Level Up: Risk Based-Auditing

Early maturity audit teams have traditionally relied on manual systems, with reporting and communication on an infrequent or ad hoc basis due to the effort required. They are therefore unable to track and respond to changes within the underlying risk profile of the organisation, particularly in adapting the audit plan, which itself increases organisational risk.

A sustainable, risk-based approach to internal audit is crucial to ensuring cohesiveness and clarity within your internal audit department and the organisation as a whole.


The IIA internal audit maturity model provides a reliable and comprehensive scale that allows you to assess the overall maturity level of your audit team and identify actions you can take to advance by improving in some of the key areas and characteristics they have specified. By their definition, internal audit departments can be at a variety of stages of maturity:

  • Initial
  • Repeatable
  • Defined
  • Managed
  • Optimised



Looking at and planning for emerging risks is a critical business priority, and is a deciding factor in audit teams being able to move up the audit maturity scale.

Pentana Audit enables you to adopt a far more strategic audit methodology, where the risk assessment process is the key driver of the audit plan. It also allows you to undertake risk assessment from an enterprise-wide perspective, and to re-evaluate those processes on a continuous basis.

Pentana Audit follows a “golden thread” structure, where each and every process, risk, control and test is linked to allow for a continuous risk assessment process. This ensures that data is continuously monitored and reliable, whilst the ability to be able to drill down on every risk, control and test makes sure that proactive steps are being taken to manage risk effectively.

The Risk and Control features of Pentana Audit provide very powerful visual devices so you can clearly validate results and see where action needs to be taken. And with Pentana Audit’s Risk Exposure and Control Coverage screens, reviewing your risk score and comparing it to your organisation’s risk appetite could not be simpler.

Pentana Audit’s Risk Exposure screen allows you to easily find and analyse those areas with the highest level of risk, as well as drill down into process areas and organisational units for more specific detail.

According to IIA guidelines, mature internal audit teams must be able to demonstrate that the functions, objectives and priorities of internal audit align consistently with those of senior management. The Risk Exposure screen allows a far more fluid approach to auditing, easily modifying your plan to constantly evolve as and when new potential risks surface. This approach is the best way of providing the all-important assurance that senior management need.

The Control Coverage screen allows you to quickly and easily assess the effectiveness of your controls across the audit universe, which is vital to mature audit teams looking to facilitate a continuous audit process.

Pentana Audit also comes equipped with a full library of risks, controls and tests that follow the COSO framework and which can be customised to include risks, controls and tests that are unique to your organisation.

Ideagen understand and appreciate that for less mature audit teams, the journey to the Managed or Optimised stage of the IIA audit maturity model will take time to fully realise. This is why Pentana Audit has been designed to be one of the most configurable audit automation software solutions on the market, and allows auditors to use as many or as little of the vast array of features as they like, depending on their specific requirements.



The journey towards audit maturity will be different for every internal audit team, but advancing will require you to take a strategic look at risk management and its role within your department.

Pentana Audit can provide the means to establish a focus on risk, whether you are already a mature audit team looking to improve, or you aspire to develop a more risk-conscious approach to audit:

  • Utilise risk and control reporting to establish full visibility of potential threats
  • Take immediate action on issues and adopt a risk-based strategic audit methodology
  • Take advantage of Ideagen’s vast auditing experience to guide your journey to audit maturity
  • Use Pentana Audit from planning, execution, collation and reporting, through to follow-up


Download the Level Up: Risk Based-Auditing whitepaper.

Download now