Course Description
Risk-based auditing requires a deep understanding of the business and business objectives and operating rules to properly identify, evaluate, and prioritize the risks to the business. Business objectives and operating rules—the primary drivers of risk—have to be fully understood to ensure risks are identified and effectively evaluated.
This course will provide auditors with the skills necessary to plan and execute an effective risk-based audit that delivers measurable results to the organization. Participants will learn through lecture, group discussion, case studies, and small group exercises to ensure an interactive experience.
Learning Objectives
- Understanding risk and the types of risk
- Learning to identify, evaluate, and prioritize risk in your organization
- Enhancing interview and research skills needed to understand the business and identify risks
- Strengthening one’s skills in developing risk-based audit test steps and work programs
- Learning to utilize tools for planning and executing risk-based, properly scoped audits that are targeted and focused on the most significant areas of the business and processes
Course Outline
The Role of Audit
- The role of Audit today
- IPPF standards
Audit Development Cycle: Closing the Loop Process
- Defining the closing the loop process
- The importance of planning
- Understanding the business
- Identifying business risks
- Evaluating and prioritizing risks
- Developing Audit objectives and defining scope
- Evaluating the control environment
- Developing testing
- Testing of controls
- Facilitating action
Planning: Understanding the Business
- Identifying and understanding business objectives
- Understanding business rules
- Document review
- Understanding the business processes
- Documenting business processes—narratives/process flow charts/walkthroughs
Planning: Understanding the Business Methodologies
- Document review and research
- Interviewing tools and techniques
Planning: Scope
- SIPOC
- Defining Scope—what’s in and what’s out
- Setting expectations with Management
- Scope statements
Engagement Risk Assessment
- Understanding risk
- Types of risks—operational/financial/reputation/regulatory
- Identifying risk
- Evaluating risk
- Prioritizing risk
- Likelihood/significance/duration/velocity
- Tying risks to business objectives
Identifying Control Criteria
- Types of controls
- Control objectives
- Entity-level controls
- Activity-level controls
- Evaluating Controls—design vs. operating effectiveness
Risk-Based Testing and Sampling Methodologies
- Determining testing approach and method
- Determining sufficient, relevant, and reliable evidence
- Weighing evidence
Results and Conclusions
- 5 Cs
- Root causes
- Tying action plans to business objectives and risks
- Framing issues from a business perspective
- Leveraging the 5 Cs in reporting
- Using visualization in reporting
Additional Information
Who Should Attend
Internal and external auditors
Learning Level
Intermediate
Delivery
Group Live or Group Internet-Based
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
At least 2 years’ general audit experience
Session Duration
On Site:
CPE Credits: