A Review on Risk-Based Audit Approach: Malaysian Public Sector’s Perspective

  • Noor Afza Amran Universiti Utara Malaysia
  • Mazrah Malek Universiti Utara Malaysia
  • Mohamad Sharofi Ismail Universiti Utara Malaysia
  • Mohamad Naimi Mohamad Nor Universiti Utara Malaysia


Purpose: This study aims to understand the Risk-Based Audit (RBA) approach, the advantages of RBA, RBA in the Malaysian public sector, and the issues and challenges inimplementing RBA in the Malaysian public sector.

Design/ Methodology/ Approach: A library search and evaluation of earlier literature reviews were conducted on the topic of RBA and internal auditing that covers online and print sources, journal articles, newspaper articles, and official legal documents.

Findings: RBA is a methodology that provides an independent and objective opinion to an organisation's management, determining whether the management of its risks is on acceptable levels. The strength of RBA lies in the distinct nature of this audit approach, which focuses on the business risk and factors triggering the risk and resulting in a more effective and efficient audit. Several issues and challenges were identified in the implementation of RBA, especially in Malaysia: (1) legislation requirements; (2) lack of resources; (3) limited access to data; and (4) duplication of work.

Research Limitations/ Implications: The data pertaining to public sector internal audit reports are considered confidential and sensitive. This aspect placed limitations on the depth of the collected insights. This study also focused on the data obtained mainly from secondary sources, leading to results that cannot be generalised to other countries.

Practical Implications: Findings from the document review and identification of current problems may offer indications to the Accountant General's Department of Malaysia (AGD) on the current usage of RBA. Therefore, subsequent actions are required to improve internal audit work.

Originality/ Value: This study discussed the current state of RBA applied by the internal auditors in the Malaysian public sector. This finding may encourage future researchers to highlight the methods of integrating a comprehensive RBA that would fulfil the 3Es (effective, efficient, and economy) for the benefit of internal auditors, particularly in the Malaysian public sector.


Ahmad, H., Othman, R., Othman R., & Jusoff, K. (2009). The effectiveness of internal audit in Malaysian public sector. Journal of Modern Accounting and Auditing, 5(9), 53-62.

Alias, N., & Saad, N. M. (2020). Internal audit independence in the Malaysian public sector: The challenges. Journal of Financial Reporting and Accounting, 18(1), 1-16.

American Institute of Certified Public Accountants. (AICPA) (2013). AICPA professional standards (clarified). Available at http://www.aicpa.org/

Bell, T., Peecher, M. E., & Solomon, I. (2005). The 21st century public company audit: Conceptual elements of KPMG’s global audit methodology. KPMG LLP.

Chartered Institute of Internal Auditors. (2023). Risk based internal auditing. Retrieved from: https://www.iia.org.uk/resources/risk-management

Chaudhari, S. (2017). A guide to risk-based internal audit system in banks. Notion Press.

Cheong, C. S., Azam, M. S., & Ahmad, M. (2020). The role of internal audit in enhancing governance in the Malaysian public sector. Journal of Financial Crime, 27(1), 168-182.

Committee of Sponsoring Organizations of the Treadway Commission (COSO). (2013). Internal control-integrated framework. Retrieved from Framework-Executive-Summary.pdf (SECURED) (coso.org)

DiMaggio, P. J., & Powell, W. W. (1983). The Iron Cage revisited: Institutional isomorphism and collective rationality in organizational fields. American Sociological Review, 48(2), 147-160. https://doi.org/10.2307/2095101

Federal Constitution of Malaysia. (1963). Laws of Malaysia. Retrieved from https://www.jac.gov.my/spk/images/stories/10_akta/ perlembagaan_persekutuan/federal_constitution.pdf

Fogarty, T. J. (1996). The imagery and reality of peer review in the US: Insights from Institutional Theory. Accounting, Organizations and Society, 21(2/3), 243-267.

Gibson, M. S. (2003). Is corporate governance ineffective in emerging markets?. Journal of Financial and Quantitative Analysis, 38(1), 231-250.

Gerasimova, L. N., Parasotskaya, N. N., & Dvoretskava, V. V. (2019). Financial analysis in budgetary institutions. Revista Inclusiones, 6(Sp), 244-256.

Goodwin-Stewart, J., & Kent, P. (2006). The use of internal audit by Australian companies. Managerial Auditing Journal, 21(1), 81-101.

Government Transformation Programme (GTP). (2010). Retrieved from http://lib.perdana. org.my/PLF/ GOVERNMENT%20PUBLICATION/ Government%20Transformation%20Programme/GTP2_ENG_Cp1.pdf

Institute of Chartered Accountants of Australia. (2011). Developing a risk-based internal audit plan. Available at:http://www.theiia.org/en/ content/guidance/recommended/ supplemental/practice-guides/developing-a-risk-based-internal-audit-plan

International Auditing and Assurance Standards Board (IAASB). (2013). International standard on auditing. Available at www.ifac.org/auditing-assurance.

