Doctoral Degrees (School of Accountancy)

Permanent URI for this collection

http://hdl.handle.net/11660/149

Browse

Browsing Doctoral Degrees (School of Accountancy) by Author "Coetzee, Georgina Phillipina (Philna)"

Now showing 1 - 1 of 1
  • Thumbnail Image
    ItemOpen Access
    A risk-based audit model for internal audit engagements
    (University of the Free State, 2010-11) Coetzee, Georgina Phillipina (Philna); Lubbe, D. S.
    English: Many factors have played and are still playing contributing roles as to why internal auditors need to perform internal audit engagements more effectively and efficiently. The internal audit profession finds itself within a rapidly changing environment. The external factors affecting the profession include the various pieces of new guidance and legislation that are constantly being issued, the current global financial crisis, the occurrence of corporate and public scandals and the increased globalisation of the business environment, to name but a few. Internal factors within the organisation include management’s increased demand for internal auditing to add value, the enhancement of coordination between all the various assurance providers, such as the external and internal auditors, and the increased role of internal auditing in assisting with the management of risks that threaten the achievement of the organisation’s objectives. Within this environment the internal audit profession is growing at a tremendous rate, but at the same time it is reported that there is still a scarcity of competent internal auditors, especially in the fields of information technology and risk management. The Institute of Internal Auditors, as the governing body of the profession, is attempting to address this need by continuously issuing new professional guidance and performing research studies to provide its members with information and direction. This study investigates the evolution of the internal audit profession as well as the concepts of corporate governance and risk management, and the role of internal auditing within these fields. It specifically focuses on how internal auditors can incorporate risk in the execution of an internal audit engagement to improve their methodology; thus performing engagements more effectively and efficiently. A comprehensive literature review was conducted on these topics and a preliminary risk-based internal audit engagement model was developed based on the literature. Thereafter, organisations in both the private and the public sectors in South Africa were examined via a maturity scorecard to determine which organisations were risk mature. The top five risk mature organisations in each sector were included in the second empirical study, with the main objective of obtaining input from their chief audit executives to refine the initial risk-based engagement model. Lastly, the model was tested in a practical scenario, using a case study approach, to determine whether there may be improvements in the execution of the internal audit engagement. The results of the three empirical studies were then used to finalise the model. The study concludes that the risk-based internal audit model can be used during the planning phase of an assurance engagement, improving the process as follows: • Areas with medium to high operational risks are included in the planning of the internal audit engagement. • Low-risk areas are not included in the planning phase other than on a surprise basis according to the internal auditor’s professional judgement. • High-risk areas (inherent risk) that remain high after appropriate controls have been implemented (residual risk) are reported to management on a timely basis. The use of this model will ensure that internal auditors focus on the areas that need urgent attention and not waste time on areas that are comparatively insignificant. This will mean that scarce internal audit resources can be allocated to areas where they will add the most value to the organisation. Although it was not a main objective of this study, it was found that the risk management framework and processes, and to a lesser extent the role of internal auditing regarding risk-related aspects within the public sector, need improvement to be in line with legislation, other guidance and best practices.