Internal Audit Courses.

This course is intended to help scripters support internal audit departments and improve their testing processes, and reviews the scripting process from planning to development to interactivity and export. Participants will review the basics of data mining, including how data mining can be used to support audit initiatives. Participants will also work to hone their decision-making skills with respect to data mining and assess how audit objectives align with the data mining process. This course covers topics associated with script planning, including file formats, file import naming conventions, import types, and associated file clean-up. Once planning is complete, this course reviews files and commands that can improve script development and efficiency. Finally, participants will review different methods and best practices for improving script interactivity, including variables, date ranges, filters, and operators. The course includes several live demonstrations that directly correlate to real world scenarios that scripters and Internal Auditors will face in the field. There is no CPE available for this course.

This course is intended to help scripters support internal audit departments and improve their testing processes, and reviews the scripting process from planning to development to interactivity and export. Participants will review the basics of data mining, including how data mining can be used to support audit initiatives. Participants will also work to hone their decision-making skills with respect to data mining and assess how audit objectives align with the data mining process.

This course covers topics associated with script planning, including file formats, file import naming conventions, import types, and associated file clean-up. Once planning is complete, this course reviews files and commands that can improve script development and efficiency. Finally, participants will review different methods and best practices for improving script interactivity, including variables, date ranges, filters, and operators. The course includes several live demonstrations that directly correlate to real-world scenarios that scripters and Internal Auditors will face in the field.

This course provides an overview of the key considerations when confronted with ethical dilemmas. It includes a framework for ethical decision-making, suggestions for the ethical resolutions of concerning situations, and a review of various scenarios to show how the tools and techniques can be applied in real-world situations.

CPE: 1

This course covers the building blocks of IT audit and security, including identity and access management, web-based e-commerce application threats, vulnerabilities, and standards associated with privacy issues and intellectual property concerns. It places special emphasis on discovering best practices and standards for auditing web (HTTP) servers and application servers and enables participants to walk away with tools, techniques, and checklists for discovering and testing web and application server security.

It also covers auditing database management systems within the context of robust but practical enterprise architecture and governance models and reviews web services and service-oriented architectures, including SOAP, ReST, SOA, and ESB. Participants will also review safeguard concepts and best practices for secure mobile and wireless applications.

This course covers the current state of cloud computing, its common architecture, and the major SaaS, PaaS, and IaaS providers in the market today. It covers the security and control deficiencies in cloud-based services and looks at Security as a Service as a way to protect against them. Participants review a risk-based approach to audit and controls for cloud-based services and investigate areas such as cloud-based network models, cloud access security brokers, disaster recovery, and governance in a cloud environment. It reinforces the concepts covered with examples to help participants identify the risks, controls, and gaps in cloud services.

Audits of business application systems development are complicated by the presence of different computer platforms, a myriad of user needs, and diverse technical environments. This course provides an overview of proven audit strategies that will enable participants to efficiently audit and evaluate application systems development in a variety of technical environments. The course covers application development risks, how to overcome them, and what to do to meet the internal control and documentation requirements of Sarbanes Oxley and other regulations. Throughout the course, participants relate concepts, frameworks, regulations, and industry reports from organizations like the Committee of Sponsoring Organizations (COSO) Internal Control – Integrated Framework (IC-IF), ISACA’s COBIT, the Information Technology Infrastructure Library (ITIL), Payment Card Industry (PCI) Data Security Standard (DSS), International Standards Organization (ISO), the Center for Internet Security (CIS), and the Federal Information Security Modernization Act (FISMA). Other information reviewed includes guidance from the National Institute of Standards and Technology (NIST), the European Union (EU) General Data Protection Regulation (GDPR), the European Union Agency for Cybersecurity (ENISA), and SSAE 18 System and Organization Controls (SOC) reports. Participants identify key steps for compliance and develop tailored audit programs and recommendations they can use immediately. Learners focus on what they need to know, what they need to do, and when they need to do it.

Artificial Intelligence (AI) and Machine Learning (ML) have gained much attention with their promise of improving productivity and creativity. Like most technologies, they also introduce risks to organizations, so internal auditors must understand key concepts and practices so they can audit these technologies effectively.

When given a project to audit, the task may seem daunting and impossible. Many will not know where to start. Through this course, students will understand the importance of auditing capital projects and will learn tips and tricks to determine the project's risks and risk mitigation techniques. The course will be a general overview and will enable an auditor to develop an audit workflow, prioritize tasks, and understand how all the pieces of the projects fit into one another. Students will be able to have a more intelligent conversation with the project management staff, as some common terms will be defined in the course. Students will also be able to develop effective audit strategies. There are many complexities in understanding the payment process that may affect the findings discovered during the audit. Students will be walked through the chaos to better understand issues and document the correct findings amount. This course will also review some of the most common myths and misconceptions about having a contract and auditing it. Being able to understand contracts and contract risks will be discussed so that students can more effectively understand what the wording means and how a simple word can change the entire intention. Consequently, students will learn what the correct word choice should be and why the contract may not be as strong as they first imagined. Lastly, students will understand what is typically found during an audit and why the audit is important. They can bring this knowledge back to the audit committee or senior management to become a champion that will encourage further audits and to better protect the organization. There is no CPE available for this course.

When given a project to audit, the task may seem daunting and impossible. Many will not know where to start. Through this course, students will understand the importance of auditing capital projects and will learn tips and tricks to determine the project’s risks and risk mitigation techniques.

The course will be a general overview and will enable an auditor to develop an audit workflow, prioritize tasks, and understand how all the pieces of the projects fit into one another. Students will be able to have a more intelligent conversation with the project management staff, as some common terms will be defined in the course. Students will also be able to develop effective audit strategies.

There are many complexities in understanding the payment process that may affect the findings discovered during the audit. Students will be walked through the chaos to better understand issues and document the correct findings amount. This course will also review some of the most common myths and misconceptions about having a contract and auditing it. Being able to understand contracts and contract risks will be discussed so that students can more effectively understand what the wording means and how a simple word can change the entire intention. Consequently, students will learn what the correct word choice should be and why the contract may not be as strong as they first imagined. Lastly, students will understand what is typically found during an audit and why the audit is important. They can bring this knowledge back to the audit committee or senior management to become a champion that will encourage further audits and to better protect the organization.

This course provides internal auditors with a foundation for approaching an audit of company culture. Learners will be exposed to key drivers and frameworks that can help establish guidelines and parameters around the somewhat nebulous topic of culture. This course will prepare internal auditors for performing an audit of culture by first exposing them to ways in which an organization can be assessed. We will review how attitudes towards risk, organizational strategies and values, structure, communication styles, and decision-making processes all factor into assessing organizational stances of culture. We will also explore considerations that auditors should be aware of when preparing to perform an audit of culture. Learners will leave this course with a better understanding of how to factor these considerations into their audit work and execute their audit engagement. Finally, this course will illustrate how to best perform an audit of culture and share the audit report with key stakeholders to yield improved outcomes for employees and organizational leaders. There is no CPE available for this course.

This course provides internal auditors with a foundation for approaching an audit of company culture. Learners will be exposed to key drivers and frameworks that can help establish guidelines and parameters around the somewhat nebulous topic of culture. This course will prepare internal auditors for performing an audit of culture by first exposing them to ways in which an organization can be assessed.

