Risk Based Internal Auditing - Full Process
Novices to internal auditing often take time to settle into their new role and to become productive. This special course, builds delegates’ knowledge of integrated risk based auditing rapidly through the medium of learning by performing a real-world audit.
Suitability and duration
Suitability: All levels
Duration: 4 days
Who should attend
This course is designed for all comers; however, the maximum number of people attending any particular event will be transitionally limited to ensure a high level of interaction and personal attention
Benefits
Skills
After completion of this course, you will be able to:
- Demonstrate an understanding of the purpose and objectives of internal audit
- Plan an audit programme based on risk assessments
- Understand the differences between risk in Operational, Project, IT and Service Delivery settings
- Perform risk based audits from assessment through to final reporting
- Produce compelling evidence for action and follow up risk based actions
Support materials
This course is accompanied by a substantial manual that includes full briefing notes.
Programme
DAY 1: FOUNDATIONS AND AUDIT PLANNING
About internal audit
- The purpose of internal audit
- Standards and the professional bodies representing internal audit
- Difference between internal and external audit
- Responsibility for detecting and prosecuting fraud
- Discussions and questions throughout this session
Internal audit relationships
- Independence and objectivity
- Audit committees
- Management expectations of internal audit
- Discussions and questions throughout this session
Audit documentation and personal administration
- Evidence: reasonable, reliable and sufficient
- Need to take notes
- Audit filing systems
- Permanent notes: working papers: reports
- Practical exercise in evidence judgement
Planning internal audit work
- The audit charter and universe
- Risk assessment and risk management
- Risk registers and plans
The candidate audit
- Engagement protocol: defining scope and objectives
- Management letters
- Practical exercise: Defining scope and objectives
DAY 2: OPENING PROCESSES
Performing an audit – familiarisation
- Reviewing previous audit notes
- Setting up the audit working papers file
- Preparing a questionnaire
- Courtesy visits and opening meetings
- Familiarisation strategies: reading notes; process charting
- Interviewing subjects: open questions; probing questions; closed questions
- Practical exercise: Setting up a meeting and performing an interview
Performing an audit – gathering data
- Writing up interview notes
- Ongoing documentation maintenance and quality assurance
- Practical exercise: Writing up notes after the interview
DAY 3: THE REVIEW
Performing an audit – evaluation of controls
- Control structures: segregation; accountability; effectiveness; integrity; openness/transparency; currency; registration; identification; authentication; authorisation; completeness; accuracy; reconciliation; traceability
- Evaluation technique – predicted versus actual
- Gap analysis and residual risk
- Practical exercise: Evaluating controls
- Defining testing strategies
- Compliance testing
- Weakness probing
- Substantive testing
- Relating evaluation results to objectives
- Practical exercise: Designing and performing Tests
- Documentation: notifying control weaknesses
- Turnaround of notifications and quality assurance
- Practical exercise: Notification of control weaknesses
DAY 4: THE REPORT
The draft audit report
- Meetings to clarify points and to clear up issues
- Structuring of draft reports: management overviews; work done; observations and recommendations; action plans and overall conclusions
- Clarity of writing – the 5C’s method
- Practical exercise: A draft report
The final audit report
- Exit meeting after presentation and agreement of draft
- Structuring of final reports
- Circulation and distribution
- Follow up of reports and actions
- Practical exercise: The final audit report
