INTERNATIONAL JOURNAL OF ARTIFICIAL INTELLIGENCE
ISSN: 2692-5206, Impact Factor: 12,23
American Academic publishers, volume 05, issue 05,2025
Journal:
https://www.academicpublishers.org/journals/index.php/ijai
page 1205
THE ROLE OF INTERNAL AUDIT IN ENHANCING RISK AWARENESS
Yuldasheva Saodat Khalmurzaevna
PhD and associate professor at ISFT, department of “Accounting”
Shayakubov Shakabil Karimovich
PhD, associate professor, department of
“Financial analysis”, Tashkent State University of Economics
Annotatsiya:
Ichki audit - bu kompaniyalarga strategik maqsadlariga erishishda yordam berish
uchun mo'ljallangan funktsiya. Hozircha, ichki audit faqat xatolarni topuvchi sifatida ko'rib
chiqiladi, shuning uchun uning funktsiyasi ish bo'limida kamroq qabul qilinadi. Vaqt o'tishi
bilan ichki audit tashkilotda muvofiqlik sinovchisi sifatida qabul qilindi. Ushbu muvofiqlik testi
muvofiqlik tartib-qoidalarini amalga oshirishdan hech qanday real harakatlarsiz rasmiyatchilik
bo'lgan faoliyatga olib keladi.
Kalit so'zlar:
Ichki audit, Risklarni boshqarish, Riskga asoslangan audit
Аннотация:
Внутренний аудит — это функция, призванная помочь компаниям в
достижении их стратегических целей. До сих пор внутренний аудит рассматривался
только как искатель ошибок, поэтому его функция была менее приемлемой в рабочем
подразделении. Со временем внутренний аудит был принят в качестве тестировщика
соответствия в организации. Это тестирование соответствия приводит к действиям,
которые по-прежнему являются формальностью без каких-либо реальных действий по
внедрению процедур соответствия.
Ключевые слова:
Внутренний аудит, Управление рисками, Аудит на основе рисков
Annotation:
Internal audit is a function designed to assist companies in achieving their strategic
goals. So far, internal audit is considered only as a fault finder so that its function is less
acceptable in the work unit. Over time, internal audit has been accepted as a compliance tester
in an organization. This compliance testing results in activities that are still a formality without
any real action from the implementation of compliance procedures.
Keywords:
Internal Audit, Risk Management, Risk Based Audit
Internal Audit is an important function in an organization that is responsible for evaluating and
testing the effectiveness of the internal control system. Currently, the role of the Internal
Auditor is not only limited to examining financial statements, but also involves evaluating the
risks faced by the company from various aspects, including regulatory compliance, alignment
of corporate strategy with functional performance, and mitigating risks related to technological
developments.
Risk awareness in the company is measured through risk profile evaluations conducted by the
internal audit team, as well as the effectiveness of mitigation carried out by each work unit. The
impact of the risk is also assessed to determine the priority of completion. So, risk awareness in
the company is measured through evaluation, mitigation effectiveness, and the impact of the
risks posed.
INTERNATIONAL JOURNAL OF ARTIFICIAL INTELLIGENCE
ISSN: 2692-5206, Impact Factor: 12,23
American Academic publishers, volume 05, issue 05,2025
Journal:
https://www.academicpublishers.org/journals/index.php/ijai
page 1206
In addition, risk awareness in the company is still not effective because there are still risks that
have not been achieved and there are still potential risks that are not well conveyed. Work units
tend to hide existing risks, so risk awareness in the company still needs to be improved.
While there have been efforts to increase risk awareness at the business unit level through
compliance-based audits, this approach does not fully reflect how business units manage risk
from the root cause. In addition, management reticence and lack of support for the Internal
Audit function can also hinder efforts to increase risk awareness throughout the organization.
Therefore, this study aims to explore the Internal Auditor's role in increasing enterprise risk
awareness through a risk-based audit approach. By understanding internal control systems,
identifying and evaluating risk mitigations, and providing operational improvement
recommendations, Internal Auditors can be effective change agents in increasing risk awareness
throughout the organization.
This research will highlight the importance of the Internal Auditor's role in identifying,
evaluating, and managing the risks faced by the company, as well as integrating a risk-based
audit approach into internal audit practice. Thus, this study is expected to provide valuable
insights for practitioners and researchers in the field of internal audit as well as contribute to the
development of literature on risk management and corporate governance.
According to scholars Effectiveness is a measurement of the completion of a certain job in a
task in an organization in achieving its goals, whether or not the work done is successful.