We will review how attitudes towards risk, organizational strategies and values, structure, communication styles, and decision-making processes all factor into assessing organizational stances of culture. We will also explore considerations that auditors should be aware of when preparing to perform an audit of culture. Learners will leave this course with a better understanding of how to factor these considerations into their audit work and execute their audit engagement. Finally, this course will illustrate how to best perform an audit of culture and share the audit report with key stakeholders to yield improved outcomes for employees and organizational leaders.

This course focuses on how In-Charge Auditors lead audits. Participants will review audit program development and changes, risk assessments, setting and managing priorities, expectations, delegation, staff performance, and overall productivity, reviewing workpapers, stakeholder management, and incorporating fraud detection techniques into audit programs. The focus is on managing the dynamics of an audit and applying project management principles to increase the effectiveness of the engagement.

This course focuses on how In-Charge Auditors lead audits. Participants will review audit program development and changes, risk assessments, setting and managing priorities, expectations, delegation, staff performance, and overall productivity, reviewing workpapers, stakeholder management, and incorporating fraud detection techniques into audit programs. The focus is on managing the dynamics of an audit and applying project management principles to increase the effectiveness of the engagement.

In-Charge auditors play a vital role leading audits to success. They must plan, guide the team during fieldwork, coordinate the communication of results, direct the preparation of workpapers and provide performance guidance to team members. They need to balance their own and the team’s hard and soft skills often under challenging conditions.

Topics covered include the Triple Constraints, the five phases of project management, the three S’s of planning, the why and how of monitoring and control, and what to do when projects fall behind. It also covers types of audit teams, key factors for successful audit project management, key factors to set and manage time estimates, common workflow planning issues, and project management techniques.

In-Charge auditors play a vital role leading audits to success. Topics covered include the quality of communications, how to make meetings more effective, techniques for the executive summary and preparing recommendations, guidelines for issuing more timely reports, closing conference strategies, and marketing the internal audit function.

In-Charge auditors play a vital role leading audits to success. They must plan, guide the team during fieldwork, coordinate the communication of results, direct the preparation of workpapers and provide performance guidance to team members. They need to balance their own and the team’s hard and soft skills often under challenging conditions.

Topics covered include the Fraud Triangle and Hexagon, the impact of SOX in addressing fraud, areas of fraud occurrence, fraud red flags, techniques for preventing and detecting fraud, and what to do when you suspect fraud.

In-Charge auditors play a vital role leading audits to success. They must plan, guide the team during fieldwork, coordinate the communication of results, direct the preparation of workpapers and provide performance guidance to team members. They need to balance their own and the team’s hard and soft skills often under challenging conditions.

Topics covered include improving productivity, and ways to improve productivity during planning, fieldwork and reporting.

In-Charge auditors play a vital role leading audits to success. They must plan, guide the team during fieldwork, coordinate the communication of results, direct the preparation of workpapers and provide performance guidance to team members. They need to balance their own and the team’s hard and soft skills often under challenging conditions.

Topics covered include preliminary fieldwork and program development, operational vs. financial auditing, fieldwork methodology tools, and data analysis. It also covers risk assessment strategies and effectiveness, and the internal audit role in Enterprise Risk Management (ERM).

This course focuses on how In-Charge Auditors lead audits. Participants will review audit program development and changes, risk assessments, setting and managing priorities, expectations, delegation, staff performance, and overall productivity, reviewing workpapers, stakeholder management, and incorporating fraud detection techniques into audit programs. The focus is on managing the dynamics of an audit and applying project management principles to increase the effectiveness of the engagement.

Topics covered include audit concepts, the changing control environment, hard and soft controls, changes since Sarbanes-Oxley was implemented, and steps in the audit process. This course also covers Governance, Risk and Compliance (GRC), key governance events and frameworks, the important role of the in-charge, workpaper quality, and performance evaluations.

This course provides an overview of the Enterprise Risk Management (ERM) process and all the underlying elements of ERM, including risk appetite, governance, and roles and responsibilities. The course includes the attributes that make an ERM process effective, such as addressing black swans, using risk-driven metrics, and linking ERM with the organization’s strategy. Most of the course will involve methods for auditing the ERM process by assessing the process according to the COSO framework, comprising five components and twenty principles. The course also includes ISO 31000, a summary of key highlights, and a comparison of the commonalities and differences between the ISO risk management framework and the COSO risk management framework. The course also covers the application of concepts using examples, case studies, exercises, and ERM reporting to various stakeholders.

This course provides an overview of the Enterprise Risk Management (ERM) process and all the underlying elements of ERM, including risk appetite, governance, and roles and responsibilities. The course includes the attributes that make an ERM process effective, such as addressing black swans, using risk-driven metrics, and linking ERM with the organization’s strategy. Most of the course will involve methods for auditing the ERM process by assessing the process according to the COSO framework, comprising five components and twenty principles.

The course also includes ISO 31000, a summary of key highlights, and a comparison of the commonalities and differences between the ISO risk management framework and the COSO risk management framework. The course also covers the application of concepts using examples, case studies, exercises, and ERM reporting to various stakeholders.

Internal auditors face many challenges and encounter many scenarios that challenge their understanding and applicability of ethical guidelines. Through vignettes, this course explores business scenarios and helps auditors learn how to better navigate ethical dilemmas. 1 CPE Credit.

This course provides an overview of the key components of an effective corporate culture as a promoter of ethical conduct, ways employees can help prevent fraud by being observant, and the benefits of whistleblowing programs, as mechanisms to capture instances of unethical conduct.

A successful audit requires effective audit planning, execution, and wrap up. This course is Part 6 of the Better, Faster, Cheaper: Streamlining Your Internal Audit course series.

Topics covered include analyzing audit quality requirements and managing fieldwork.

CPE: 4

A successful audit requires effective audit planning, execution, and wrap up. This course is Part 4 of the Better, Faster, Cheaper: Streamlining Your Internal Audit course series.

Topics covered include iteration, redefining the scope, and performance measures.

CPE: 3

A successful audit requires effective audit planning, execution, and wrap up. This course is Part 5 of the Better, Faster, Cheaper: Streamlining Your Internal Audit course series.

Topics covered include managing oneself and the team.

CPE: 2.5

A successful audit requires effective audit planning, execution, and wrap up. This course is Part 2 of the Better, Faster, Cheaper: Streamlining Your Internal Audit course series.

CPE: 4.5

An effective audit will produce the desired or intended result. It is built on a broad and deep assessment of an area, process, or system. It “begins with the end in mind” and creates a meaningful plan an auditor or audit team will follow. An efficient audit is one where we work productively with minimum wasted effort or expense. Audit leadership sets in motion themes and expectations based on risk assessment and communication with stakeholders inside and outside internal audit. Effective auditing means having a firm grasp of the scope, budget, resources, personnel, and timeline dedicated to a project. Auditors need to be able to manage unplanned issues while moving forward on audit goals and tasks in progress. An efficient audit requires focus and discipline to stay the course.

This course explains and provides examples of who, what, why, and how to structure and manage a more in-depth and meaningful process and produce great results for both the client and auditor.

This course focuses on the triple threat of infrastructure, schedules and resources, adopting agile principles, drawing outlines of the audit project, project roles, the elements of skill and will, communication protocols, and first phase cornerstones.

