ABSTRACT
The risk-based audit approach is to focus the audit effort primarily towards the most significant risks faced by the business. It is recognised that the capability of Internal Audit to audit some activities is a key factor. The audit universe is the complete schedule of all possible audit topics and this schedule includes both audit types and the locations at which such assignments could be completed. The most significant inherent risks form the primary focus for Internal Audit attention. The inherent risks should be used because the audit will evaluate the effectiveness of the controls in place and therefore confirm or otherwise the remaining or residual risk. The risks in the green zone are the audits which identify the greatest opportunities, as these can often be area that are over-managed or over-controlled. The level of assurance which provided by Internal Audit is only additional rather than fundamental and this enhanced by the use of computer-assisted audit techniques.
