[摘要] English: Many factors have played and are still playing contributing roles as to why internalauditors need to perform internal audit engagements more effectively and efficiently. Theinternal audit profession finds itself within a rapidly changing environment. The externalfactors affecting the profession include the various pieces of new guidance andlegislation that are constantly being issued, the current global financial crisis, theoccurrence of corporate and public scandals and the increased globalisation of thebusiness environment, to name but a few. Internal factors within the organisation includemanagement's increased demand for internal auditing to add value, the enhancement ofcoordination between all the various assurance providers, such as the external andinternal auditors, and the increased role of internal auditing in assisting with themanagement of risks that threaten the achievement of the organisation's objectives.Within this environment the internal audit profession is growing at a tremendous rate, butat the same time it is reported that there is still a scarcity of competent internal auditors,especially in the fields of information technology and risk management. The Institute ofInternal Auditors, as the governing body of the profession, is attempting to address thisneed by continuously issuing new professional guidance and performing researchstudies to provide its members with information and direction.This study investigates the evolution of the internal audit profession as well as theconcepts of corporate governance and risk management, and the role of internal auditingwithin these fields. It specifically focuses on how internal auditors can incorporate risk inthe execution of an internal audit engagement to improve their methodology; thusperforming engagements more effectively and efficiently. A comprehensive literaturereview was conducted on these topics and a preliminary risk-based internal auditengagement model was developed based on the literature. Thereafter, organisations inboth the private and the public sectors in South Africa were examined via a maturityscorecard to determine which organisations were risk mature. The top five risk matureorganisations in each sector were included in the second empirical study, with the mainobjective of obtaining input from their chief audit executives to refine the initial risk-basedengagement model. Lastly, the model was tested in a practical scenario, using a casestudy approach, to determine whether there may be improvements in the execution ofthe internal audit engagement. The results of the three empirical studies were then usedto finalise the model.The study concludes that the risk-based internal audit model can be used during theplanning phase of an assurance engagement, improving the process as follows:�?Areas with medium to high operational risks are included in the planning of theinternal audit engagement.�?Low-risk areas are not included in the planning phase other than on a surprisebasis according to the internal auditor's professional judgement.�?High-risk areas (inherent risk) that remain high after appropriate controls havebeen implemented (residual risk) are reported to management on a timely basis.The use of this model will ensure that internal auditors focus on the areas that needurgent attention and not waste time on areas that are comparatively insignificant. Thiswill mean that scarce internal audit resources can be allocated to areas where they willadd the most value to the organisation. Although it was not a main objective of this study,it was found that the risk management framework and processes, and to a lesser extentthe role of internal auditing regarding risk-related aspects within the public sector, needimprovement to be in line with legislation, other guidance and best practices.