According to scientists, effectiveness basically comes from the word "effect" and is used in this
term as a causal relationship. Effectiveness can be viewed as another variable. Effectiveness
means that the previously planned goals can be achieved or in other words the target is achieved
because of the activity process.
According to Gibson Ivancevich Donnelly's opinion, the measures of organizational
effectiveness are as follows:
1. Production is the organization's ability to produce the quantity and quality of output in
accordance with environmental demand.
2. Efficiency is the ratio between output and input.
3. Satisfaction is a measure to show the degree to which an organization can meet people's
needs.
4. Adaptability is the degree to which an organization can and does respond to internal and
external changes.
5. Development is a measure of an organization's ability to increase its capacity to meet the
demands of society.
Thus it can be explained that the effectiveness of the extent to which an organization can carry
out the level of effectiveness in achieving goals optimally in measuring efficiency capabilities.
According to scholars "Internal audit is an assessment function that is developed freely within
an organization to test and evaluate activities as a form of service to the company's organization.
Internal audit carries out free assessment activities within an organization to review activities in
INTERNATIONAL JOURNAL OF ARTIFICIAL INTELLIGENCE
ISSN: 2692-5206, Impact Factor: 12,23
American Academic publishers, volume 05, issue 05,2025
Journal:
https://www.academicpublishers.org/journals/index.php/ijai
page 1207
accounting, finance and other areas of operation as a basis for providing services to
management.
Internal audit is a systematic and objective examination conducted by internal auditors to
examine and evaluate an organization's activities. By providing objective assessments and
value-enhancing recommendations, internal auditing helps organizations achieve their goals.
Internal audits are usually carried out by an independent unit within the company that is
authorized to conduct an assessment of all work units. The internal audit executor in some
organizations is called the Internal Control System Division (SPI).
In terms of achieving the objectives of internal control of an organization, internal audit is very
important in helping management to assess the adequacy of the design controls that have been
prepared by the organization. When carrying out their duties as part of the control system,
internal auditors must be free from any conflict of interest, honest, objective and have high
integrity.
In achieving the objectives of internal auditors, internal auditors must have the following:
a. Internal auditors have backgrounds in various disciplines and there is no single discipline.
b. According to the IIA, internal audit engagements include "special engagements in internal
auditing, examination activities within the scope of internal auditing, self-assessment
examinations of controls, fraud testing, or consulting. Engagements may include several types
of tasks or activities designed to accomplish one or more specific objectives."
c. Internal auditors are employed by the organization, but are independent of the activities they
audit. Since independence is a must, internal auditors should ideally report directly to the board.
d. Internal auditors must comply with The IIA's (The Institute of Internal Auditors)
International Standards for the Professional Practice of Internal Auditing. Based on the
Management Paper published by
https://pusdiklatwas.bpkp.go.id
by Nurhayanto - Widyaiswara
Pusdiklatwas BPKP, In building a culture of risk awareness, there are several obstacles in
implementing a risk management culture, including:
a. Risk in the public sector is often still seen as something negative, so if it is displayed it is
feared that it will give a bad impression. In fact, if the risk does occur, the impact could be
worse.
b. Risk is seen as a source of wasted costs. Although in general, agency leaders realize that the
costs / losses arising from failure to overcome / mitigate risks that must be borne may be greater.
c. The attraction to the potential for deviation that leads to fraud is considered to provide greater
benefits, so they tend to ignore warnings about the impact of risk. For example, the risk of
direct appointment in the selection of goods and service providers has a high risk of fraud, but
the direct appointment method is chosen by many decision makers.
INTERNATIONAL JOURNAL OF ARTIFICIAL INTELLIGENCE
ISSN: 2692-5206, Impact Factor: 12,23
American Academic publishers, volume 05, issue 05,2025
Journal:
https://www.academicpublishers.org/journals/index.php/ijai
page 1208
d. Weak governance, as controls from both internal and external oversight units are weak and
easily compromised. Risks can arise anywhere in the organization - in different processes,
activities, directorates/business units and geographical locations.
Management at the directorate / business unit level faces risks in their own activities and
therefore must know the risks that affect the goals and objectives of the business units for which
they are responsible.
The research method used was a qualitative approach with a case study. The research involved
data collection through in-depth interviews with internal audit team members and risk managers
at PT X. In addition, data was also collected through direct observation of the internal audit
process and review of audit-related documents and risk reports. Data were analyzed using
thematic analysis techniques to identify patterns and key themes related to internal audit's role
in increasing risk awareness. This approach allowed the researcher to gain an in-depth
understanding of how internal audit contributes to risk management and how its effectiveness
can be improved at PT X.
