RISK-BASED AUDITING IN PRACTICE: A SYSTEMATIC REVIEW OF IMPLEMENTATION AND IMPACT
Article Sidebar
Main Article Content
Abstract
As companies look to align audit processes with risk exposure rather than solely with compliance, risk-based auditing (RBA) has become increasingly important in contemporary auditing. Nevertheless, despite its theoretical advantages, RBA's actual application remains uneven, and its efficacy varies across industries and audit settings. This study's objective is to methodically investigate the practical application of RBA and assess its quantifiable effects on audit performance using the available empirical data. This study screens peer-reviewed journal papers published between 2010 and 2024 using a systematic literature review process that adheres to PRISMA principles. To evaluate implementation tactics, operational difficulties, and quantitative results about RBA adoption, a total of 23 qualifying papers were examined. The findings show that RBA implementation is rising worldwide, especially among regulated businesses, public bodies, and financial institutions. Improvements in audit effectiveness and operational efficiency are demonstrated by quantitative evidence from the reviewed studies, including quantifiable reductions in audit time reported in 7 studies, increases in risk-prioritization accuracy in 9 studies, and improvements in audit resource-allocation efficiency documented in 6 studies. Compared with conventional audit techniques, several studies also demonstrate improved identification of high-risk audit concerns. The main conclusions show that RBA adoption strengthens audit decision-making, increases assurance quality, and improves alignment between audit operations and organizational risk exposure. However, the data also show that differences in organizational preparedness, audit maturity, and training quality affect performance and implementation outcomes.
JEL Classification Codes: M42, M48, G32, C83.
Downloads
Article Details
Section
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
References
Abdolmohammadi, M. J., Burnaby, P., & Hass, S. (2013). A framework for developing high-quality internal audit practices. Managerial Auditing Journal, 28(4), 306–322. https://doi.org/10.1108/02686901311311918
Arena, M., & Azzone, G. (2009). Identifying organizational drivers of internal audit effectiveness. International Journal of Auditing, 13(1), 43–60. https://doi.org/10.1111/j.1099-1123.2008.00392.x
Arena, M., Arnaboldi, M., & Azzone, G. (2010). The organizational dynamics of Enterprise Risk Management. Accounting, Organizations and Society, 35(7), 659–675. https://doi.org/10.1016/j.aos.2010.07.003
Christopher, J., Sarens, G., & Leung, P. (2009). A critical analysis of the independence of the internal audit function: Evidence from Australia. Accounting, Auditing & Accountability Journal, 22(2), 200–220. https://doi.org/10.1108/09513570910933942
Christopher, J., Leung, P., & Sarens, G. (2016). Internal audit: Are we ready? Managerial Auditing Journal, 31(2), 169–187. https://doi.org/10.1108/MAJ-03-2015-1177
Eulerich, M., Theis, J., & Velte, P. (2017). Self-perception of the internal audit function within corporate governance: Empirical evidence for the European Union. Problems and Perspectives in Management, 15(2), 243–253. https://doi.org/10.21511/ppm.15(2-1).2017.04
Goodwin-Stewart, J., & Kent, P. (2006). The use of internal audit by Australian companies. Managerial Auditing Journal, 21(1), 81–101. https://doi.org/10.1108/02686900610634775
Gramling, A. A., Maletta, M. J., Schneider, A., & Church, B. K. (2013). The role of the internal audit function in corporate governance: A synthesis of the extant internal auditing literature and directions for future research. Journal of Accounting Literature, 32, 1–29. https://doi.org/10.1016/j.acclit.2013.10.001
Institute of Internal Auditors (IIA). (2013). The IIA’s Global Internal Audit Standards. Altamonte Springs, FL: The Institute of Internal Auditors.
Knechel, W. R. (2013). Do auditing standards matter? Current Issues in Auditing, 7(2), A1–A16. https://doi.org/10.2308/ciia-50567
Moffitt, K. C., & Vasarhelyi, M. A. (2013). AIS in an age of big data. Journal of Information Systems, 27(2), 1–19. https://doi.org/10.2308/isys-10368
Power, M. (2004). The Risk Management of Everything: Rethinking the Politics of Uncertainty. London: Demos.
Prawitt, D. F., Smith, J. L., & Wood, D. A. (2008). Internal audit quality and earnings management. The Accounting Review, 84(4), 1255–1280. https://doi.org/10.2308/accr.2009.84.4.1255
Reding, K. F., Sobel, P. J., Anderson, U. L., Head, M. J., Ramamoorti, S., Salamasick, M., & Riddle, C. (2020). Internal Auditing: Assurance and Advisory Services (4th ed.). The Institute of Internal Auditors Research Foundation.
Roussy, M. (2015). Welcome to the day-to-day of internal auditors: How do they cope with conflicts? Auditing: A Journal of Practice & Theory, 34(2), 237–264. https://doi.org/10.2308/ajpt-50907
Sarens, G., & De Beelde, I. (2006). Internal auditors’ perception about their role in risk management: A comparison between US and Belgian companies. Managerial Auditing Journal, 21(1), 63–80. https://doi.org/10.1108/02686900610634766
Sarens, G., Allegrini, M., D'Onza, G., & Melville, R. (2012). Are internal auditing practices related to the internal audit function's involvement in risk management? Managerial Auditing Journal, 27(1), 34–54. https://doi.org/10.1108/02686901211186188
Spira, L. F., & Page, M. (2003). Risk management: The reinvention of internal control and the changing role of internal audit. Accounting, Auditing & Accountability Journal, 16(4), 640–661. https://doi.org/10.1108/09513570310492335