Full Text

1.

Introduction

The occurrence of business failures highlights an inability among companies to identify risks associated with their strategic initiatives (Grant and Visconti, 2006). Because risks threaten the sustainability of organizations, it is paramount to properly manage risks. Changes in the business environment, advances in technology, and developments in regulatory frameworks have largely transformed the auditing approach adopted by the internal audit function (Lemon and Tatum, 2003; KPMG, 2007). Eventually, the adoption of risk-based auditing procedures will expand the scope of internal audit activities to include the integrated monitoring of all organizational activities (Selim and McNamee, 1999a). In essence, the use of structured risk-based audit procedures will reinforce the oversight duties performed by the internal audit function and the adequacy of audit coverage of key business activities.

The shift to using risk-based auditing underscores the importance of assessing the risks inherent in strategic and operational objectives (Selim and McNamee, 1999b). The internal audit function is expected to examine risks on an integrated rather than isolated basis (Matyjewicz and D'Arcangelo, 2004) and to incorporate standardized risk assessment procedures into annual internal audit planning (Koutopis and Tsamis, 2009) throughout the entire individual internal audit engagement process (Selim and McNamee, 1999b; Coetzee and Lubbe, 2014). The lack of integrated monitoring and inefficient assessment of risks at the strategic and operational level leads to the imprecise coverage of exposure to strategic and operational risks in the audit universe. In addition, when risk-based auditing procedures are not implemented consistently across all internal audit processes, the internal audit function ends up assessing the state of internal control rather than the state of risk (Selim and McNamee, 1999b; Verrault and Hyland, 2005). Moreover, Sarens (2009) also suggests that the auditing technique adopted could affect the quality of the internal audit work performed. Eventually, inconsistencies and non-standardized auditing procedures can result in poor audit coverage of key risk areas and the poor-quality performance of internal audit (Koutopis and Tsamis, 2009; Coetzee and Lubbe, 2014). Furthermore, Selim and McNamee (1999b) suggest that the adoption of risk-based auditing largely depends on the influence of internal monitoring mechanisms such as the audit committee, the internal audit attributes, and the risk management and internal control systems.

The aim of this study is to identify the relationship between...