Jabatan Audit Negara. (2014). Pengauditan sektor awam Malaysia- Sepintas lalu. Available at: https://www.audit.gov.my/images/PDF/2014/ Pengauditan/bm%20 pengauditan%20sektor%20awam%20malaysia%20sepintas%20lalu-1_opt.pdf

Johari, N. N., & Zainuddin, Y. (2018). Perception of internal audit effectiveness in the Malaysian public sector: The impact of cultural differences. Journal of Public Administration and Governance, 8(2), 227-239.

Knechel, W. R. (2007). The business risk audit: Origins and obstacles (and opportunities?). Accounting, Organizations, and Society, 32(4/5), 383-408.

Le, T. T., Nguyen, T. M. A., Do, V. D., & Ngo, T. H. C. (2022). Risk-based approach and quality of independent audit using structure equation modeling: Evidence from Vietnam. European Research on Management and Business Economics, 28(3), 1-11.

Lois, P., Drogalas, G., Nerantzidis, M., Georgiou, I., & Gkampeta, E. (2021). Risk-based internal audit: Factors related to its implementation. Corporate Governance, 21(4). 645-662.

Lutta, S. E. (2012). Determinants of adoption of risk-based audit in public sector in Kenya. Unpublished MBA Project, University of Nairobi.

Messier Jr., W. F. (2014). Teaching and educational notes. An approach to learning risk-based auditing. Journal of Accounting Education, 32(3), 276-287. Available at: http:// dx.doi.org/10.1016/j.jaccedu.2014.06.003

Meyer, J. W., & Scott, W. R. (1983). Organizational Environments. Beverly Hills, CA: Sage Publications.

Mohd Noor, N. R., & Mansor, N. (2018). A conceptual study on the internal audit effectiveness in Malaysian public sector agencies. In: Extended Abstract of Kelantan International Learning and Innovation Exhibition 2018 (KILIEX 2018). Enhancing Commercialisation Through Innovation. Universiti Teknologi MARA Cawangan Kelantan, Kota Bharu Kelantan, 7-12. ISBN 9789671672006

MS ISO 31000. (2009). Risk management. Retrieved from: https://www.iso.org/iso-31000 -risk-management. html/

Noor, M. A. M., & Zakaria, N. A. (2016). The impact of internal audit resources on internal audit effectiveness in Malaysian public sector organizations. Procedia Economics and Finance, 37, 329-335.

Noor, M. A. M., Zakaria, N. A., & Hossain, M. A. (2019). The effect of competency and professionalism on the performance of internal auditors in Malaysian public sector organizations. Journal of Financial Crime, 26(3), 788-803.

The Orange Book. (2023). Management of risk - Principles and concepts. October 2004, HM Treasury. Available at: www.hm-treasury.gov.uk

Public Company Accounting Oversight Board (PCAOB). (2013). PCAOB auditing standards. http://www.sec.gov/rules/pcaob/pcaobarchieve/pcaob2013

Rafidah M. R. (2023, January 18). Menteri pastikan ketirisan tidak berulang - Anwar. Berita Harian Online. https://www.bharian.com.my/berita/ nasional/2023/01/1053392/ menteri-pastikan-ketirisan-tidak-berulang-anwar

Saad, N. M., & Alias, N. (2020). Challenges faced by the Malaysian public sector internal audit: A review. Journal of Accounting and Finance in Emerging Economies, 6(1), 1-13.

Sahaib, R. M. (2023). The role of risk-based auditing in enhancing the informational content of financial reports. World Economics and Finance Bulletin, 22, 42-66. Retrieved from https://scholarexpress.net/index.php/wefb/article/view/2670

Transparency International. (2022). Corruption Perception Index. https://www.transparency.org/en/countries/malaysia

Wan Mohd Radzi, W. S. (2023, January 10). Perkemas integriti audit dalaman. Available at:https://www.iim.gov.my/wp-content/uploads/2022/09/Sinar-Harian_10.1.2023.pdf

Wan Mohd Radzi, W. S. (2023, January 13). Audit dalaman organisasi kurangkan risiko pekerja rasuah. Available at: https://www.iim.gov.my/wp-content/uploads/2022/09/Berita-Harian_13.1.2023.pdf

Wang, X., Ferreira, F. A. F., & Yan, P. (2023). A multi-objective optimization approach for integrated risk-based internal audit planning. Ann Oper Res. https://doi.org/10.1007/ s10479-023-05228-2
How to Cite
AMRAN, Noor Afza et al. A Review on Risk-Based Audit Approach: Malaysian Public Sector’s Perspective. IPN JOURNAL OF RESEARCH AND PRACTICE IN PUBLIC SECTOR ACCOUNTING AND MANAGEMENT, [S.l.], v. 13, n. 2, p. 85-108, dec. 2023. ISSN 2682-9347. Available at: <https://myjms.mohe.gov.my/index.php/jrpam/article/view/25088>. Date accessed: 30 may 2024.

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.