CPE: 4

A successful audit requires effective audit planning, execution, and wrap up. This course is Part 3 of the Better, Faster, Cheaper: Streamlining Your Internal Audit course series.

Topics covered include risk assessment, control objectives and control activities.

CPE: 2.5

A successful audit requires effective audit planning, execution, and wrap up. This course is Part 7 of the Better, Faster, Cheaper: Streamlining Your Internal Audit course series.

CPE: 3.5

An effective audit will produce the desired or intended result. It is built on a broad and deep assessment of an area, process, or system. It “begins with the end in mind” and creates a meaningful plan an auditor or audit team will follow. An efficient audit is one where we work productively with minimum wasted effort or expense. Audit leadership sets in motion themes and expectations based on risk assessment and communication with stakeholders inside and outside internal audit.

Effective auditing means having a firm grasp of the scope, budget, resources, personnel, and timeline dedicated to a project. Auditors need to be able to manage unplanned issues while moving forward on audit goals and tasks in progress. An efficient audit requires focus and discipline to stay the course. This course explains and provides examples of who, what, why, and how to structure and manage a more in-depth and meaningful process and produce great results for both the client and auditor.

An effective audit will produce the desired or intended result. It is built on a broad and deep assessment of an area, process, or system. It “begins with the end in mind” and creates a meaningful plan an auditor or audit team will follow. An efficient audit is one where we work productively with minimum wasted effort or expense. Audit leadership sets in motion themes and expectations based on risk assessment and communication with stakeholders inside and outside internal audit.

Effective auditing means having a firm grasp of the scope, budget, resources, personnel, and timeline dedicated to a project. Auditors need to be able to manage unplanned issues while moving forward on audit goals and tasks in progress. An efficient audit requires focus and discipline to stay the course. This course explains and provides examples of who, what, why, and how to structure and manage a more in-depth and meaningful process and produce great results for both the client and auditor.

This course will help you understand the requirements for passing ISACA's Certified Information Systems Auditor exam. The course is based on the five domains outlined by ISACA and gives you tools to research and study in your certification journey.

This course is designed to prepare IT professionals for the CISSP certification exam and expand their knowledge and understanding of information security concepts and practices. You'll delve into essential domains including Security and Risk Management, Asset Security, Security Architecture, and Engineering, among others. Whether you're understanding secure communication channels, exploring identity management systems, or getting insights into secure software development, this course aligns with the latest CISSP curriculum to ensure you get the knowledge you need, not just to pass the exam, but also to excel in your career.

This course reviews the COBIT® 2019 Framework and focuses on how this globally recognized framework can be used to evaluate IT activities’ effectiveness. It explores the significant changes incorporated in the newest release that can be used in executing IT audits. It covers how to use COBIT® 2019 in conjunction with other internationally recognized standards and frameworks.

Participants will be exposed to examples using COBIT® 2019 to plan and execute audits for IT governance, risk management, security management, and business continuity. As a result of these exercises, participants will better understand how to use COBIT 2019 to provide a comprehensive and effective audit approach.

The ISACA Certified in Risk and Information Systems Control certification is one of the top risk management certifications in the world. This course will help prepare you to be acknowledged as a Risk Management expert. Taking a proactive approach based on Agile methodology, you’ll learn how to enhance your company’s business resilience, deliver stakeholder value and optimize Risk Management across the enterprise. This course covers areas of risk governance, policies and controls. You will also learn and understand the risk management lifecycle with a focus on IT systems security and control.

The Certified Information Security Manager certification course is designed for those individuals seeking to enhance their skills and be recognized for their expertise in Information Security Management. The course promotes the best in security practices from around the world and identifies the individual’s knowledge and expertise in this area. The course is intended for individuals seeking to demonstrate mastery of security management skills in a global environment and prepare them for roles in advanced security management. The material contained covers all four of the Domains and associated Task and Knowledge Statements to adequately prepare the individual for passing the CISM exam.

The Certified Information Systems Security Professional (CISSP) certification is the gold standard in the IT Security field. Security professionals that have achieved their CISSP designation are regarded as some of the most talented and knowledgeable people in their field. The certification demonstrates that the holder has been working in IT Security for over five years, has a broad range of knowledge in ten domains related to creating, supporting and maintaining a secure IT infrastructure and can implement things like risk management and risk identification.

This course expands upon your knowledge of Security by addressing essential elements of the eight domains that comprise a Common Body of Knowledge (CBK)® for information systems security professionals. It offers a job-related approach to the security process, while providing a framework to prepare for the newly updated CISSP certification released in May 2021, which is the premier certification for information systems security professionals.

Cloud computing provides convenient on-demand network access that helps organizations achieve strategic and operational objectives cost-effectively. However, cloud computing also introduces risks and other challenges that need to be managed effectively.

Cloud computing provides organizations broad access to computing resources by reducing overhead, improving performance and efficiency, facilitating collaboration, and enhancing productivity. However, cloud computing also creates challenges and introduces risks that must be managed and audited to provide reasonable assurance to key stakeholders. This course covers cloud service and deployment models, key vendor considerations and the impact on strategic and operational practices, software development, business continuity (BC) and disaster recovery (DR), cloud migration, application programming interfaces (APIs), and cloud security. There is ample coverage of key risks, controls, and best practices related to contracts, software development trends, containers, Zero-Trust, and cyber liability. Throughout the course, participants connect concepts, frameworks, regulations, and industry reports from organizations like the Cloud Security Alliance (CSA), the Federal Financial Institutions Examination Council (FFIEC), FedRamp, the Center for Internet Security (CIS) Critical Security Controls, the National Institute of Standards and Technology (NIST), Gartner, Forrester and others to risk management and audit practices, developing tailored audit programs they can use immediately.

As auditors, communication is an integral soft skill that must be honed. This course is intended to provide internal auditors of all experience levels with the tools and techniques used to improve communication and identify communication missteps. We will begin with an overview of communication channels, styles, and their purpose. With this foundation, we will determine which channel is most appropriate given different situations — a discerning communicator is an effective communicator! It is vital that auditors familiarize themselves with the array of communication tools they have at their disposal. This course will review these tools and provide learners with guidance as to when and how to use them effectively. By learning to become agile and adaptable, learners can become more tactical and specific in their communication strategies. There is no CPE available for this course.

As auditors, communication is an integral soft skill that must be honed. This course is intended to provide internal auditors of all experience levels with the tools and techniques used to improve communication and identify communication missteps. We will begin with an overview of communication channels, styles, and their purpose. With this foundation, we will determine which channel is most appropriate given different situations — a discerning communicator is an effective communicator! It is vital that auditors familiarize themselves with the array of communication tools they have at their disposal. This course will review these tools and provide learners with guidance as to when and how to use them effectively. By learning to become agile and adaptable, learners can become more tactical and specific in their communication strategies.

This course covers cybersecurity risks, control design and protection measures, cybersecurity program execution, warning signs, audit, and investigative techniques.

This course covers cybersecurity risks, control design and protection measures, cybersecurity program execution, warning signs, audit, and investigative techniques.

Organizations need to establish robust cybersecurity programs to address risks to organizational infrastructure and data from cyberattacks through effective control design, the establishment of protection measures, the identification of warning signs, and investigative techniques. They also need to establish compliance with industry standards and regulatory requirements. This course will help you support your organization’s cybersecurity objectives.

