A multi-objective optimization approach for integrated risk-based internal audit planning.

Abstract

Annual audit planning is a multi-criteria decision-making problem faced by internal audit departments of all organizations. Due to the constrained audit resources, the planning process primarily involves the analysis and evaluation of complex factors for selecting auditable units that maximize the full potential of internal audit. Previous research on internal audit planning only focused on the goal of risk minimization and applied ranking methods to prioritize alternatives. In order to enable internal audit activities to add more value to the organization, the integrated risk-based internal audit planning is proposed to assist audit department in achieving multiple objectives in addition to risk management. Meanwhile, a multi-stage framework is proposed to support the development of such value-added internal audit plan. The new framework integrates the risk assessment of auditable units with the selection of audit activities and resource allocation through a combined analytic hierarchy process (AHP), fuzzy comprehensive evaluation (FCE) and weighted multi-choice goal programming (WMCGP) approach. The model considers both qualitative and quantitative decision criteria. A real-life case study of the development of an integrated risk-based annual audit plan is presented, and sensitivity analysis is performed to illustrate the validity of the proposed approach. The results indicate that the proposed framework is a useful tool for internal audit planning and the implications of the study can be extended to various selection and allocation problems.