Skip Ribbon Commands
Skip to main content
Global Institute of Internal AuditorsBreadcrumb SeparatorStandards and GuidanceBreadcrumb SeparatorRecommended GuidanceBreadcrumb SeparatorPractice GuidesBreadcrumb SeparatorDeveloping a Risk-based Internal Audit Plan

Practice Guide: Developing a Risk-based Internal Audit Plan
Recommended Guidance 

Practice Guide: Developing a Risk-based Internal Audit PlanIn today’s unprecedented environment, effective internal auditing requires thorough planning coupled with nimble responsiveness to quickly changing risks. To add value and improve an organization’s effectiveness, internal audit priorities should align with the organization’s objectives and should address the risks with the greatest potential to affect the organization’s ability to achieve its goals.

Ensuring alignment between internal audit priorities and the organization’s objectives is the essence of Standards 2010 – Planning, 2010.A1, 2010.A2, and 2010.C1, which task the chief audit executive (CAE) with the responsibility of developing a plan of internal audit engagements based on a risk assessment.

This practice guide will help the CAE and internal auditors create and maintain a risk-based internal audit plan. The guide describes a systematic approach to:

  • Understand the organization.
  • Identify, assess, and prioritize risks.
  • Coordinate with other providers.
  • Estimate resources.
  • Propose the plan and solicit feedback.
  • Finalize and communicate the plan.
  • Assess risks continuously.
  • Update the plan and communicate updates.


Downloads and Links

Members OnlyEnglish Portuguese Slovenian Thai Turkish

Practice Guides are restricted to IIA members only.

Non-members may purchase this Practice Guide from the IIA Bookstore.

An updated edition of the International Professional Practices Framework (IPPF) guide, more commonly known as the Red Book, is now available. Visit the IIA Bookstore for more information.