Auditing an Internal Audit Function Incorporating Risk- and Knowledge Management Practices to Achieve an Effective Internal Auditing

Abstract

The purpose of this thesis is to explore improvements for conducting internal audits by incorporating risk- and knowledge management theories into the process. This thesis employed a qualitative research design focusing on internal auditing within the Swedish Transport Administration, a public organization. Using a case study method, the research included interviews, observation, and documentation to collect data. The aim of the case study was to explore how current practices of internal auditing can be improved by risk- and knowledge management practices. Findings show that the internal auditing within the Swedish Transport Administration has a well-established documentation of processes, outlining a structured approach describing what to achieve. However, in analyzing the results, it is evident that certain activities lack clear instructions on how to perform these activities, such as the supplementary risk analysis. In conclusion, this research found that while the internal audit process is well-documented, some activities lack standardized procedures, leading to individual ways of performing these activities. Implementing the Plan-Do-Study-Act cycle to the audit process and adopting knowledge management practices can establish common ways of working and facilitate continuous improvement. Furthermore, conducting risk assessments in the engagement planning through a proposed model can facilitate in defining scope and orientation for the audit engagement.