Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

In today’s audit environment there is a lot of discussion around audit functions “adding value”. Audits are time consuming, can be expensive and are often a source of frustration for the audit client. Why? As auditors we often hear that the “auditor(s) just doesn’t understand my business”. The business can feel this way as a reaction to the proposed action and remediation plan. If an audit team doesn’t perform effective root cause analysis then the recommended action often will not solve root cause of the issue and problems will persist.

To truly add value, an audit must address the root causes of the issues and exceptions identified, not just the symptoms. This course is designed to introduce the various tools and methodologies used for root cause analysis and how to apply them to the audit process. Participants will learn interactively through a combination of lecture, case studies and exercises.

Learning Objectives

  • Understanding Root Cause Analysis (RCA)
  • Introduction to the various tools and methodologies that can be utilized for RCA
  • Understand how RCA can be applied within audits
  • Understanding when to utilize RCA in Internal Audit
  • Understand the common challenges when using RCA
    Learn how to apply RCA in practice
  • Editing and Proofreading – and the difference

Course Outline

Understanding Risk Cause Analysis (RCA)

  • What is it?
  • A very brief history and background of RCA
  • Why should it be done?

RCA in Internal Audit – Why?

  • Business responsibility or Internal Audit
  • Adding Value
  • When should we conduct an RCA?
  • When to use outside of an audit

Standards and Best Practices

  • Overview of current IIA guidance
  • IIA Practice Advisory 2320-2

RCA Methodologies & Techniques – Most Common in Audit

  • Pareto Analysis
  • Ishikawa Method - Fishbone diagrams
  • Kiplinger Methodology - 5W1H
  • 5 Whys
  • The 5 C’s

Other RCA Methodologies\eb

  • Failure Mode and Effect Analysis
  • SIPOC
  • Statistical Correlation
  • Fault Tree Analysis
  • Lean Six Sigma – Critical to Quality

The RCA Process

  • Define the Issue
  • Diagnose the Issue using one of the methodologies
  • Identify potential alternate solutions / recommendations
  • Determine is an interim or permanent solution is viable
  • Ensure appropriate controls for recommended solution
  • Lessons Learned

Adding Value – Linking Root Cause to Findings and Objectives

  • Linking the finding to its root cause
  • Linking the finding and root cause to the audit and business objectives
  • Understanding the control failure root causes
  • Linking control failure root causes to COSO 2013

Common Challenges and Obstacles

  • Environmental Obstacles
  • Common Mistakes
  • Biases that impede RCA
  • Drawing the wrong conclusion
  • Resolutions that don’t resolve the issue
  • Communication – Interviewing, Q&A, Follow up

Communicating Root Causes

  • Results
  • Solutions - MoSCoW Analysis
  • Including root cause in the audit report
  • Action Plans
  • Difficult Situations

Additional Information

Who Should Attend

Internal audit staff and management

Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

Auditors with at least 1 year experience in order to draw upon their professional audit experience

Session Duration

Online: N/A

On Site: 2 days

CPE Credits: 16