Risk based Internal Audit (RBIA) is an internal methodology which is primarily focused on the inherent risk involved in the activities or system and provide assurance that risk is being managed by the management within the defined risk appetite level. It is the risk management framework of the management and seeks at every stage to reinforce the responsibility of management and BOD (Board of Directors) for managing risk.
Risk based internal audit is conducted by internal audit department to help the risk management function of the company by providing assurance about the risk mitigation. RBIA allows internal audit to provide assurance to the board that risk management processes are managing risks effectively, in relation to the risk appetite.
Improving your knowledge, skills and competency in risk assessments by Jason Mefford, Co-Founder, cRisk Academy - As auditors, we must develop the necessary knowledge, skill and competencies to make us effective auditors. We owe it to ourselves, and to our organizations. These concepts are discussed about over, and over again throughout the IIA standards and other materials. We gain these through various means, but one of the most important is through individual training. Read the article now!
A sample simple risk assessment methodology including criteria
Internal Auditing: A Risk Based Approach (Resources from David M. Griffiths)
Book: Introduction to RBIA
Risk based internal auditing - an introduction download pdf file(612 KB file)
Excel spreadsheets to use with the above download (256 KB)
Book: Implementation of risk based internal auditing
Risk based internal Auditing - Three Views on Implementation download pdf (444 MB)
Excel spreadsheets to use with the above download (542 KB)
Manual: RBIA manual
The manual download pdf (1.4 MB) or download the Word file (1MB)
Excel spreadsheet to use with the above download (56 KB)
Database: Microsoft Access database of risks, controls and assurance.
Database: Risk and Audit Universe
Example download Excel spreadsheet (190 KB)
Database: Audit database
Expense purchases audit download Excel database (130KB)
Resources on Risk Assessment & Risk Management
Compliance Executive an online news and feature portal focusing on the areas of corporate governance, risk and compliance and reaches 45,000 senior level financial and legal executives throughout the US.
Operational Risk Information Community - information community resource center and forum for operational risk management and measurement professionals.
RISK TV Risk Television is an Internet Television Network devoted exclusively to risk management research.
Articles on Risk Assessment
- Auditing in the New Millennium
- Risk Assessment When Auditing E-commerce Activities
- Risk Assessment Do's and Don'ts
- Risk Assessment Tools-A Primer
- Risk Assessment Conduit for Internal Audit
- Risk Assessment by Internal Auditors Using Past Research on Bankruptcy
- Best Practices in Risk Management: Private and Public Sectors Internationally
- Integrated Risk Management Framework - from the Treasury Board of Canada
- Risk Management Best Practices, Case Studies, and Related information - Version 1 CD from Pleier and Associates.
- Risk Survey by KPMG Canada profiles risk management practices in Canada's leading organizations. The business leaders were identified from Canada's top 500 companies as ranked by The Financial Post. Government leaders were selected from the federal civil service. A total of 101 interviews were completed.
- Information Security Risk Assessment: Practices of Leading Organization is a GAO document on the subject.
Handbook of Integrated Risk Management for E-Business: Measuring, Modeling and Managing Risk By: Abderrahim Labbi
Review Guide to an Audit of Risk Management www.tbs-sct.gc.ca/Pubs_pol/dcgpubs/TB_H4/RISK1E.html
Guide to Fraud Risk Assessment
Risk Assessment Standards Toolkit
- Firm Risk Assessment Framework from the UK Financial Services Authority
- Risk Assessment Models
- City of San Jose Office of the City Auditor Risk Assessment Library provides a risk procedure for city departments.
- KnowledgeLeader Internal Audit and Risk Management Community is a subscription-based website that provides, tools, resources and best practices to help internal auditors save time, manage risk, and add value.
- Yale University www.yale.edu/auditing/balancing_risks.htm
- Tampa Internal Audit Departmental Risk Analyses - links to local government risk analysis worksheets -
- Risk Assessment Measurement - ISACA standard
- Use of Risk Assessment in Audit Planning - ISACA
- Understanding Internal Controls - www.ucop.edu/ctlacct/under-ic.pdf is a guide from the University of California Financial Management Controls and Accountability which includes a section on Risk Assessment
- Activity Based Risk Evaluation Model of Auditing (ABREMA) ...Australian Educational Research Pty Ltd.
- Business Risk Management Ltd.
Sample Risk Methodologies
- Audit Survey of the Joint Architect of the Capitol www.house.gov/IG/95aoc27/report.htm
- Indiana University Self Assessment Tool wwwdb.ucs.indiana.edu/internalauditing/Scripts/login.cfm log in anonymously for an example of the tool available through the audit department.
- Jefferson Lab Risk Assessment Criteria www.jlab.org/div_dept/audit/strategy.html
- Risk Based Methodology for Colleges and Universities amas.ucsd.edu/Documents/D%20-%20Quantitative%20Risk%20Model%202000.pdf from the Risk Based Audit Work Group.
Software (links available from AuditNet)
- AuditLeverage www.auditleverage.com from IAD Solutions
- CCH TeamMate
- AutoAudit from Paisley Consulting www.paisleyconsulting.com
- Galileo www.GalileoOnTheWeb.com
- Magique Risk Management System www.horwathsoftware.co.uk/Magique
- Pentana www.pentana.com
- Rank It Risk Assessment Tool demo available from AuditNet
- @Risk www.palisade.com Trial version
- IT Risk Assessment Template (Excel) from the AuditNet inventory
Factors - Criteria used to identify the relative significance of and
conditions/events may occur that could adversely affect the organization.
- Risk Matrix (Risk Matrix 2.20) - Risk Matrix is an automated tool, developed by Mitre Corporation with the federal government to facilitate the structured approach for identifying risk and assessing its potential program impact. The matrix and users guide are available from the auditnet site at www.auditnet.org.
- Self Examination for your Internal Audit Department provides "A" Test for Corporate Governance and "A" Test for Risk Assessment & Audit Planning .
- Audit Services is a training consultant that offers a seminar on risk assessment.
- MIS Training Institute www.misti.com
- Risk Management for Internal Auditors and Business Managers audittrends.com/Seminars8.htm