MindGrove - the Audit and Risk SpecialistsMindGrove Training page - header image of people

 Home
 About us
 Training
bullet pointIn-house training
 ... by category
 ... a to z listing
 Public courses 2012
 Download brochure
 eLearning
 Consultancy
 Resources
 Clients
 Contact us
















Risk Awareness and Risk Based Internal Auditing

Risk Based Internal Auditing is the mode of auditing most deployed by mature internal audit operations. However, it is best applied by a team that are highly risk aware.

This special course, builds delegates’ knowledge of risk before introducing the new skills required to perform comprehensive, integrated risk based auditing.

 

Suitability and duration

Suitability: All levels

Duration: 5 days

 

Who should attend

This course is designed for all comers; however, the maximum number of people attending any particular event will be transitionally limited to ensure an adequate level of personal attention.

 

Benefits

Skills

After completion of this course, you will be able to:

  • Demonstrate an understanding of the purpose and objectives of internal audit
  • Plan an audit programme based on risk assessments
  • Understand the differences between risk in Operational, Project, IT and Service Delivery settings
  • Perform risk based audits from assessment through to final reporting
  • Produce compelling evidence for action and follow up risk based actions 

 

Support materials

This course is accompanied by a substantial manual that includes full briefing notes.

 

Programme

DAY 1: FOUNDATIONS OF RISK

Risk awareness

  • Three definitions of risk: the insurable; the preventable; and the manageable
  • The impact of risk
  • Practical exercise: the consequences of maturing threats
  • What is risk awareness?
  • Distinguishing personal risk from organisational risk
  • Practical exercise: revealing the differences between personal and organisational risk
  • Business processes and risk
  • Embedding risk around and within business processes
  • Practical exercise: examining a process and locating risk
  • Risk capability models – maturity models for businesses
  • Continuous risk improvement processes

 

Formalising risk concepts

  • Terminology and definitions – a quick primer
  • Calculation of risk exposures
  • Practical exercise: simple risk calculations to gain a high-level view
  • Why we use different ways of assessing risk in different situations
  • Quantitative and semi-quantitative models
  • Consequence based models
  • Cause-effect models
  • Practical exercise: selecting and using the correct risk model – practice at using different risk models

DAY 2: RISK ARCHITECTURES AND AUDITING RISK MANAGEMENT SYSTEMS

Risk architecture

  • The notion of Enterprise Risk Management – example: the COSO ERM
  • Practical exercise: justifying a formal approach to the management of risk and creating enterprise risk architectures
  • From mission statement to objectives
  • From objectives to risk
  • From risk to control
  • Practical exercise: turning business objectives into risk architecture – simple example
  • Creating a Formal Enterprise Risk Architecture using analytical techniques
  • Context – Objective – Logical Architecture – Physical Architecture – Operational Architecture
  • Integration of risk-control and risk-management processes
  • Practical exercise: creating an enterprise risk architecture from a cold-start

 

Risk management and the auditor

  • The point of examining and auditing risk management processes
  • Determining the maturity level of the risk management process
  • The audit process – how to review the risk management system
  • Practical exercise: auditing a risk management system – this is a phased review and will be interspersed between the key elements of this session

DAY 3: RISK DRIVEN AUDIT PLANNING AND RISK DRIVEN AUDITS

The mandate

  • The audit charter and the audit universe
  • The expectations of audit from legislators, management and stakeholders – the non-audit viewpoint
  • Practical exercise: review of the audit charter and stakeholder expectations

 

Gathering data and creating plans

  • Risk assessment the key tasks
  • Holding and managing self-assessment workshops
  • Practical exercise: hosting a risk workshop – a participative exercise
  • Compiling risk registers – the purpose and the key elements
  • Audit plans – the planning process
  • Deriving audit plans from risk registers
  • Practical exercise: building out a plan of audit work from risk register data

 

Using risk to drive the audit

  • Basic principles
  • Defining scope and risk-based objectives
  • Defining key questions
  • Early thoughts about testing and proof – reasonable assurance
  • Drafting a management letter for a risk-based audit
  • Practical exercises: defining risk-based objectives

 

Performing the audit

  • Major Practical: Delegates will conduct a partial review of an operational financial system using the principles and knowledge acquired earlier in this day

DAY 4: RISK DRIVEN AUDITS – PROJECTS, IT SYSTEMS AND SERVICE DELIVERY

Risk driven project auditing

  • What is different about project risk?
  • Risk strategies for projects: a risk checklist
  • Major Practical: Delegates will conduct a partial review of a major project using the principles and knowledge acquired earlier in this session

 

Risk driven IT auditing

  • What is different about IT risk?
  • Application reviews: turning business objectives into risk drivers for the audit
  • Security reviews: turning security objectives into risk drivers for the audit
  • Major Practical: Delegates will conduct a partial review of an IT infrastructure using the principles and knowledge acquired earlier in this session

 

Risk driven service delivery

  • The difference between a service delivery and operational audit perspective
  • Major Practical: Delegates will conduct a partial review of a service delivery process using the principles and knowledge acquired earlier in this session

DAY 5: CONTROL, EVALUATION AND REPORTING

Performing a risk based audit – evaluation of controls

  • Major risk-controls: segregation; accountability; effectiveness; integrity; transparency; currency; registration; identification; authentication; authorisation; completeness; accuracy; reconciliation; traceability
  • Practical exercise: evaluating controls and tracing risk back to objectives - demonstrating impact on organisation
  • Defining testing strategies – reasonable assurance
  • Compliance testing - weakness probing - substantive testing
  • Practical exercise: designing and performing tests to gain reasonable assurance
  • Documentation: notifying control weaknesses
  • Practical exercise: notification of control weaknesses and the risk linkage - demonstrating connection to risk register

 

The draft audit report

  • Structuring of draft reports and embedding risk concepts: risk management implications and conclusions
  • Practical exercise: a draft report based on risk

 

The draft audit report

  • Structuring of final reports – the risk message
  • Sign off – getting agreed risk action – escalating critical risk issues
  • Follow up of risk-based audit reports
  • Practical exercise: the final audit report

 

 

  Call us on +44 (0) 1925 730 200Site map | Contact us 
© 2012 MindGrove Ltd. All rights reserved
 Valid XHTML 1.0 TransitionalValid CSS!