Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

A successful risk assessment processes begins with a strong foundation of risk and control understanding. Without this knowledge, the risk assessment tends to be completed using “gut” feel and not based on the true risks to achieving desired business objectives. The keys to performing a value-added risk assessment is to use the “objective, risk, control” approach. Without it, the assessment just becomes another document in a file.

This course provides the definition of risk and control along with the techniques which are used to properly identify the different types of risk as well as the techniques for addressing risk. Participants will examine risks and understand how to document and evaluate these types. Additionally, the three main types of control will be reviewed to ensure participants can better understand the control effectiveness and efficiency not only in their evaluation of testing, but also, in the audit recommendations.

Learning Objectives

  • Define risk and how to rate likelihood and significance
  • Learn the four phases of risk assessment
  • Define control and how to identify, design, and evaluate them
  • Understand the difference types of controls
  • Discuss how business units can control process
  • Review the COSO framework
  • Examine how risk and control are used in a matrix

Course Outline


  • The objective/risk/control approach
  • The critical nature of identifying objective
  • How objective/risk/control are related

Risk Revealed

  • Define and discuss risk
  • How to introduce risk to a client
  • Identify true process risk
  • Risk likelihood and significance

Risk Assessment

  • The four phases of risk assessment
  • The objective or each phase
  • Different methods to rate risk

Risk Management

  • Four techniques to manage risk
  • The objective of each technique
  • Determining which technique will address the identified risk most effectively

Control Revealed

  • Define control
  • The different types of control
  • The COSO approach
  • The control development process

COSO Framework

  • The COSO components of control
  • Types of controls
  • \Applying controls to business process
  • Assessing risk

Documenting Controls

  • Documenting techniques
  • Advantages/disadvantages of each
  • Examine the risk control matrix and how to complete one

Additional Information

Who Should Attend
  • Internal Auditors and Management (Operational and IT)
  • Financial Auditors
  • Internal Control Professionals
    • Learning Level






      Advanced Preparation


      Recommended Prerequisites
      Session Duration

      Online: N/A

      On Site: 2 days

      CPE Credits: 16