Course Description
In today’s audit environment there is a lot of discussion around audit functions “adding value”. Audits are time consuming, can be expensive and are often a source of frustration for the audit client. Why? As auditors we often hear that the “auditor(s) just doesn’t understand my business”. The business can feel this way as a reaction to the proposed action and remediation plan. If an audit team doesn’t perform effective root cause analysis then the recommended action often will not solve root cause of the issue and problems will persist.
To truly add value, an audit must address the root causes of the issues and exceptions identified, not just the symptoms. This course is designed to introduce the various tools and methodologies used for root cause analysis and how to apply them to the audit process. Participants will learn interactively through a combination of lecture, case studies and exercises.
Learning Objectives
- Understanding Root Cause Analysis (RCA)
- Introduction to the various tools and methodologies that can be utilized for RCA
- Understand how RCA can be applied within audits
- Understanding when to utilize RCA in Internal Audit
- Understand the common challenges when using RCA
Learn how to apply RCA in practice - Editing and Proofreading – and the difference
Course Outline
Understanding Risk Cause Analysis (RCA)
- What is it?
- A very brief history and background of RCA
- Why should it be done?
RCA in Internal Audit – Why?
- Business responsibility or Internal Audit
- Adding Value
- When should we conduct an RCA?
- When to use outside of an audit
Standards and Best Practices
- Overview of current IIA guidance
- IIA Practice Advisory 2320-2
RCA Methodologies & Techniques – Most Common in Audit
- Pareto Analysis
- Ishikawa Method – Fishbone diagrams
- Kiplinger Methodology – 5W1H
- 5 Whys
- The 5 C’s
Other RCA Methodologieseb
- Failure Mode and Effect Analysis
- SIPOC
- Statistical Correlation
- Fault Tree Analysis
- Lean Six Sigma – Critical to Quality
The RCA Process
- Define the Issue
- Diagnose the Issue using one of the methodologies
- Identify potential alternate solutions / recommendations
- Determine is an interim or permanent solution is viable
- Ensure appropriate controls for recommended solution
- Lessons Learned
Adding Value – Linking Root Cause to Findings and Objectives
- Linking the finding to its root cause
- Linking the finding and root cause to the audit and business objectives
- Understanding the control failure root causes
- Linking control failure root causes to COSO 2013
Common Challenges and Obstacles
- Environmental Obstacles
- Common Mistakes
- Biases that impede RCA
- Drawing the wrong conclusion
- Resolutions that don’t resolve the issue
- Communication – Interviewing, Q&A, Follow up
Communicating Root Causes
- Results
- Solutions – MoSCoW Analysis
- Including root cause in the audit report
- Action Plans
- Difficult Situations
Additional Information
Who Should Attend
Internal audit staff and management
Learning Level
Intermediate
Delivery
Group Live or Group Internet-Based
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
Auditors with at least 1 year experience in order to draw upon their professional audit experience
Session Duration
On Site: 2 days
CPE Credits: 16