Based on the results of interviews with respondents mentioned earlier, risk awareness in the
Business Operations division is still not fully effective. Based on the results of interviews from
R3, related to the role of internal audit:
The role of internal audit is to evaluate the risk profile that has been prepared, assess the
effectiveness of the measures taken, and set priorities for completion based on the impact of the
risks identified....
From the interview above, it is known that the role of internal audit is to evaluate
each risk profile that has been prepared in the work unit. This indicates that the role of internal
audit is quite important in helping the company to identify risks that may arise in the work unit.
R1 said there were obstacles encountered when conducting audits at one audit object:
There is one work unit that is still not fully aware of risks. This work unit also does not report
what the risks are in its work unit due to the ignorance of the unit and in terms of informing the
risks that exist in its work unit, the work unit says that there are no such risks...
From the statement above, it is known that not all audit objects in Operational Business have
risk awareness of potential risks in their work units. The risk-based audit process provides an
overview of the risks in the audited work unit, where this risk overview is obtained from the
Risk Management work unit. Auditors and the Risk Management unit also hold discussions if
there is something that needs to be discussed.
The respondent auditor has also been one of the employees in the work unit being audited, then
the team leader will ask the auditor in question if he can do his job without any embarrassment.
If not, then the Internal Audit leader will appoint another auditor who does not have a conflict
of interest to audit the work unit. If the auditor expresses his willingness to be able to audit
without hesitation, then the auditor is still placed in the work unit to become an auditor and
accompanied by other auditors or team leaders if at any time in the middle of the fieldwork the
auditor concerned feels reluctant or reluctant.
INTERNATIONAL JOURNAL OF ARTIFICIAL INTELLIGENCE
ISSN: 2692-5206, Impact Factor: 12,23
American Academic publishers, volume 05, issue 05,2025
Journal:
https://www.academicpublishers.org/journals/index.php/ijai
page 1209
From his statement above, it can be concluded that risk awareness in the Business Operations
division is still not fully effective. This is shown by the fact that one work unit is not fully
aware of the risks involved and does not even report these risks. This indicates a deficiency in
the risk management process in that work unit. The risk-based audit process is intended to
provide a clear picture of the risks present in the audited work unit. However, in this case, it
appears that the risk picture obtained from Risk Management does not always reflect the actual
risk awareness in the work unit.
There is a good practice in dealing with conflicts of interest, which is to appoint another auditor
if the auditor who has a conflict of interest with the audited work unit is unable to perform his
duties without embarrassment. However, it is also important to ensure that the appointed
auditor has the same qualifications and can provide an objective assessment.
The importance of open communication between auditors and Risk Management, as well as the
ability of auditors to perform their duties without any embarrassment or conflict of interest.
This demonstrates the importance of auditor integrity and independence in performing their
audit duties.
In this analysis, it can be seen that there is still room for improvement in risk awareness and
risk management processes in the Business Operations division. Better communication between
auditors and Risk Management as well as increased risk awareness in the audited work units
can help improve the overall effectiveness of risk management.
In terms of risk-based auditing in the Infrastructure, IT and Project audit objects, according to
respondents who are senior auditors, lecturers and also have CIA certification, the auditees have
good risk awareness. According to the respondents, risk based auditing is very influential on
risk awareness in the work unit that is the object of the audit.
Recurring findings still remain, but are monitored by the auditors. In addition, there are regular
meetings with Management, the Audit Committee and also the Board of Commissioners.
Findings that often arise are mostly from stalled projects where sometimes project leaders are
constrained by vendors, especially during a pandemic, where many projects are abandoned, no
income from the company because there are no flights during the pandemic but the company's
costs continue to run and other obstacles such as cyber attacks on a scale that is not too high but
can make the company not run optimally.
Based on the results of the interview with respondent R1: "........ Internal audit has an important
role in evaluating risks in the company, providing input to the internal audit function, and
providing a second opinion on risk mitigation carried out by management. Internal audit also
assists in determining high, medium, and low risks and allocating appropriate resources to
address these risks." ..........."
From the interview with respondent R1, it is stated that the internal role is very important in
providing input related to risk mitigation. Regarding human resources in internal audit, R1 said:
INTERNATIONAL JOURNAL OF ARTIFICIAL INTELLIGENCE
ISSN: 2692-5206, Impact Factor: 12,23
American Academic publishers, volume 05, issue 05,2025
Journal:
https://www.academicpublishers.org/journals/index.php/ijai
page 1210
" Human resources in internal audit must always be developed through training and competency
development in order to be able to deal with existing risks properly. .....".
In the statement above, it is found that an internal audit must continuously develop himself to
be able to face increasingly complex risks in the future. Regarding risk awareness, R1 said:
".........The risk awareness factor can be influenced by how often the risk is evaluated, how high
the risk is, and how effective the mitigation is carried out by risk management...... I think risk
awareness is good............"
According to R1, risk awareness in his audit object is good and adequate because the audit
object he audits has risk mitigation for every risk it faces. In project audits, a more
comprehensive approach is also needed if the work unit has difficulties in finalizing the project
due to matters outside the company. From the above statements submitted by respondents, the
following analysis results are related to work unit risk awareness in conducting audits:
a. Good Risk Awareness: Respondents stated that auditees in the Infrastructure, IT, and Project
work units have good risk awareness. This indicates that the efforts in implementing risk
management practices have been successful, and the work units have a good understanding of
the risks faced.
b. Effective Risk-Based Audits: There is an emphasis on the importance of risk-based audits in
increasing risk awareness in the work unit. This indicates that the audit process had a significant
impact on improving the understanding and awareness of risk in the unit.
c. Follow-up on Findings: Despite repeated findings, the auditor continues to monitor and
follow up on the findings. This shows a commitment to continuously improve and enhance
conditions in the audited work unit.
d. Cooperation with Management: Regular meetings with Management, the Audit Committee,
and the Board of Commissioners demonstrate good cooperation between the audit team and
relevant parties in ensuring effective risk management.
e. Challenges during the Pandemic: There are challenges faced by work units related to stalled
projects during the pandemic, such as issues with vendors and cyberattacks. This shows the
importance of considering external factors, such as force majeure, in risk management and
project handling.
f. Comprehensive Approach in Project Auditing: Auditing projects requires a more
comprehensive approach, especially when work units experience difficulties in completing
projects due to external factors. This shows the importance of flexibility and deep
understanding in auditing projects in a dynamic environment.
Overall, the interviews showed that Infrastructure, IT, and Project audit objects have achieved a
good level of risk awareness, but still need to face challenges related to external conditions such
as the pandemic. This shows the importance of a holistic approach, which emphasizes balance
INTERNATIONAL JOURNAL OF ARTIFICIAL INTELLIGENCE
ISSN: 2692-5206, Impact Factor: 12,23
American Academic publishers, volume 05, issue 05,2025
Journal:
https://www.academicpublishers.org/journals/index.php/ijai
page 1211
and harmony between aspects and adaptability in risk management and audit execution in
complex organizational environments.
Based on the results of interviews with senior auditors who are also fraud investigators, where
the audit object as an internal auditor is Business and Supporting, risk-based auditing has an
important role in terms of increasing the risk awareness of auditees who are the object of the
audit. The auditor together with the Risk Management work unit will evaluate each risk and
also as a reference material in preparing the next year's audit plan. Based on the results of the
interview, respondent R2 stated regarding the role of the internal auditor: ".................The role
of internal auditors in SPI is to evaluate governance, risks set by management, operational unit
functions, and controls against existing regulations......." The results of this interview
emphasized the role of internal auditors to conduct evaluations in accordance with the
directions as set by management."
Regarding risk awareness, R2 said: "............ risk awareness has not been effective because
there are still some potential risks that have not been included in the potential risks submitted,
such as loss of income in the work unit sector. In addition, there is a tendency to hide risks
(hidden risk) and a lack of effective internal control supervision." From the results of the
respondent's interview, the following is an analysis of the respondent's statement:
a. Importance of Risk-Based Auditing: Risk-based auditing plays a key role in raising risk
awareness in Business and Supporting audit objects. This process helps identify existing risks
and provides the basis for developing an effective audit plan.
b. Challenges in Risk Awareness Evaluation: Despite efforts to improve risk awareness, the
evaluation shows that there are still work units that are not fully effective in informing potential
risks. This indicates the need to improve communication and cooperation between work units
and Risk Management.
c. Risk Concealment: The concealment of risks by work units can be a serious obstacle to
achieving the company's strategic objectives. This emphasizes the importance of transparency
and openness in reporting risks, and the importance of auditors to ensure that risks are identified
and managed properly.
d. Communication and Consultation Approach: The auditors adopted an inclusive approach by
conducting discussions and consultations with the Risk Management unit and related work units.