Topics covered include asset identification and inventory, third-party management, business impact assessment, configuration management, and change control.

CPE: 2

Organizations need to establish robust cybersecurity programs to address risks to organizational infrastructure and data from cyberattacks through effective control design, the establishment of protection measures, the identification of warning signs, and investigative techniques. They also need to establish compliance with industry standards and regulatory requirements. This course will help you support your organization’s cybersecurity objectives.

Topics covered include collecting and organizing cybersecurity evidence, NIST reporting requirements, prioritizing risks, and influencing decisions.

CPE: 2

The Cybersecurity Audit School: Auditing Cybersecurity course provides a structured approach to evaluating and auditing cybersecurity controls within an organization. Participants will gain critical insights into audit methodologies, assessment techniques, and security frameworks to ensure compliance, identify vulnerabilities, and strengthen cyber resilience.

Topics covered include the auditor’s and the CISO’s roles, audit scope, building the audit plan, and cybersecurity evaluation methods. It also includes vulnerability assessments, scanning and testing, penetration testing, security maturity models, auditing using various security frameworks and standards like NIST, PCI DSS, and ISO.

CPE: 6.5

Today’s auditor needs to know more than just the terms and concepts regarding cybersecurity. They need to understand what controls are needed, why they are important, where the controls should be positioned, and how to perform substantive tests to assess the control’s reasonable effectiveness specifically related to cybersecurity. This class will explore cybersecurity through a series of lecture segments and related scenarios based on actual events designed to reinforce the attendee’s knowledge of effective control design, execution, warning signs, and investigative techniques. By the end of the session, attendees will be armed with additional knowledge of how to implement and assess controls and how, as auditors, they can be valued players in their organization’s “Cyber Defense Team.”

Organizations need to establish robust cybersecurity programs to address risks to organizational infrastructure and data from cyberattacks through effective control design, the establishment of protection measures, the identification of warning signs, and investigative techniques. They also need to establish compliance with industry standards and regulatory requirements. This course will help you support your organization’s cybersecurity objectives.

This course provides an overview, and covers the foundational aspects of cybersecurity, including terminology, key historical events, human and technical types of attacks, cybersecurity frameworks, governance, security policies, threat analysis, risk management.

CPE: 7

The Cybersecurity Audit School: Cybersecurity Protection Techniques course provides a comprehensive foundation in key cybersecurity practices and audit methodologies to safeguard digital assets and infrastructure. Participants will explore fundamental and advanced security principles, focusing on risk mitigation strategies, access controls, and security compliance measures.

Topics covered include identity and access management, authentication and authorization, vulnerability and patch management, security awareness, and physical and personnel security. It also covers network defenses and security access controls, endpoint security configuration and security protection, and application, cloud and virtualization security.

CPE: 8.5

Organizations need to establish robust cybersecurity programs to address risks to organizational infrastructure and data from cyberattacks through effective control design, the establishment of protection measures, the identification of warning signs, and investigative techniques. They also need to establish compliance with industry standards and regulatory requirements. This course will help you support your organization’s cybersecurity objectives.

Topics covered include encryption concepts, cryptographic algorithms, public key infrastructure, data privacy controls, and methods for securing data.

CPE: 3

The Cybersecurity Audit School: Event Detection, Incident Response, and Recovery course provides essential knowledge and practical skills to identify, respond to, and recover from cybersecurity incidents. Participants will explore strategies for proactive threat detection, structured incident response, forensic investigations, and effective system recovery to ensure business continuity.

Topics covered include logging, monitoring and alerting, incident response (IR) planning and testing, digital forensics, recovering systems, and business continuity and recovery.

CPE: 3

This course will teach learners how to protect their organization's data and systems from cyber threats. These threats can come in the form of viruses, malware, phishing attacks, and other types of online attacks. This course will introduce learners to cybersecurity - what it is and why it is important. Overall, cybersecurity workplace training is designed to help employees understand the importance of protecting their organization's data and systems and give them the knowledge and skills they need to do so effectively. This course will also inform learners about the various threats and vulnerabilities that exist within workplace ecosystems and best practices with respect to cybersecurity and incident response. Finally, this course will touch on regulatory compliance and ways in which audits of cybersecurity workplace training can influence and strengthen awareness programs.

This course will provide Internal Auditors with foundational and practical knowledge of data analytics and mining. This course is designed to differentiate these two concepts while providing auditors with tools to increase audit effectiveness. This course covers data mining techniques, maximizing data, data methodologies, and trend analysis. Participants will also identify ways to improve their continuous audit process and enhance outcome reporting through dashboard visualizations.

This course will provide Internal Auditors with foundational and practical knowledge of data analytics and mining. This course is designed to differentiate these two concepts while providing auditors with tools to increase audit effectiveness. This course covers data mining techniques, maximizing data, data methodologies, and trend analysis. Participants will also identify ways to improve their continuous audit process and enhance outcome reporting through dashboard visualizations.

Data mining and data analytics have become essential for internal auditing success. As the number and sophistication of tools increases, and organizations collect increasing amounts of data, auditors have a wide range of options to improve their risk assessment, planning, fieldwork, and reporting activities.

Topics covered include pivot tables, Poisson distribution, binomial distribution, linear regression, moving averages, pivotal points of change analysis, measures of dispersion, mean dispersion analysis, and several demonstrations.

Data mining and data analytics have become essential for internal auditing success. As the number and sophistication of tools increases, and organizations collect increasing amounts of data, auditors have a wide range of options to improve their risk assessment, planning, fieldwork, and reporting activities.

Topics covered include correlation analysis, concentration testing, data patterns and fraud factors, Beneish M score calculator, and keyword searches for manual journal entries. It also covers duplicate transactions, horizontal and vertical analysis, compliance testing, and several demonstrations including compliance, operational and financial audit tests using Excel functions.

Data mining and data analytics have become essential for internal auditing success. As the number and sophistication of tools increases, and organizations collect increasing amounts of data, auditors have a wide range of options to improve their risk assessment, planning, fieldwork, and reporting activities.

Topics covered include embedded audit routines, Excel templates, triggers and thresholds, audience analysis, dashboard planning, data cleaning, applying functions to testing for dashboards, consolidating data techniques, visual-centric audit reporting, and future improvements and innovations.

This course will provide Internal Auditors with foundational and practical knowledge of data analytics and mining. This course is designed to differentiate these two concepts while providing auditors with tools to increase audit effectiveness. This course covers data mining techniques, maximizing data, data methodologies, and trend analysis. Participants will also identify ways to improve their continuous audit process and enhance outcome reporting through dashboard visualizations.

Topics covered include data mining, data analysis, exploratory analysis, continuous auditing, enhancing the audit plan with analytics, risk assessment procedures, data testing procedures, and multi-purpose tools.

Organizations are increasingly adopting Development Security Operations (DevSecOps) as an evolutionary extension of Agile principles.

DevSecOps emphasizes communication and collaboration between development, security, and IT operations, building on Agile and Lean thinking to provide technology faster, with greater stability, quality, scalability, and security. The “Dev” side incorporates developers, front-end designers, and quality assurance. The “Ops” area brings in system administrators and support teams responsible for the product after it’s moved to production. The “Sec” area covers all the cybersecurity professionals responsible for system control, compliance, and secure applications.

