ABSTRACT
Through the first four chapters, we have evaluated the following: • The lessons learned within a CAE role • Understanding the definition of internal audit and executing
upon the internal audit Standards • Internal audit staffing and resourcing models • Executing independence and objectivity as internal audit Each topic is critical to understand before attempting to execute
internal audit responsibilities. Within this chapter, we will cover concepts related to:
• Risk-based auditing • Interpreting and understanding risk and control gaps • Variance between consulting and assurance engagements • Internal audit’s role in governance and fraud processes • Internal audit’s role as educators As we review each of these concepts, we will apply critical chal-
lenge questions for areas where internal auditors may face difficulties. This will provide ideas and alternatives for the most effective application of each concept. These challenges include:
• Challenge 31: Audit Planning Phase • Challenge 32: Audit Process Area Control Structure • Challenge 33: Using COSO as Part of the Risk-Based Audit
Process • Challenge 34: Understanding, Identifying, and Assessing
Risk
• Challenge 35: The Concept of Tolerance versus Risk Appetite
• Challenge 36: Summarizing Results and Identifying Risk Mitigating Actions
• Challenge 37: Evaluating the Board of Directors • Challenge 38: Internal Audit’s Role in Fraud Awareness • Challenge 39: Internal Audit’s Role in Risk Assessment • Challenge 40: Internal Audit’s Role in Fraud Investigation • Challenge 41: Internal Auditors as Consultants
Chapters 1 through 4 included various discussions on the importance of a strong understanding of risk-based auditing, how it is applied, and how management views the topic. As discussed, a risk-based audit approach starts with the need for internal auditors to understand the organization, its business environment, and the varying impacts changing business conditions may have on the entity. When referring to a risk-based audit approach, the internal audit team should clarify the scope of their reference and the manner in which they intend to execute upon the methodology. This chapter will deal with how internal audit could execute on a holistic approach to risk-based auditing that extends through the various phases of audit plan development, audit execution, and audit reporting.
