Factors influencing the implementation of risk-based auditing

Abstract

PurposeThe purpose of this paper is to examine, from the agency perspective, the influence of internal audit and audit committee attributes, as well as risk management and internal control systems, on the implementation of risk-based auditing among public-listed companies in Malaysia.Design/methodology/approachA questionnaire survey was distributed to the in-house internal audit function in approximately 620 public-listed companies. Consequently, data from 117 heads of the internal audit function was collected and analyzed.FindingsThe findings indicate that “audit committee review and concern” and “risk management system” are significantly and positively related to the implementation of risk-based auditing. Most importantly, the results indicate the importance of audit committee inputs and concerns in reviewing internal audit activities. Empirically, the findings also suggest that a more formalized risk environment would foster the existence of a strong risk-aware culture and hence provides a strong foundation for internal audit to implement risk-based auditing. However, internal audit experience, size of internal audit function, audit committee qualifications, and internal control system are not found to be significant predictors of the presence of risk-based auditing.Research limitations/implicationsThis study examined only risk-based auditing practices in the in-house internal audit function of public-listed companies; hence, the findings cannot be generalized to all Malaysian-listed companies that outsource or co-source their internal audit activities.Social implicationsAn effective internal monitoring mechanism and better quality of internal audit work will minimize potential risks that prevent the achievement of company objectives, reduce propensity to falsify financial information, and improve financial reporting quality.Originality/valueThis study contributes evidence concerning the relationship between internal monitoring mechanisms and the implementation of risk-based auditing among in-house internal audit activity.