This course covers tools used to automate historically manual tasks like code quality checks, execution of test scripts, deployments, and the impact on traditional controls, such as Separation of Duties. It also covers the human-centric aspects of the process and the related risks that should be considered.

This course examines the DevSecOps methodology, how and where auditors can find their footing, best practices that need to be at the forefront of business leaders’ minds, and the key shifts in mindset that must occur for a seamless transition from manual transactions to automated process flows.

Organizations are increasingly adopting Development Security Operations (DevSecOps) as an evolutionary extension of Agile principles.

DevSecOps emphasizes communication and collaboration between development, security, and IT operations, building on Agile and Lean thinking to provide technology faster, with greater stability, quality, scalability, and security. The “Dev” side incorporates developers, front-end designers, and quality assurance. The “Ops” area brings in system administrators and support teams responsible for the product after it’s moved to production. The “Sec” area covers all the cybersecurity professionals responsible for system control, compliance, and secure applications.

This course covers tools used to automate historically manual tasks like code quality checks, execution of test scripts, deployments, and the impact on traditional controls, such as Separation of Duties. It also covers the human-centric aspects of the process and the related risks that should be considered.

This course examines the DevSecOps methodology, how and where auditors can find their footing, best practices that need to be at the forefront of business leaders’ minds, and the key shifts in mindset that must occur for a seamless transition from manual transactions to automated process flows.

The course will prepare participants for developing the Internal Audit plan. Participants will assess applicable auditing standards for planning requirements while developing the technical and soft skills required to document and communicate the audit plan to clients and stakeholders. Participants will develop the skills necessary to identify internal, external, and industry risks.

This course will focus on teaching participants how to assess resource requirements, identify potential audit projects, and align audit work to organizational risks. This course will prepare participants to build an audit plan aligned with organizational risks and communicate the plan and subsequent updates to stakeholders.

The course will prepare participants for developing the Internal Audit plan. Participants will assess applicable auditing standards for planning requirements while developing the technical and soft skills required to document and communicate the audit plan to clients and stakeholders. Participants will develop the skills necessary to identify internal, external, and industry risks.

This course will focus on teaching participants how to assess resource requirements, identify potential audit projects, and align audit work to organizational risks. This course will prepare participants to build an audit plan aligned with organizational risks and communicate the plan and subsequent updates to stakeholders.

This course focuses on promoting diversity in the workplace. This course provides a comprehensive overview of how to integrate and safeguard elements such as gender, generational and cultural differences, racial equity, sexual orientation, religious diversity, and ethnic differences within the working environment. Our aim is to foster a respectful, inclusive, and harmonious workplace culture for all. Upon successful completion of the course, participants will earn 2 CPE credits.

This course will provide business professionals with a historical background on how these Environmental, Social, and Governance (ESG) factors evolved and how they play an important part in a company’s current financial reporting and corporate disclosures. We will look at the current landscape of recommended ESG reporting standards outlined by various organizations and how you can leverage them to create your own set of policies and controls for ESC reporting and disclosures. Finally, we will also look at ESG from an investor’s and consumer’s perspective and give an overview of how companies are positioning their ESG reporting in alignment with their investments, interests, and values.

This instructor-led course will provide business professionals with a historical background on how these Environmental, Social, and Governance (ESG) factors evolved and how they play an important part in a company’s current financial reporting and corporate disclosures. We will look at the current landscape of recommended ESG reporting standards outlined by various organizations and how you can leverage them to create your own set of policies and controls for ESC reporting and disclosures. Finally, we will also look at ESG from an investor’s and consumer’s perspective and give an overview of how companies are positioning their ESG reporting in alignment with their investments, interests, and values.

Whistleblowing programs require more than a toll-free number to be effective. This course describes the key design and operating practices that make a whistleblowing program an effective component of your organization's ethics infrastructure. 1 CPE Credit

This course shows how to build teamwork, communicate effectively, deal with difficult people, anticipate misunderstandings, enhance your emotional intelligence, ways to leverage critical thinking in decision-making, enable change, and work effectively with others. This course also introduces tools to improve your audit projects and time management and provides best practices for building a team that works cohesively towards the same end goal.

Artificial Intelligence promises to usher in an era of enhanced productivity. It has also shown there are ethical considerations that users, organizations, and society at large should consider. This course examines the ethical implications of Artificial Intelligence, the effects it is causing to society, and how internal auditors can help their clients establish ethical boundaries that guide its development and use.

This course provides an overview of the key ethical and professional responsibilities of expert witnesses.

This course provides an overview of key elements to prevent unethical conduct in organizations, focusing on ethics training, antifraud programs, and how to assess the ethical dynamics in an organization.

Internal auditors must act ethically while reviewing and making recommendations to improve the structures and processes that promote appropriate ethics within their organizations. To do this, they must understand the principles and practices that drive ethical decision-making, the roles that various parties play setting expectations, monitoring results, rewarding compliance, and correcting deviations. All organizations are under pressure to meet business objectives while managing the variety of ethical views of their diverse stakeholders.

This course provides a solid foundation on the values, organizational structures, roles, responsibilities, and best practices driving ethical conduct in a complex and rapidly changing world, how organizations create capacity to address new scenarios, and how internal auditors can meet their mandate to evaluate the design, implementation, and effectiveness of ethics-related objectives, programs, and processes.

Internal auditors must act ethically while reviewing and making recommendations to improve the structures and processes that promote appropriate ethics within their organizations. To do this, they must understand the principles and practices that drive ethical decision-making, the roles that various parties play setting expectations, monitoring results, rewarding compliance, and correcting deviations. All organizations are under pressure to meet business objectives while managing the variety of ethical views of their diverse stakeholders.

This course provides a solid foundation on the values, organizational structures, roles, responsibilities, and best practices driving ethical conduct in a complex and rapidly changing world, how organizations create capacity to address new scenarios, and how internal auditors can meet their mandate to evaluate the design, implementation, and effectiveness of ethics-related objectives, programs, and processes.

This course provides a review of ethical concerns related to the adoption and use of Artificial Intelligence (AI) by audit clients and within internal audit departments.

CPE: 2

This course provides an overview of forensic auditor duties and responsibilities applicable to various engagements in civil and criminal cases. It includes practical tools for the participant to identify applicable standards of performance, determine whether they can accept the case, and perform the engagement according to the requirements of the profession.

The course explains the strategy of planning and performing a forensic audit examination, inclusive of staffing and budgeting, and engagement letter requirements. It reviews the evidence types, approaches to gathering and evaluating evidence, and best techniques for interviewing relevant parties. This course covers report writing and case presentations for internal and external use and will provide advice on testifying as an expert witness in a civil or criminal case.

This course provides an overview of forensic auditor duties and responsibilities applicable to various engagements in civil and criminal cases. It includes practical tools for the participant to identify applicable standards of performance, determine whether they can accept the case, and perform the engagement according to the requirements of the profession.

The course explains the strategy of planning and performing a forensic audit examination, inclusive of staffing and budgeting, and engagement letter requirements. It reviews the evidence types, approaches to gathering and evaluating evidence, and best techniques for interviewing relevant parties. This course covers report writing and case presentations for internal and external use and will provide advice on testifying as an expert witness in a civil or criminal case.

This course provides audit practitioners a comprehensive understanding of the types of fraud affecting organizations and shows proven techniques for preventing and detecting fraud.

