A risk‐driven approach to the internal audit

Internal auditors should consider the risks pertinent to an auditee when planning the work. Internal auditors may select a procedures‐driven approach or a risk‐driven approach. In a procedures‐driven approach, the audit procedures are chosen without full consideration of the risks present. Rather, the internal auditor may use procedures because they are commonly employed or because they were used on the last examination of the auditee. In a risk‐driven approach, specific procedures are planned only after consideration of the risks. A risk‐driven approach is generally more effective and efficient than a procedures‐driven approach because the internal auditor′s efforts are focused on areas with relatively more risk.