Improving the Efficiency and Effectiveness of Risk‐Based Internal Audit Engagements

Document

Cited in

Published date	01 July 2014
DOI	http://doi.org/10.1111/ijau.12016
Author	Philna Coetzee,Dave Lubbe
Date	01 July 2014

Improving the Efficiency and Effectiveness of Risk-Based Internal

Audit Engagements

Philna Coetzee1and Dave Lubbe2

1University of Pretoria

2University of the Free State

The role of internal auditing in assisting with the mitigation of key risks threatening organisations has increased,

not least, for example, in ensuring that engagementsare performed more effectively and efficiently,and that all the

key risks of organisations are addressed, but also to ensure that scarce internal audit resources are used optimally.

This article describes the development of a model that can be used by internal auditors to perform this task. The

model was developed from a study of the academic literature, current business practice norms, and other

documentation whereafter it was tested in a practical scenario, and input from heads of internal audit departments

in prominent South African organisations was obtained. The findings of the study, inter alia, support the use of the

model. However, a concern is that the risk management strategy currently implemented by organisations is not

mature enough for internal auditing to rely on the outcome of the risk management process, a prerequisite for the

model to function optimally. A second concern is that internal auditing is reluctant to use a pure risk-based

approach when performing audit engagements and still prefers to use a control-based approach with more

emphasis placed on high risk areas.

Key words: Internal auditing, engagement planning, risk management process, internal audit engagement process,

risk-based internal audit engagements, views of chief audit executives, audit more effective and efficient

1. INTRODUCTION

Risk and the management thereof is not a new concept.In

recent years, risk taking and its managementhas taken on

a new dimension. One such example is the risks taken

which resulted in the current global financial crisis. The

global financial crisis was in many ways a shock to the

business world, the biggest problem being that it was

not foreseen by economists, and relevant stakeholders,

organisations and governments were caught unprepared.

In May 2007 the Organisation for Economic Co-operation

and Development made the following statement: ‘the

current economic situation is in many ways better than

what we have experienced in years. Our central forecast

remains indeed quite benign’ (cited in Keen, 2008). Three

months later this statement was contradicted as markets

in the United States of America went into decline: house

prices fell and organisations went into serious financial

crisis. This wasrapidly followed by the rest of the world’s

financial markets and other organisations that ran into

financial difficulties (Keen, 2008). Many argued that the

core of this crisis was the lack of an effective and efficient

risk management strategy (Lam, 2009: 23; Hull, 2009: 3),

and the question was asked: Where were the auditors? –

referring to both internal and external auditors(Mathker,

2008; Olah, 2009: 11; Lubbe, 2009).

Thetypes of risks that initiated the global financial crisis

are typicallyonly discovered by a sound risk management

strategy, something that the board are responsible for

(IOD, 2009: 73–76), but that internal auditors need to

ensure is functioning efficiently and effectively (IOD,

2009: 80; IIA, 2012: 2120); and, if so, incorporate the

investigation of the mitigationof the key risks threatening

the organisation into their activities. At the same time,

the evolution of corporate governancehas forced manage-

ment to revisit the roles and responsibilities of various

parties (Gramling, Maletta, Schneider & Church, 2004:

195; Gendron, Cooper & Townley, 2007: 105), arguably the

most important being the internal audit function.

Furthermore, the internal audit profession has realised

that it will have to adapt to the changing environment in

which it operates,an idea supported by a study performed

by PricewaterhouseCoopers(2008), which concluded that

it is essential for the profession to adopt new mindsets if it

wants to retain a key rolein the future.

Risk management and internal auditing have a

connection, as can be seen from the above discussion,

and this has been substantiated by many recent studies

and surveys. However, most of these, although referring

to risk-based internal auditing, reflect on the role

that internal auditing should play with regard to the

organisation’s overall risk management strategy; with

recommendations ranging from providing assurance on

the soundness of the strategy to taking responsibility

for its implementation. Furthermore, although some

literature refers to the concept of risk-based internal

auditing (Pelletier, 2008: 73; IOD, 2009: 94; Koutoupis &

Tsamis, 2009: 106; Castanheira, Rodrigues & Craig, 2010:

83), this term focuses on the internal audit function’s

annual plan based on the strategic risks inherent in the

plan. Both these scenarios ignore the potential benefits of

using risk methodologies as the basis when performing

internal audit engagements. Research papers supporting

this tendency include a study of the internal audit

methodologies of Greek banks (Koutoupis & Tsamis,

2009: 102), which revealed that many internal audit

functions, although using the term ‘risk-based internal

auditing’, could not justify its use since any form of

risk assessment or risk-based audit planning was

conspicuously absent, thus undermining the term

‘risk-based internal auditing’ even further. This lack of

risk-based internal audit engagement is also supported

in a study by Castanheira et al. (2010: 95) where most

participants indicated that they do perform risk-based

planning for their annual internal audit plan, but that

Correspondence to: Philna Coetzee, Professor in Auditing, Department

of Auditing, University of Pretoria, South Africa. Email: philna.

coetzee@up.ac.za

International Journal of Auditing doi:10.1111/ijau.12016

Int. J. Audit. 18: 115–125 (2014)

To continue reading

Request your trial

Subscribers can access the reported version of this case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the cited cases and legislation of a document.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the documents that have cited the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the revised versions of legislation with amendments.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see any amendments made to the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a visualisation of a case and its relationships to other cases. An alternative to lists of cases, the Precedent Map makes it easier to establish which ones may be of most relevance to your research and prioritise further reading. You also get a useful overview of how the case was received.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the list of results connected to your document through the topics and citations Vincent found.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Improving the Efficiency and Effectiveness of Risk‐Based Internal Audit Engagements

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users