Course Objectives
Risk-Based Internal Audit
Course Methodology
The course uses a mix of interactive techniques, such as brief presentations by the consultant, case studies, live demonstrations of sampling methodologies and group exercises to apply the knowledge acquired throughout the course.
Course Objectives
By the end of the course, participants will be able to:
Define the scope and function of internal audit within the company
Distinguish the types of internal audit assignments related to operational, compliance, quality, safety or financial internal audit
Describe the internal audit planning guidelines and develop a risk-based audit plan
Apply techniques for risk identification, controls identification and controls testing
Identify the best sampling techniques in an internal audit assignment considering sample size or sample selection
Select the appropriate internal audit test tools and list the advantages and disadvantages of each
Target Audience
Delegates with some experience in auditing as well as junior auditors or professionals from finance or other departments looking to develop a focused and best practices approach to the internal audit function. This course is also suitable for supervisors and managers who are interested in updating, upgrading, and refreshing their knowledge of the internal audit function.
Target Competencies
Risk based audit planning
Evaluating risk management frameworks
Evaluating internal audit functions
Identifying risk
Identifying and designing controls
Sampling
Completing fieldwork audit
Course Outline
Risk and internal audit overview
Definition of risk
Types of risk in an organization
Strategic, reporting, compliance, operational, financial and physical
Scope of corporate governance
Building blocks of corporate governance
Internal audit as a function of corporate governance
Scope of internal auditing
Reasons to have an internal audit function
Distinguishing internal from external auditing
The internal audit charter
The role of an audit committee
Risk management process
Five steps to accomplish an effective Enterprise Risk Management (ERM) framework
COSO enterprise risk management framework
Determining the risk appetite
The role of an internal audit activity in risk management
Types of internal auditing
Assurance services: the third line of defense
Performance auditing
Operational auditing
Contracts auditing
Financial auditing: accounting cycles audited by the internal audit function
Security and privacy auditing
Quality auditing
Compliance auditing
Risk-based internal audit: planning the fieldwork
Reasons for risk-based audit planning
Three stages for implementing risk-based internal audit
Stage 1: risk maturity assessment
Actions of internal audit to assess risk maturity
Overall audit strategy based on risk maturity
Conclusion on risk management framework
Stage 2: production of the audit plan
Assurance requirements from board and management
Actions to achieve production of an audit plan
Identify processes and responses on which assurance is required
Categorize and prioritize the risks
Scoring and weighing risks
Link risks to audit assignments
Using assurance maps to determine assurance requirements
Stage 3: conducting audit engagements
Risk-based internal audit: conducting audit engagements
Internal audit role in performing the audit
Assessing risks: inherent, control, detection and audit risks
How management and internal audit can minimize risk
Engagement planning
Engagement objectives, scope and criteria
Engagement work program
Role of internal audit staff
Defining management assertions
Uncover risks during audit engagement
Example of internal audit risk assessment scale
Testing management controls
Insights on flowcharting for understanding cycles and controls
Assess design of internal controls
Test operating effectiveness of internal controls
10 steps to complete the audit stage
Summarizing audit conclusions for the audit committee
Technical tools for internal auditors
Tips and tools for audit sampling
Information gathered by internal auditors
4 qualities of information
Sources and nature of information
Assessing the degree of persuasiveness
Types of engagement procedures
15 internal audit test tools
Observation
Interviewing: a disliked technique
Interviewing skills: how to run a successful interview
Role play: internal auditor in action
Examining records
Verification and confirmations
?Vouching and tracing
Re-performing
Internal audit working papers
Best practices for managing working papers
Retention policies
Communicating fieldwork results and recommendations
Legal considerations for communicating results
4 attributes of an observation or recommendation
Disseminating results and exit meetings
Risk and internal audit overview
Definition of risk
Types of risk in an organization
Strategic, reporting, compliance, operational, financial and physical
Scope of corporate governance
Building blocks of corporate governance
Internal audit as a function of corporate governance
Scope of internal auditing
Reasons to have an internal audit function
Distinguishing internal from external auditing
The internal audit charter
The role of an audit committee
Risk management process
Five steps to accomplish an effective Enterprise Risk Management (ERM) framework
COSO enterprise risk management framework
Determining the risk appetite
The role of an internal audit activity in risk management
Types of internal auditing
Assurance services: the third line of defense
Performance auditing
Operational auditing
Contracts auditing
Financial auditing: accounting cycles audited by the internal audit function
Security and privacy auditing
Quality auditing
Compliance auditing
Risk-based internal audit: planning the fieldwork
Reasons for risk-based audit planning
Three stages for implementing risk-based internal audit
Stage 1: risk maturity assessment
Actions of internal audit to assess risk maturity
Overall audit strategy based on risk maturity
Conclusion on risk management framework
Stage 2: production of the audit plan
Assurance requirements from board and management
Actions to achieve production of an audit plan
Identify processes and responses on which assurance is required
Categorize and prioritize the risks
Scoring and weighing risks
Link risks to audit assignments
Using assurance maps to determine assurance requirements
Stage 3: conducting audit engagements
Risk-based internal audit: conducting audit engagements
Internal audit role in performing the audit
Assessing risks: inherent, control, detection and audit risks
How management and internal audit can minimize risk
Engagement planning
Engagement objectives, scope and criteria
Engagement work program
Role of internal audit staff
Defining management assertions
Uncover risks during audit engagement
Example of internal audit risk assessment scale
Testing management controls
Insights on flowcharting for understanding cycles and controls
Assess design of internal controls
Test operating effectiveness of internal controls
10 steps to complete the audit stage
Summarizing audit conclusions for the audit committee
Technical tools for internal auditors
Tips and tools for audit sampling
Information gathered by internal auditors
4 qualities of information
Sources and nature of information
Assessing the degree of persuasiveness
Types of engagement procedures
15 internal audit test tools
Observation
Interviewing: a disliked technique
Interviewing skills: how to run a successful interview
Role play: internal auditor in action
Examining records
Verification and confirmations
?Vouching and tracing
Re-performing
Internal audit working papers
Best practices for managing working papers
Retention policies
Communicating fieldwork results and recommendations
Legal considerations for communicating results
4 attributes of an observation or recommendation
Disseminating results and exit meetings