A Comparison Study of Risk-based Auditing in Four Developed Countries
Vol. 14, No. 1, 2024, pp. 59 – 74


: Noor Afza Amran, Mazrah Malek, Mohd Sharofi Ismail, Mohamad Naimi Mohamad Nor


Purpose: This study aimed to identify and compare the best practices of a risk-based audit (RBA) approach used in four developed countries.

Design / Methodology / Approach: A thorough library search and examination of the literature on the RBA approach was conducted. Denmark, Australia, Canada, and the United Kingdom were selected based on their excellent positions in the Corruption Perception Index 2022 ranking.

Findings: The four countries adopted the Institute of Internal Audit standards in conducting their RBA. All four countries, except Denmark, used the ISO 31000:2018 as a guidance framework. Furthermore, the four countries used comparable risk determination, assessment, and control techniques. Additionally, the RBA risk governance structure of the four countries is based on the Three Lines of Defence concept.

Research Limitations /  Implications: Most of the data were from secondary sources. Only four countries were compared and were selected using only one index. Additionally, the study focused on internal auditing practices as a public governance tool.

Practical Implications: The results presented the opportunity for government internal auditors to reconsider and enhance auditing procedures to increase public sector delivery system efficacy.

Originality / Value: This article covers the RBA used by internal auditors in four developed countries. The results could catalyse investigations into the efficacy and best practices of additional elements in public sector governance.

Keywords: Risk-based audit, internal audit, public sector, governance, risk management