ABSTRACT
Purpose: This study aims to understand the Risk-Based Audit (RBA) approach, the advantages of RBA, RBA in the Malaysian public sector, and
the issues and challenges inimplementing RBA in the Malaysian public sector.
Design/Methodology/Approach: A library search and evaluation of earlier literature reviews were conducted on the topic of RBA and internal auditing that covers online and print sources, journal articles, newspaper articles, and official legal documents..
Findings: RBA is a methodology that provides an independent and objective opinion to an organisation’s management, determining whether the management of its risks is on acceptable levels. The strength of RBA lies in the distinct nature of this audit approach, which focuses on the business risk and factors triggering the risk and resulting in a more effective and efficient audit. Several issues and challenges were identified in the implementation of RBA, especially in Malaysia: (1) legislation requirements; (2) lack of resources; (3) limited access to data; and (4) duplication of work.
Research Limitations/Implications: The data pertaining to public sector internal audit reports are considered confidential and sensitive. This aspect placed limitations on the depth of the collected insights. This study also focused on the data obtained mainly from secondary sources, leading to results that cannot be generalised to other countries.
Practical Implications: Findings from the document review and identification of current problems may offer indications to the Accountant General’s Department of Malaysia (AGD) on the current usage of RBA. Therefore, subsequent actions are required to improve internal audit work.
Originality/Value: This study discussed the current state of RBA applied by the internal auditors in the Malaysian public sector. This finding may encourage future researchers to highlight the methods of integrating a comprehensive RBA that would fulfil the 3Es (effective, efficient, and economy) for the benefit of internal auditors, particularly in the Malaysian public sector.
Keywords: Risk, internal audit, public sector, Accountant General’s Department of Malaysia (AGD).