This course provides audit practitioners a comprehensive understanding of the types of fraud affecting organizations and shows proven techniques for preventing and detecting fraud.

Fraud data analytics (FDA) is the process that allows the auditor/investigator to evaluate the entire set of data to identify fraud red flags, which are related to a specific fraud scenario; they will then alert the auditor/investigator to focus on certain transactions and areas to review controls, conduct interviews, and examine source documents to determine whether a fraud scheme is occurring or there is simply an error or mistake. Thus, fraud data analytics aims not to identify fraud but rather to identify red flags that would assist the auditor/investigator generate a sample of transactions to examine further in detail. Fraud data analytics does not replace the “old fashion” audit and investigative procedures of gathering relevant and sufficient evidence to conclude whether a fraud scheme has been perpetrated.

Fraud data analytics (FDA) is the process that allows the auditor/investigator to evaluate the entire set of data to identify fraud red flags, which are related to a specific fraud scenario; they will then alert the auditor/investigator to focus on certain transactions and areas to review controls, conduct interviews, and examine source documents to determine whether a fraud scheme is occurring or there is simply an error or mistake. Thus, fraud data analytics aims not to identify fraud but rather to identify red flags that would assist the auditor/investigator generate a sample of transactions to examine further in detail. Fraud data analytics does not replace the “old fashion” audit and investigative procedures of gathering relevant and sufficient evidence to conclude whether a fraud scheme has been perpetrated.

Fraud data analytics is an effective tool to identify anomalies in large data sets and it enables auditors to identify red flags for further investigation. By applying an investigative approach that pairs transactions with additional evidence, auditors can help their organizations detect anomalies before errors or fraud become larger.

Topics covered include schemes, associated red flags, fraud data analytics test design, interpreting test results, and follow-up for accounts payable and disbursement, shell companies, and procurement.

Fraud data analytics is an effective tool to identify anomalies in large data sets and it enables auditors to identify red flags for further investigation. By applying an investigative approach that pairs transactions with additional evidence, auditors can help their organizations detect anomalies before errors or fraud become larger.

Topics covered include schemes and associated red flags committed by a company, fraud data analytics test design, interpreting test results and follow-up for anti-bribery and corruption (ABC), financial statements and journal entries.

The Innovation for Internal Auditors: Improving Agility and Embracing Innovation course empowers auditors with forward-thinking methodologies and emerging technologies to enhance audit effectiveness. Participants will explore agile auditing principles, process improvement techniques, and cutting-edge technologies such as robotic process automation (RPA), artificial intelligence (AI), and machine learning (ML) to drive innovation in internal auditing.

Topics covered include soft skills development for auditors, privacy concerns, team structure, navigating difficult conversations, analyzing and presenting findings, and quantifying the value of fraud data analytics.

Fraud data analytics is the process that allows the auditor/investigator to evaluate the entire set of data to identify fraud red flags, which are related to a specific fraud scenario; they will then alert the auditor/investigator to focus on certain transactions and areas to review controls, conduct interviews, and examine source documents to determine whether a fraud scheme is occurring or there is simply an error or mistake. Thus, fraud data analytics aims not to identify fraud but rather to identify red flags that would assist the auditor/investigator generate a sample of transactions to examine further in detail. Fraud data analytics does not replace the “old fashion” audit and investigative procedures of gathering relevant and sufficient evidence to conclude whether a fraud scheme has been perpetrated.

Topics covered include an overview of fraud, fraud schemes and red flags, the fraud data analytics team, tools and resources, and general testing methodologies. This course also includes the fraud risk assessment, the fraud risk assessment ratings and response, fraud data analytics development, data sources, challenges in using data analytics, and mitigating skill gaps with tools.

Fraud data analytics is an effective tool to identify anomalies in large data sets and it enables auditors to identify red flags for further investigation. By applying an investigative approach that pairs transactions with additional evidence, auditors can help their organizations detect anomalies before errors or fraud become larger.

Topics covered include schemes, associated red flags, fraud data analytics test design, interpreting test results, and follow-up for travel and entertainment, payroll, credit cards and purchasing cards.

This course provides techniques to prevent and mitigate fraud within core business systems. After defining fraud and establishing the universal scope of the problem fraud presents to organizations worldwide, participants will explore the major schemes used to defraud organizations and individuals. In addition, understanding the psychology and motivations of fraudsters will help participants understand and develop strategies for prevention and detection.

This course covers how to create fraud risk statements, assess fraud risk, and create the right internal controls for your organization. By understanding the fraud risk universe facing organizations and the natural vulnerabilities that exist in their internal controls, participants will be better able to design fraud prevention, detection, and deterrence controls. There is also coverage of fraud analysis and investigations.

Other topics covered include techniques of fraud risk assessment, continuous monitoring, and key internal controls. Armed with a thorough understanding of how fraud occurs in disbursements, procurement, and payroll, participants will leave this course prepared with the knowledge needed to create an effective anti-fraud internal control environment.

This instructor-led course provides techniques to prevent and mitigate fraud within core business systems. After defining fraud and establishing the universal scope of the problem fraud presents to organizations worldwide, participants will explore the major schemes used to defraud organizations and individuals. In addition, understanding the psychology and motivations of fraudsters will help participants understand and develop strategies for prevention and detection.

This course covers how to create fraud risk statements, assess fraud risk, and create the right internal controls for your organization. By understanding the fraud risk universe facing organizations and the natural vulnerabilities that exist in their internal controls, participants will be better able to design fraud prevention, detection, and deterrence controls. There is also coverage of fraud analysis and investigations.

Other topics covered include techniques of fraud risk assessment, continuous monitoring, and key internal controls. Armed with a thorough understanding of how fraud occurs in disbursements, procurement, and payroll, participants will leave this course prepared with the knowledge needed to create an effective anti-fraud internal control environment.

This course provides an introduction to software automation technologies and key considerations for organizations getting started on their automation journeys. Key areas covered include different types of process automation from industrial, to IT (DevOPs) and digital transformation made possible through robotic process automation (RPA) and cognitive automation using artificial intelligence (AI). The course discusses the role Business Process Management (BPM), process workflows and governance play when considering these technologies and how to implement and assess them.

In this course, participants will learn traditional and operational auditing concepts, gaining proven tools and techniques for performing effective audits. This course provides insights for conducting internal audits effectively from the initial risk assessment through planning, fieldwork, and reporting. It covers key techniques like flowcharting, preparing risk-control matrices, documenting issues, and writing narratives.

In this instructor-led course, participants will learn traditional and operational auditing concepts, gaining proven tools and techniques for performing effective audits. This course provides insights for conducting internal audits effectively from the initial risk assessment through planning, fieldwork, and reporting. It covers key techniques like flowcharting, preparing risk-control matrices, documenting issues, and writing narratives.

GRC helps organizations make better, risk-aware decisions, and supports the goal of effective management, leadership, performance, and compliance. This course is Part 2 of the Governance, Risk, and Compliance course series.

Topics covered include the characteristics of an effective GRC program, the meaning of principled performance, and the elements of effective governance, risk management and compliance.

GRC helps organizations make better, risk-aware decisions, and supports the goal of effective management, leadership, performance, and compliance. This course is Part 3 of the Governance, Risk, and Compliance course series.

