Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

A successful risk based audit program begins with a strong understanding of risk; inherent risk, residual risk and how to conduct effective risk assessments both annually and for each audit engagement. “Risk” sounds simple and straight forward but auditors often struggle to appropriately identify true risk and more importantly accurately assess those risks. The key to understanding risks in an organization is to start with a clear understanding of the business objectives.

This course will help internal auditors better understand the true definition of risks and controls and provide them with methods and techniques that can be used in identifying and evaluating risks within their organizations. Course participants learn how to appropriately identify business objectives, the risks associated with those objective and how to properly weigh and evaluate those risks. Additionally, control types and their effectiveness will be reviewed to ensure a full understanding of control environments.

Learning Objectives

  • Define risk and how to rate likelihood and significance
  • Learn the four phases of risk assessment
  • Define control and how to identify, design, and evaluate them
  • Discuss how business units can control process
  • Review the COSO framework
  • Examine how risk and control are used in a matrix

Course Outline


  • Introduce the objective/risk/control approach
  • Understand the critical nature of identifying objective
  • Learn how the three are related

Risk Revealed

  • Define and discuss risk
  • Learn how to introduce risk to a client
  • Identify true process risk
  • Discuss risk likelihood and significance

Risk Assessment

  • Learn the four phases of risk assessment
  • Differentiate the objective or each phase
  • Discuss the different methods to rate risk

Risk Management

  • Learn the four techniques to manage risk
  • Understand the objective of each technique
  • Determine which technique will address the identified risk most effectively

Control Revealed

  • Define and discuss control
  • Discuss the different types of control
  • Introduce the COSO approach
  • Learn the control development process

COSO 2013 Framework

  • Understanding the COSO components of control
  • Types of controls
  • Applying controls to business process
  • Assessing risk

Documenting Controls

  • Learn the different techniques
  • Discuss the advantages/disadvantages of each
  • Examine the risk control matrix and how to complete one

Additional Information

Who Should Attend

Internal auditor staff and management of all levels

Learning Level






Recommended Prerequisites

Auditors with at least 2 years’ experience in order to draw upon their professional audit experience

Session Duration

Online: N/A

On Site: 2 days

CPE Credits: 16