“…Understanding business objectives and strategies and aligning them with business objectives and activities (Coetzee and Lubbe, 2014; Selim and McNamee, 1999b), as well as assessing business risks on an annual basis and in individual audit assignments (Allegrini and D’Onza, 2003; Koutoupis and Tsamis, 2009) – that is, identifying, measuring and prioritizing the negative effects for the entity – contributes to an effective risk management that follows a holistic approach at the lowest possible cost (Bowling and Rieger, 2005; Banham, 2005; Busman and Zuiden, 1998; Goodwin, 2003; Griffiths, 2006; Gupta, 2011; Lois et al , 2020; McCord, 2002; Verschoor, 2002). Therefore, the focus of internal auditors is shifted to the future (Crawford and Stein, 2002; Petridis et al , 2019) and to “high-risk” areas that must be considered as a priority when preparing the internal audit plan (Grıffıths, 2006; Hafizah, 2017; Koutoupis and Tsamis, 2009; Sarens et al , 2012). To achieve the above, internal auditors, who now play a strategic role in organizations (IIARF, 2013; Krogstad et al , 1999), are required to possess specialized knowledge in matters of control and risk management (Deloitte, 2012; Mayur and Saravanan, 2017; Zain et al , 2006).…”