Topics covered include the internal and external context, culture, stakeholders, objectives, identification, assessment, and design.

This course provides a roadmap to develop, implement and sustain an integrated GRC infrastructure to help participants implement and maintain a GRC framework. Many organizations have implemented selected components of a GRC framework, but the challenge remains to integrate the disparate components. Those attending this course will examine ways of building, sustaining, and reviewing GRC programs.

This course focuses on the role of internal audit in governance, key steps pre-GRC implementation, and a review of the components and principles of the COSO Internal Control-Integrated Framework (IC-IF), and the COSO Enterprise Risk Management Framework (ERM).

GRC helps organizations make better, risk-aware decisions, and supports the goal of effective management, leadership, performance, and compliance. This course is Part 4 of the Governance, Risk, and Compliance course series.

Topics covered include controls, policies, communication, education, incentives, notification, inquiry and response.

GRC helps organizations make better, risk-aware decisions, and supports the goal of effective management, leadership, performance, and compliance. This course is Part 5 of the Governance, Risk, and Compliance course series.

Topics covered include monitoring, assurance, improvement, alignment of frameworks, GRC technologies, and resources.

This course provides a roadmap to develop, implement and sustain an integrated GRC infrastructure to help participants implement and maintain a GRC framework. Many organizations have implemented selected components of a GRC framework, but the challenge remains to integrate the disparate components. Those attending this course will examine ways of building, sustaining, and reviewing GRC programs.

This course provides a roadmap to develop, implement and sustain an integrated GRC infrastructure to help participants implement and maintain a GRC framework. Many organizations have implemented selected components of a GRC framework, but the challenge remains to integrate the disparate components. Those attending this course will examine ways of building, sustaining, and reviewing GRC programs.

This course covers leadership techniques that enhance the role of leaders, improve the performance of the audit team, and boost its profile in the organization. It looks at the participants’ skills and helps them master strategies that allow them to leverage their audit knowledge with proven tactics that will inspire and motivate the staff.

It covers the essential practices of sound audit leadership, including modern goal-setting methods, effective coaching, establishing hiring practices that will attract the best people, leading a productive team and departmental meetings, and mastering the art of persuasion. Participants will gain insights into oral and written communication skills and new ways to help the team members reach their highest potential.

ISO/IEC 27001 is an international standard that provides a framework for Information Security Management Systems (ISMS) to help organizations secure their information assets. It sets out the criteria for establishing, implementing, maintaining, and continually improving an ISMS, and includes aspects such as risk management, security controls, and compliance. This standard is important for organizations as it helps in protecting sensitive information, managing risk effectively, and building trust with stakeholders by demonstrating security best practices. This course provides a foundational overview of the ISO/IEC 27001 standard and what an organization would need to plan, execute and maintain an ISO/IEC 27001 certification. This course also provides a brief overview of some of the changes from the 2018 version to the 2022 version.

This course is for Financial, Operational, Business, and new IT Auditors and provides an in-depth review of the risks and controls of auditing IT and business application systems. Participants will learn about the database, network, business application, transaction risks and controls, end-user computing, assessing control ownership, and how to document and test inputs, processes, outputs, master files, and interfaces.

This course is designed for financial, operational, business, and new IT auditors to provide a solid introduction to the risks and controls necessary to audit IT department functions and the underlying technologies. We will cover the basic concepts of information technology to help auditors understand the IT impact on business. We will explore such IT areas as operating systems, networks, database management systems, and application systems. Supporting IT general controls, such as logical and physical access, help desk, system development, change management, and disaster recovery planning will also be covered. We will introduce a top-down, risk-based approach to auditing business applications and ensuring that their supporting infrastructure is considered in the audit process. Learners will leave this intensive seminar with a solid foundation in information technology basics as they apply to IT risks, audit, information security, and business application systems.

All auditors need some familiarity with computer systems since virtually every type of audit will involve IT during the planning, fieldwork or reporting phases. This awareness includes understanding systems and related processes, risks, controls, how to document IT assets and activities, and ways to test inputs, processes, and outputs.

Topics covered include audit risk assessment, audit scoping, general controls, technical and integrated audits.

All auditors need some familiarity with computer systems since virtually every type of audit will involve IT during the planning, fieldwork or reporting phases. This awareness includes understanding systems and related processes, risks, controls, how to document IT assets and activities, and ways to test inputs, processes, and outputs.

Topics covered include key definitions, usage and controls related to the Internet of Things (IoT), database types, database terminology, Structured Query Language (SQL), and database audit concepts.

All auditors need some familiarity with computer systems since virtually every type of audit will involve IT during the planning, fieldwork or reporting phases. This awareness includes understanding systems and related processes, risks, controls, how to document IT assets and activities, and ways to test inputs, processes, and outputs.

Topics covered include an overview of governance and strategy, security and audit frameworks, IT and security strategy, risk assessment, risk registers, vendor management, application control objectives, business transaction processing, and business support.

This course is for Financial, Operational, Business, and new IT Auditors and provides an in-depth review of the risks and controls of auditing IT and business application systems. Participants will learn about the database, network, business application, transaction risks and controls, end-user computing, assessing control ownership, and how to document and test inputs, processes, outputs, master files, and interfaces.

Topics covered include business and support systems, infrastructure, an overview of risk and how to manage it, computing devices and operating systems, client server technology and computer types, middleware, virtualization, programs and programming. This course also covers the CIA triad of data confidentiality, integrity, and availability.

The IT Audit School: IT General Controls (ITGC) course provides a comprehensive understanding of IT general controls and their role in securing IT environments and ensuring regulatory compliance. Participants will explore key control areas, risk management strategies, and audit techniques to assess IT processes and infrastructure effectively.

Topics covered include logical security, administration and awareness, encryption, system development life cycle (SDLC), change management IT operations, vulnerability scanning and penetration testing, physical and environmental controls, business continuity planning (BCP) and disaster recovery planning (DRP).

All auditors need some familiarity with computer systems since virtually every type of audit will involve IT during the planning, fieldwork or reporting phases. This awareness includes understanding systems and related processes, risks, controls, how to document IT assets and activities, and ways to test inputs, processes, and outputs.

Topics covered include an overview of networks, devices, protocols, ports, and services. It also covers firewalls, network monitoring, the cloud service models, and cloud deployment models.

Internal and Operational Auditors in today’s complex organizations must understand information systems and be able to function within a technical environment. This course outlines the concepts of information technology to understand audit concerns in the IT environment. Participants will review critical business application system controls and the supporting IT general controls. The focus is on key risks and controls in critical areas like user access to business applications, database security, networks, change management, and disaster recovery.

This course covers risk management, the primary process organizations use to determine their capability to identify, manage, and respond to risk and verify their ability to maintain confidentiality, integrity, and availability of their information assets. Participants review common risk assessments and analysis requirements for meeting both regulatory and industry expectations and ways to demonstrate technology risks, and their potential outcomes are embedded in their risk management process.

This course covers the information management disciplines as defined in the International Industry standard, DAMA body of knowledge (DMBoK) v2. It covers the entire information management spectrum, including how information architecture is applied. In this course, students prepare for the CDMP certification. The exam is taken on the last day of the course.

