Binder
with narrative text, slides, examples, case studies and exercises
Everyone
is talking about Risk-Based Internal Auditing. In the public domain there is a
high level Position Statement from the IIA and a Professional Briefing Note
from a UK government department but neither takes you step by step through the
project to shift your audit department away from controls to systems based
auditing nor do they explore in detail creating a risk based Audit Plan and
conducting audits based on risks rather than control objectives. This highly
interactive course uses case studies as you work through RBIA from first
principles to practical implementation in the company of Sarah Blackburn who
has led RBIA in two FTSE companies.
Objectives By the end of the day delegates should be able to:
Use with confidence a common Risk Management language and
the concepts of Risk Based Internal Auditing.
Construct a risk based Audit Plan suited to the level of
risk management maturity of their organisation.
Manage and/or conduct a risk based internal audit suited to
the level of risk management maturity of their organisation.
Outline a project plan of how to move to Risk Based
Internal Auditing in their organisation.
(If delegates want to bring examples from their own
organisation we can use them to illustrate the theory: all such materials to be
treated confidentially by everyone present.)
Outline of the
Course
Introduction
and objectives
Introducing the course leaders and the participants.
Setting objectives and expectations
Exercise: the risk management experience A Common Risk
Management Language
A simple RM model
The relationship between risk, assurance, and audit
How
to determine a Risk Based Audit Plan
What internal audit can offer.
How will we structure the audit universe in future?
Where to concentrate audit effort?
Maintaining the balance of work between risk management
and traditional auditing.
Do we need to keep auditing the same risks year on year,
like we do with the main financial systems?
Assurance frameworks
How far can you trust other providers?
What
do we mean by RBIA?
Contrasting the differing views of the IIA and private
sector with experience and guidance from the public sector including CIPFA and
the NHS
How does it differ from previous approaches such as control
based or systems based internal audit?
What are the positives and negatives of RBIA?
How to conduct an RBIA
When management has a good quality Risk Register
When management has not completed a risk register
before
When the management Risk Register is not sufficient:
conducting a facilitated risk assessment for audit purposes.
We will work through the audit cycle from start to
finish
Choosing the appropriate working style
Planning the work - how and when to involve the audit
client
Validating the Risk Register
Testing assurances
Testing control activities
Facilitated commitment and report writing
Making
it happen in your organisation
Project planning for introducing RBIA approach· What
needs to be done and how internal audit can help in the limited time
available.
