ABSTRACT
This chapter explains the attitudinal changes and the broader range of skills required together with the tools and techniques necessary to adopt the process and to become a world-class Internal Audit function. Risk-based audit is a process, an approach, a methodology and an attitude of mind rolled into one. The simplest way to think about risk-based audit conceptually is to audit the things that really matter to your organisation. The essence of risk-based audit is therefore customer-focused, starting with the objectives of the activity being audited, then moving on to the threats to achievement of those goals and then to the procedures and processes to mitigate the risks. Risk-based audit is therefore an evolution rather than a revolution, although the results obtained can be revolutionary in their magnitude. Risk-based audit builds on the Systems-based audit (SBA) approach focusing on the areas of the highest risk to the business and uses a different starting point, business objectives rather than controls.
