Risk Based Internal Auditing (RBIA)
The concept of RBIA is premised on internal audit department’s function to assist organisations achieve their objectives. Risk, in this context, is defined as a set of circumstances that hinder the achievement of objectives. It is also worth noting that obeying applicable laws and regulations is also one of the objectives of organization and therefore flouting laws and regulations is also a risk.
So for an organization to achieve its objectives, there should first be a clearly defined objective(s) and the associated risks should be identified and documented. Then management should put in place systems to manage these risks. Management of risk goes beyond the traditional internal controls we know which is usually limited to only financials. For example, poor management of examination will lead to leakages in exams questions and students obtaining undeservedly first class. When such thing happens it affects the reputational of the University.
This is a risk none financial risk and management should put in place controls to manage such risk. In Risk Based Internal Auditing therefore, the Audit department covers a wider view of risk and not only financial risk. Fortunately, in our University, a whole department (Quality Assurance & Planning Unit) has been set up to manage all the risks relating to academic issue.
RBIA, is therefore, the process whereby internal audit departments review and provide an independent and objective opinion on how an organization is managing its risk (Financial or otherwise) to acceptable levels.