Internal Auditing and Risk Assessment in Large Italian Companies: an Empirical Survey

This paper aims at achieving an overall view regarding the state of the art of internal auditing in large Italian companies. Mainly, it is focused on risk assessment practices and on the execution of a risk-based approach in the audit process. The research is based on a survey carried out on the ‘Top100’ companies listed at the Italian Stock Exchange. Survey results reveal that practices vary significantly among three different models: 1A few companies (25%) carry out mainly traditional compliance activities and they generally follow an audit-cycle approach for the annual audit planning; 2In most companies (67%), internal auditors adopt the COSO model and perform mainly operational auditing. Risk-based approach is applied predominantly at macro level. 3Finally, it is possible to identify a very few large companies (8%), in which auditors are applying a risk-based approach both at macro and micro level.