Pre-payment checks, compliance audit or risk-based audit what is the most effective role for internal audit? Andy Wynne is Head of Public Sector Technical Issues with the ACCA. He is editor of the ACCA e-mail bulletin for internal auditors. This bulletin is available from the ACCA web-site (www.accaglobal.com) or from info@accaglobal.com. Internal audit comes in all sorts of shapes and sizes. A wide variety of approaches may be adopted and the particular one which is used will differ from organisation to organisation and country to country. These approaches form a continuum from pre-audit, through regularity or compliance audit, to risk-based audit. This article introduces these three main approaches to internal audit, considers the relative merits of pre-audit and compliance audit and introduces risk-based audit. Future articles will provide a more detailed outline of the risk-based approach to internal audit. The origins of internal audit are as an internal check on the accuracy and validity of all payments made by an organisation. No payments could be made without them first being reviewed and stamped for payment by the staff of the internal audit section. Internal audit practice now forms a spectrum from this, original role of internal audit, to risk-based audit. The latter consists of internal audit reviewing the organisation's risk management and internal control systems and processes with only limited testing of internal controls ...