Internal Audit department or activities, referring to the internal audit activities that outsource by the entity, which exists as the result of the risk management and risk response by the entity or the department that internally establish by the entity itself which is control by the Board or Committee.

As per IPPF, 2120 –Risk Management, the internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes.

The standard requires, to make sure that the internal audit activities could positively effect on the organization to manage the risk and the way management manage the risk in the organization, audit activities have to have to ongoing internal audit planning on evaluating how effectively manage the risks that most likely happened to the company.

The internal audit has to have properly understood and documents all kinds of risks that probably happened and how management responds to those risks.

It was also important to assess how the organization risks input and communication those risks that happened and most likely happened to its Board of Directors.

Based on IPPE 2130—Control, The internal activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement.

It is the auditor to assess and evaluate how effectively management manages the risks management program in the organization. As stated, the risk management in the organizations has to continuously manage, not just one-off.

2130.A1 – The audit activity must evaluate the adequacy and effectiveness of controls in responding to risks within the organization’s governance, operations, and information systems regarding the:

  • Achievement of the organization’s strategic objectives;
  • Reliability and integrity of financial and operational information;
  • Effectiveness and efficiency of operations and programs;
  • Safeguarding of assets; and
  • Compliance with laws, regulations, policies, procedures, and contracts.
  • C1 – Internal auditors must incorporate knowledge of controls gained from consulting engagements into the evaluation of the organization’s control processes.
Related article  Does Internal Audit Provide Its Opinion?


Internal Audit plays a very important rule in Risks Management in the entity.

The internal audit requires assessing the effectiveness and efficiency of risk management done by the management team and board.

Once the assessment is done, proper planning needs to be done and the ongoing plan needs to establish and maintain.

All of the audit activities and recommendations need to make sure that they added value to the organization and help it to archive its goal, improve the integrity of Financial Report, comply with relevance regulation, and safeguard assets.