Course Outlines:
Module One:
Risk and internal audit overview
- Definition of risk
- Types of risk in an organization
- Strategic, reporting, compliance, operational, financial and physical
- Scope of corporate governance
- Building blocks of corporate governance
- Internal audit as a function of corporate governance
- Scope of internal auditing
- Reasons to have an internal audit function
- Distinguishing internal from external auditing
- The internal audit charters
- The role of an audit committee
- Risk management process
- Five steps to accomplish an effective Enterprise Risk Management (ERM) framework
- COSO enterprise risk management framework
- Determining the risk appetite
- The role of an internal audit activity in risk management
Module Two:
Types of internal auditing
- Assurance services: the third line of defence
- Performance auditing
- Operational auditing
- Financial auditing: accounting cycles audited by the internal audit function
- Security and privacy auditing
- Quality auditing
- Compliance auditing
Module Three:
Risk-based internal audit: planning the fieldwork
- Reasons for risk-based audit planning
- Three stages for implementing risk-based internal audit
- Stage 1: risk maturity assessment
- Actions of internal audit to assess risk maturity
- Overall audit strategy based on risk maturity
- Conclusion on risk management framework
- Stage 2: production of the audit plan
- Assurance requirements from board and management
- Actions to achieve production of an audit plan
- Identify processes and responses on which assurance is required
- Categorize and prioritize the risks
- Scoring and weighing risks
- Link risks to audit assignments
- Using assurance maps to determine assurance requirements
- Stage 3: conducting audit engagements
Module Four:
Risk-based internal audit: conducting audit engagements
- Internal audit role in performing the audit
- Assessing risks: inherent, control, detection and audit risks
- How management and internal audit can minimize risk
- Engagement planning
- Engagement objectives, scope and criteria
- Engagement work program
- Role of internal audit staff
- Defining management assertions
- Uncover risks during audit engagement
- Example of internal audit risk assessment scale
- Testing management controls
- Insights on flowcharting for understanding cycles and controls
- Assess design of internal controls
- Test operating effectiveness of internal controls
- 10 steps to complete the audit stage
- Summarizing audit conclusions for the audit committee
Module Five:
Technical tools for internal auditors
- Tips and tools for audit sampling
- Information gathered by internal auditors
- 4 qualities of information
- Sources and nature of information
- Assessing the degree of persuasiveness
- Types of engagement procedures
- 15 internal audit test tools
- Observation
- Interviewing: a disliked technique
- Interviewing skills: how to run a successful interview
- Role play: internal auditor in action
- Examining records
- Verification and confirmations
- Vouching and tracing
- Re-performing
- Internal audit working papers
- Best practices for managing working papers
- Retention policies
- Communicating fieldwork results and recommendations
- Legal considerations for communicating results
- 4 attributes of an observation or recommendation
- Disseminating results and exit meetings