Challenges of Risk-Based Auditing in Non-Financial Domains (Compliance Risk, Operational Risk)
Keywords:
Risk-based auditing, non-financial domains, compliance risk, operational riskAbstract
Risk-based auditing in non-financial domains is considered a crucial tool for risk management and ensuring the achievement of an organization's strategic objectives. The use of appropriate methods and techniques, along with sufficient knowledge and experience in the relevant audit domain, can enhance the efficiency and effectiveness of this type of audit. The aim of this study is to examine the challenges of risk-based auditing in non-financial domains (compliance risk, operational risk). Auditing non-financial risks may encounter resistance to change from employees and management. This resistance may stem from fears of exposing weaknesses or an unwillingness to alter existing procedures. The reporting of risk-based audit findings in non-financial areas must be structured in a way that is comprehensible and useful to management. Reports should include the identification of significant risks, an assessment of the effectiveness of controls, and recommendations for improvement. The findings of the study indicate that risk-based auditing in non-financial domains requires a deep understanding of the business, relevant laws and regulations, and the operational environment. Therefore, based on the study's findings, auditors must possess specific skills and be able to address challenges related to risk identification, assessment, implementation, reporting, and follow-up.
