Risk Based Internal audit

RBIA is a methodology that provides assurance that risks are being managed to the org’s risk appetite.

It is impossible to eliminate all the risks completely but we reduce it to a level that the board considers acceptable , the risk appetite of the org. Thus RBIA provides assurance to an org that risks, both Inherent and Control risks can be well managed by implementing a sound risk management framework.


  • Provides information to the directors of the org , how effective the internal audit resources are checking various risk responses and highlights risks that pose a serious threat to the organization.
  • Highlights risks that are over-controlled therefore consuming more resources.


  • Assess the risk maturity of the organisation.
  • Assign the risks to an audit that will examine the management.
  • Set up the Risk and Audit Universe (RAU) and draw up the plan for carrying out the audits.
  • Carry out individual risk based audits using ACL analytics & other tools and provide feedback of the audit results into the RAU.