top of page

Risk Based Internal Auditing for the Greatest Bang for your Buck

Updated: Apr 23, 2020

In this video, I'm going to talk about the best method of internal auditing that will work best for your organisation and provide the greatest return on investment from your audit process.

Risk Based Internal Auditing

Firstly, you need to start with the end in mind, what's the purpose of internal auditing? What do you want to gain from it? You want to get improvement. If it's just purely about certification, you're not going to gain anything from it.

Our suggestion is that we need to understand how we can drive these improvements in our organisation through our internal audit program.


When looking at the internal audit schedule, this is traditionally a process of auditing all of our procedures in the organisation.

However, what benefit do we really get from that? Because most businesses, they comply with their procedures, they meet the requirements.

We really need to have a risk-based internal audit schedule: What are the problems that we suffer from in our organisation? Where are the areas where risk brings us errors?


We must understand our business processes in detail in order to really effectively write an internal audit schedule. Once you have all your business processes and understand the risks of those processes, you want to rate them, so you understand where the low risk processes are, medium risk processes and high-risk processes.

If we do that, then we can start to schedule audits in a way that will best benefit our organisation, not a certification body but our business.

By doing this, we look at an internal audit schedule spread over a three year cycle.

You may want to consider:

  1. Low risk processes being audited once in that three year cycle, if at all

  2. Medium risk processes every 18 months

  3. High risk processes every 3 / 6 / 9 months

The high risk processes are the ones which can cause us the greatest harm if we don't put the best control in place.

If we do that, we can have a much more effective internal audit schedule. And we can work with our teams to drive that and improve that based on error that we have in our business.


If you like this video, please subscribe to our YouTube Channel to keep up to date with other videos we create.

113 views0 comments

Recent Posts

See All


bottom of page