This helps build awareness and understanding of the importance of informing potential risks
and ways to mitigate them.
e. Auditor's Role in Driving Transparency: Auditors play an important role in driving
transparency and accountability in work units by ensuring that potential risks are identified,
reported and appropriately addressed. This underscores the importance of the auditor's role in
maintaining integrity and compliance in enterprise risk management.
Regarding human resources, R2 said: "...........Internal auditors must maintain independence and
integrity in conducting risk-based audits by not accepting offers or gifts from the audited party,
INTERNATIONAL JOURNAL OF ARTIFICIAL INTELLIGENCE
ISSN: 2692-5206, Impact Factor: 12,23
American Academic publishers, volume 05, issue 05,2025
Journal:
https://www.academicpublishers.org/journals/index.php/ijai
page 1212
paying for their own meals or activities outside the audit, and staying focused on objective
evaluation without being influenced by personal relationships or other interests........."
Regarding human resources, an internal auditor must have high integrity, keep himself
independent and refuse various gifts that can interfere with his integrity as an internal auditor.
According to respondent R2, regarding risk mitigation: "........ how risk mitigation is carried out
by evaluating existing risks, then finding solutions or steps to reduce or eliminate these risks.
After that, reporting is done to management or related parties for further action...".
Overall, the interviews show that there are still challenges in raising risk awareness in Business
and Supporting audit objects, but an inclusive communication and consultation approach can
help overcome these barriers. Collaboration between auditors, Risk Management, and work
units is needed to ensure that risks are identified, reported, and managed effectively.
The conclusion of this study shows that internal audit has an important role in increasing risk
awareness throughout the organization, although not all audit objects in the Operational
Business have risk awareness of potential risks in their work units. The risk-based audit process
provides a clear picture of the risks in the audited work unit, with the risk picture obtained from
collaboration with the Risk Management unit. Auditors and the Risk Management unit actively
discuss to resolve matters that require special attention. However, there are challenges in raising
risk awareness, especially in Business and Supporting audit objects. Nonetheless, an inclusive
communication and consultation approach is expected to help overcome these barriers.
Cooperation between auditors, Risk Management, and work units is necessary to ensure that
risks are identified, reported, and managed effectively, creating a more risk-responsive
environment.
References:
1.
Audit: textbook. Edited by R.P. Bulyga. –M.: “UNITY – DANA”, - 2009. – 431 p.
2.
S.M. Bychkova, T.Yu. Fomina. Practical audit. –M. UNITY-DANA, 2009. -176 p.
3.
Internal audit and control. Organization of internal audit in the context of economic crisis:
textbook / V.V. Pugachev. - M.: Delo i Servis, 2010. - 224 p.
4.
Internal audit /S.I. Zhminko, O.I. Shvyreva, M.F. Safonova. - Rostov n / D: Phoenix, 2008.
- 316 p.
5.
M.E. Gracheva. International Standards on Auditing (ISA): Textbook. - M.: PRIOR
Publishing House, 2005. - 100 p.
6.
Zharyglasova B. T. International Standards of Auditing. Textbook. - M.: NORUS, 2005. -
400 p.
7.
Evdokimova A. V., Pashkina I. N. Internal Audit and Control of Financial and Economic
Activities of an Organization: Practical Guide /. - M.: Publishing and Trading Corporation
"Dashkov I K", 2010, - 208 p.
8.
Podolsky V. Audit. Textbook. - M.: Publishing House Yurait, 2010. - 605 p.
9.
Pugachev V. V. Internal Audit and Control. Organization of Internal Audit in the Context of
Economic Crisis: textbook. - M.: Delo i Servis, 2010. - 224 p.
10.
Collection of methodological guidelines on audit / H. Kasymov, L. Yugay, A. Khoshimova,
INTERNATIONAL JOURNAL OF ARTIFICIAL INTELLIGENCE
ISSN: 2692-5206, Impact Factor: 12,23
American Academic publishers, volume 05, issue 05,2025
Journal:
https://www.academicpublishers.org/journals/index.php/ijai
page 1213
B. Pardaev - T.: Infocom.UZ,-2010-312 p.
11.
Sotnikova L. V. Internal control and audit. Textbook. - M.: ZAO Finstatinform, 2000. - 239
p.
12.
Sheremet A., Suits V. Audit. Textbook. - M.: “INFRA-M”, 2009. - 448 p.
