Subscribe for NewsLetters
Email: *
First Name: *
Last Name:
Enter Captcha:*
Wk Audit Net 468x60 Ad 1
Workiva Auditors Playbook 468x60 1

AuditNet® Audit-library::Auditnet™-risk-based-internal-audit-resource-center

Risk based Internal Audit (RBIA) is an internal methodology which is primarily focused on the inherent risk involved in the activities or system and provide assurance that risk is being managed by the management within the defined risk appetite level. It is the risk management framework of the management and seeks at every stage to reinforce the responsibility of management and BOD (Board of Directors) for managing risk.

Risk based internal audit is conducted by internal audit department to help the risk management function of the company by providing assurance about the risk mitigation. RBIA allows internal audit to provide assurance to the board that risk management processes are managing risks effectively, in relation to the risk appetite.

C Risk Logo  Improving your knowledge, skills and competency in risk assessments by Jason Mefford, Co-Founder, cRisk Academy - As auditors, we must develop the necessary knowledge, skill and competencies to make us effective auditors. We owe it to ourselves, and to our organizations. These concepts are discussed about over, and over again throughout the IIA standards and other materials. We gain these through various means, but one of the most important is through individual training.  Read the article now!

A sample simple risk assessment methodology including criteria

Internal Auditing: A Risk Based Approach (Resources from David M. Griffiths)

Book: Introduction to RBIA

Risk based internal auditing - an introduction download pdf file(612 KB file)

Excel spreadsheets to use with the above download (256 KB)

Book: Implementation of risk based internal auditing

Risk based internal Auditing - Three Views on Implementation download pdf (444 MB)

Excel spreadsheets to use with the above download (542 KB)

Manual: RBIA manual

The manual download pdf (1.4 MB) or download the Word file (1MB)

Excel spreadsheet to use with the above download (56 KB)

Database: Microsoft Access database of risks, controls and assurance.

Database: Risk and Audit Universe

Example download Excel spreadsheet (190 KB)

Database: Audit database

Expense purchases audit download Excel database (130KB)

Resources on Risk Assessment & Risk Management

Compliance Executive an online news and feature portal focusing on the areas of corporate governance, risk and compliance and reaches 45,000 senior level financial and legal executives throughout the US.

Operational Risk Information Community - information community resource center and forum for operational risk management and measurement professionals.

RISK TV Risk Television is an Internet Television Network devoted exclusively to risk management research.

Articles on Risk Assessment

  1. Auditing in the New Millennium
  2. Risk Assessment When Auditing E-commerce Activities
  3. Risk Assessment Do's and Don'ts
  4. Risk Assessment Tools-A Primer
  5. Risk Assessment Conduit for Internal Audit
  6. Risk Assessment by Internal Auditors Using Past Research on Bankruptcy

Best Practices

  1. Best Practices in Risk Management: Private and Public Sectors Internationally
  2. Integrated Risk Management Framework - from the Treasury Board of Canada
  3. Risk Management Best Practices, Case Studies, and Related information - Version 1 CD from Pleier and Associates.
  4. Risk Survey by KPMG Canada profiles risk management practices in Canada's leading organizations. The business leaders were identified from Canada's top 500 companies as ranked by The Financial Post. Government leaders were selected from the federal civil service. A total of 101 interviews were completed.
  5. Information Security Risk Assessment: Practices of Leading Organization is a GAO document on the subject. 



Handbook of Integrated Risk Management for E-Business: Measuring, Modeling and Managing Risk By: Abderrahim Labbi


Review Guide to an Audit of Risk Management

Guide to Fraud Risk Assessment

Risk Assessment Standards Toolkit

Risk Frameworks

  1. Firm Risk Assessment Framework from the UK Financial Services Authority
  2. Risk Assessment Models

Web Sites

  1. City of San Jose Office of the City Auditor Risk Assessment Library provides a risk procedure for city departments.
  2. KnowledgeLeader  Internal Audit and Risk Management Community is a subscription-based website that provides, tools, resources and best practices to help internal auditors save time, manage risk, and add value.
  3. Yale University
  4. Tampa Internal Audit Departmental Risk Analyses - links to local government risk analysis worksheets -
  5. Risk Assessment Measurement - ISACA standard
  6. Use of Risk Assessment in Audit Planning - ISACA
  7. Understanding Internal Controls - is a guide from the University of California Financial Management Controls and Accountability which includes a section on Risk Assessment

Risk Reports

Sample Risk Methodologies

  1. Audit Survey of the Joint Architect of the Capitol
  2. Indiana University Self Assessment Tool log in anonymously for an example of the tool available through the audit department.  
  3. Jefferson Lab Risk Assessment Criteria
  4. Risk Based Methodology for Colleges and Universities from the Risk Based Audit Work Group.

Software (links available from AuditNet)

  1. AuditLeverage from IAD Solutions
  2. CCH TeamMate
  3. AutoAudit from Paisley Consulting
  4. Galileo
  5. Magique Risk Management System
  6. Pentana
  7. Rank It Risk Assessment Tool demo available from AuditNet
  8. @Risk Trial version


  1. IT Risk Assessment Template (Excel) from the AuditNet inventory
  2. Risk Factors - Criteria used to identify the relative significance of and likelihood that
    conditions/events may occur that could adversely affect the organization.
  3. Risk Matrix (Risk Matrix 2.20) - Risk Matrix is an automated tool, developed by Mitre Corporation with the federal government to facilitate the structured approach for identifying risk and assessing its potential program impact. The matrix and users guide are available from the auditnet site at
  4. Self Examination for your Internal Audit Department provides "A" Test for Corporate Governance and "A" Test for Risk Assessment & Audit Planning .


  1. Audit Services is a training consultant that offers a seminar on risk assessment. 
  2. MIS Training Institute
  3. Risk Management for Internal Auditors and Business Managers