This paper proposes a four-dimensional risk index model for designing internal audit programs in the public sector. The model integrates legal, financial, resource, and organizational risks to provide a comprehensive framework for risk-based audit planning. Through simulation involving hypothetical departments, the study demonstrates that aggregate risk scores can mask the diversity and specificity of underlying risk categories. By decomposing audit risk into distinct dimensions, the model enhances audit targeting, supports transparent decision-making, and aligns with international internal audit standards. It also proves particularly useful in environments with limited data availability. The model’s adaptability and clarity make it suitable for both manual and automated audit planning processes. While future enhancements could include dynamic weighting and digital integration, the model as presented already offers a robust and practical approach to prioritizing internal audit activities and improving public sector governance outcomes.