internal Audit’s New Role. Journal of Accountancy, 198(3): 65–70.
  • Kamal, M.M. (2006). IT Innovation Adoption in the Government Sector: Identifying the Critical Success Factors. Journal of Enterprise Information Management, 19(2):192–222.
  • Leithhead, B.S. (2000). In touch with the top. Internal Auditor, 57.
  • Marche, S., and McNiven, J.D. (2003). “E-Government and E-Governance: The Future isn’t what it used to be”. Canadian Journal of Administrative Sciences (2), pp. 74-86.
  • Ngai, E.W.T., Poon, J.K.L. and Chan, Y.H.C. (2007). Empirical Examination of the Adoption of WebCT Using TAM. Computers & Education, 48: 250–267.
  • Park, N., Roman, R., Lee, S. and Chung, J. (2009). User Acceptance of a Digital Library System in Developing Countries: An Application of the Technology Acceptance Model. International Journal of Information Management, 29: 196–209.
  • Rezaee, Z. (2009). Corporate Governance and Ethics. New York: John Wiley and Sons.
  • Roy, A.K. (2008). Risk Based Internal Audit-Need for Such Approach in Banking Sector for Implementation of Basel Ii Accord: Bangladesh Perspective.
  • The Bangladesh Accountant, July–September
  • Schneider, A. and Wilner, N. (1990). A Test of Audit Deterrence to Financial Reporting Irregularities Using Randomized Response Technique. The Accounting Review, 65(3): 668–681.
  • Smith, L.M. (2006). Audit Committee Effectiveness: Did the Blue Ribbon Committee Recommen dations Make a Difference? International Journal of Accounting, Auditing and Performance Evaluation, 3(2): 240–251.
  • Spira, L.F. and Page, M. (2003). Risk Management: The Reinvention of Internal Control and the Changing Role of Internal Audit, Accounting Auditing and Accountability Journal, 16 (4): 640–661.
  • Wallace, W.A. (1984). A Time Series Analysis of the Effect of Internal Audit Activities on External Audit Fees. Altamonte Spring, FL: Institute of Internal Auditors.
  • Warren, D. and Smith, L.M. (2006). Continuous Auditing: An Effective Tool for Internal Auditors. Internal Auditing, 21(2): 27–35.
Document Type
Publication order reference
YADDA identifier
JavaScript is turned off in your web browser. Turn it on to take full advantage of this site, then refresh the page.