Many forms of bias can lead internal auditors to the wrong conclusions during risk assessments.
Risk assessment is an activity that internal auditors frequently engage in, whether seeking the most effective deployment of scarce resources to audit engagements or identifying the specific risks applicable to the organization relative to engagements. How individual organizations go about risk assessments is left to the discretion of their internal audit leaders. The mechanics of this exercise are as diverse as the internal audit functions executing them, but there is one constant. Cognitive bias is a phenomenon every auditor is susceptible to, regardless of how risk assessments are conducted.
