Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Risk-based auditing requires a deep understanding of the business and business objectives and operating rules to properly identify, evaluate, and prioritize the risks to the business. Business objectives and operating rules—the primary drivers of risk—have to be fully understood to ensure risks are identified and effectively evaluated.

This course will provide auditors with the skills necessary to plan and execute an effective risk-based audit that delivers measurable results to the organization. Participants will learn through lecture, group discussion, case studies, and small group exercises to ensure an interactive experience.

Learning Objectives

  • Understanding risk and the types of risk
  • Learning to identify, evaluate, and prioritize risk in your organization
  • Enhancing interview and research skills needed to understand the business and identify risks
  • Strengthening one’s skills in developing risk-based audit test steps and work programs
  • Learning to utilize tools for planning and executing risk-based, properly scoped audits that are targeted and focused on the most significant areas of the business and processes

Course Outline

The Role of Audit

  • The role of Audit today
  • IPPF standards

Audit Development Cycle: Closing the Loop Process

  • Defining the closing the loop process
  • The importance of planning
  • Understanding the business
  • Identifying business risks
  • Evaluating and prioritizing risks
  • Developing Audit objectives and defining scope
  • Evaluating the control environment
  • Developing testing
  • Testing of controls
  • Facilitating action

Planning: Understanding the Business

  • Identifying and understanding business objectives
  • Understanding business rules
  • Document review
  • Understanding the business processes
  • Documenting business processes—narratives/process flow charts/walkthroughs

Planning: Understanding the Business Methodologies

  • Document review and research
  • Interviewing tools and techniques

Planning: Scope

  • SIPOC
  • Defining Scope—what’s in and what’s out
  • Setting expectations with Management
  • Scope statements

Engagement Risk Assessment

  • Understanding risk
  • Types of risks—operational/financial/reputation/regulatory
  • Identifying risk
  • Evaluating risk
  • Prioritizing risk
  • Likelihood/significance/duration/velocity
  • Tying risks to business objectives

Identifying Control Criteria

  • Types of controls
  • Control objectives
  • Entity-level controls
  • Activity-level controls
  • Evaluating Controls—design vs. operating effectiveness

Risk-Based Testing and Sampling Methodologies

  • Determining testing approach and method
  • Determining sufficient, relevant, and reliable evidence
  • Weighing evidence

Results and Conclusions

  • 5 Cs
  • Root causes
  • Tying action plans to business objectives and risks
  • Framing issues from a business perspective
  • Leveraging the 5 Cs in reporting
  • Using visualization in reporting

Additional Information

Who Should Attend

Internal and external auditors

Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

At least 2 years’ general audit experience

Session Duration

Online:

On Site:

CPE Credits: