How often should internal auditors perform audits?

Internal auditors should perform audits as frequently as necessary based on risk assessments because this approach allows for a more flexible and responsive auditing schedule that aligns with the specific risks faced by the organization. Risk assessments help identify areas of higher exposure or vulnerability within the credit union, which may require more regular audits or special attention.

By tailoring the audit frequency to the actual risks, it ensures that resources are utilized effectively and that management is informed about potential issues in a timely manner. This proactive stance enables the credit union to address and mitigate risks before they escalate into significant problems, ultimately supporting better governance and compliance.

Other options suggest fixed schedules (like once a decade or yearly) or contingent processes (only upon external request), which do not account for the dynamic nature of risks that organizations face. A flexible auditing schedule based on risk assessments promotes continuous improvement and accountability within the credit union.