<![CDATA[This study provides a critical analysis of the implementation of Risk-Based Auditing (RBA) within a prominent Indonesian Islamic philanthropic institution, Baitul Maal Hidayatullah (BMH). Employing a qualitative case study methodology, the research is framed by a novel synthesis of Agency, Stewardship, and Institutional theories to dissect the complex governance dynamics at play. The principal finding is the identification of a "philanthropy trilemma," wherein the organization must navigate the competing imperatives of managerial efficiency, mission integrity (Sharia compliance), and institutional legitimacy. The study reveals that BMH strategically employs "decoupling" outsourcing its core financial and Sharia audits to resolve the internal paradox of applying an Agency-based control tool (RBA) within a Stewardship-driven culture, thereby securing external legitimacy while preserving internal trust. However, this strategy creates a critical assurance gap. Furthermore, the analysis deconstructs BMH's quantitative RBA model, exposing its "illusion of objectivity" and its failure to incorporate existential non-financial risks, such as Sharia non-compliance and reputational damage. The study concludes that a more holistic, strategically-aligned RBA framework is imperative. It recommends the integration of data analytics and continuous assurance as a transformative solution to overcome resource constraints and enhance governance, ultimately shifting the internal audit function from mere risk mitigation to strategic value co-creation.]]>