This course covers the (ISC)2 Common Body of Knowledge (CBK) and evaluates real world methods and tools required to construct or audit a comprehensive information security framework. It provides a business-oriented, architectural perspective that defines how to organize and oversee a risk-based enterprise information security program., blending theories and best management practices with key physical and information technology safeguards.

Key references and yardsticks are provided to gain familiarity with industry-leading practices, legislation, and professional standards for information/cyber security and audit practitioners.

The course also provides unit and course review exercises to help participants prepare for the CISSP exam (or similar such as CISA) and help guide their organization as it develops or revises its information security program. Multiple takeaways are provided.

Managers must understand, deploy, and sustain innovation as a key characteristic of their units. This course shows how to embed innovation and agility in a department’s methodology and administration, key considerations when implementing change initiatives, and techniques to successfully apply the Three Lines Model to provide integrated assurance. It also covers ways to make Internal Audit a more visible contributor to an organization’s value protection and creation infrastructure.

Managers must understand, deploy, and sustain innovation as a key characteristic of their units. This course shows how to embed innovation and agility in a department’s methodology and administration, key considerations when implementing change initiatives, and techniques to successfully apply the Three Lines Model to provide integrated assurance. It also covers ways to make Internal Audit a more visible contributor to an organization’s value protection and creation infrastructure.

The amount, speed, and impact of change have accelerated significantly, and all indicators point to more change in the future. Organizations are expected to innovate and become creative in pursuing business objectives, managing risks, and implementing appropriate controls that increase the likelihood of short-term and longer-term success. Internal Auditors must understand the dynamics driving these changes, how innovation is being used in modern organizations, and how it affects the efforts to provide reasonable assurance to the Board of Directors, management, and other stakeholders. Internal audit must understand change and innovation and embrace, adopt, thrive with it, and promote it.

This course shows participants where and how innovation can work in their organization’s favor, protecting and enhancing value while risks are appropriately managed. Internal audit must understand change and innovation and embrace, adopt, and promote it. Part one of this two-part series of courses will explore where and how innovation can work in the planning and execution of audit assignments to enhance and protect value while risks are managed.

The amount, speed, and impact of change have accelerated significantly, and all indicators point to more change in the future. Organizations are expected to innovate and become creative in pursuing business objectives, managing risks, and implementing appropriate controls that increase the likelihood of short-term and longer-term success. Internal Auditors must understand the dynamics driving these changes, how innovation is being used in modern organizations, and how it affects the efforts to provide reasonable assurance to the Board of Directors, management, and other stakeholders. Internal audit must understand change and innovation and embrace, adopt, thrive with it, and promote it.

This course shows participants where and how innovation can work in their organization’s favor, protecting and enhancing value while risks are appropriately managed. Internal audit must understand change and innovation and embrace, adopt, and promote it. Part one of this two-part series of courses will explore where and how innovation can work in the planning and execution of audit assignments to enhance and protect value while risks are managed.

This course shows participants where and how innovation can work in their organization’s favor, protecting and enhancing value while risks are appropriately managed. Internal audit must understand change and innovation and embrace, adopt, and promote it.

Topics covered include communicating issues, writing better narratives, improving the use of internal control questionnaires (ICQ), flowcharts, 5 Whys, the Is Is-Not Matrix, documenting and selling audit findings, cause and effect diagrams, prioritization matrices and process analysis using a maturity model.

CPE: 4.5

The Innovation for Internal Auditors: Improving Agility and Embracing Innovation course equips auditors with modern methodologies and emerging technologies to enhance audit effectiveness. Participants will explore agile auditing principles, process improvement strategies, and advanced technologies such as robotic process automation (RPA), artificial intelligence (AI), and machine learning (ML) to drive efficiency and innovation within the audit function.

Topics covered include the limitations of the traditional audit process, essentials of agile auditing, eight areas of waste, the critical thinking process, pragmatism, SIPOC maps, control charts, robotic process automation (RPA), artificial intelligence (AI), and machine learning (ML).

CPE: 5

The amount, speed, and impact of change have accelerated significantly, and all indicators point to more change in the future. Organizations are expected to innovate and become creative in pursuing business objectives, managing risks, and implementing appropriate controls that increase the likelihood of short-term and longer-term success. Internal auditors must understand the dynamics driving these changes, how innovation is being used in modern organizations, and how it affects the efforts to provide reasonable assurance to the Board of Directors, management, and other stakeholders. Internal audit must understand change and innovation and embrace, adopt, thrive with it, and promote it.

This course shows participants where and how innovation can work in their organization’s favor, protecting and enhancing value while risks are appropriately managed. Internal audit must understand change and innovation and embrace, adopt, and promote it.

This course provides an overview and covers the foundational aspects of innovation and internal auditing, managing expectations as a requirement for modern auditing, and key questions internal auditors should ask, and answer. This course also covers the impact of data analytics, types of projects internal auditors should consider performing, trends in internal auditing, the progression towards continuous auditing, attributes of world-class audit departments, and key actions to remain relevant.

CPE: 7

This course shows participants where and how innovation can work in their organization’s favor, protecting and enhancing value while risks are appropriately managed. Internal audit must understand change and innovation and embrace, adopt, and promote it.

Topics covered include effective communications and promoting change, affinity diagrams, force field analysis, RACI diagrams, issuing more timely reports, and using key performance indicators (KPIs) and key risk indicators (KRIs).

CPE: 2.5

The Innovation for Internal Auditors: Risk Assessments, GRC, and Planning course provides auditors with the skills and strategies needed to enhance risk assessment processes, strengthen Governance, Risk, and Compliance (GRC) frameworks, and improve audit planning. Participants will learn innovative approaches to evaluating risks, structuring audit plans, and aligning with industry standards like COSO to ensure a more effective and forward-thinking audit function.

Topics covered include risks and controls matrix (RCM), looking at risks differently through the lens of good and bad risk, understanding and improving Governance, Risk and Compliance (GRC), building and completing the audit plan, COSO-based auditing, criteria for audit programs, and essential steps for effective planning.

CPE: 5

An IT auditor with the skills, knowledge, and competencies to help organizations navigate the complex environment of IT risks has never been in higher demand. Every organization in every industry has become aware of the importance of proactively identifying, evaluating, and monitoring IT risks.

This course will reinforce and enhance the principles of assessing IT risks. Participants will examine ways to incorporate and implement the elements of risk assessment and audit planning; identify and apply pertinent audit and security resources; utilize tools of evaluating logical security; evaluate risks within database management systems; monitor risks within change management; test network perimeter security and cloud computing; evaluate threats within the internet of things, and add value in the IT auditor’s organization regarding business continuity and disaster recovery planning and IT governance. The participant will also emerge with increased skills regarding effective communication and presentation of the results of the IT audit to various levels of leadership within the organization. The participant will be engaged through case studies of real-life examples and scenarios and acquire a wealth of resources, templates, and guides that can be adapted to and incorporated into any industry.

An IT auditor with the skills, knowledge, and competencies to help organizations navigate the complex environment of IT risks has never been in higher demand. Every organization in every industry has become aware of the importance of proactively identifying, evaluating, and monitoring IT risks.

This course will reinforce and enhance the principles of assessing IT risks. Participants will examine ways to incorporate and implement the elements of risk assessment and audit planning; identify and apply pertinent audit and security resources; utilize tools of evaluating logical security; evaluate risks within database management systems; monitor risks within change management; test network perimeter security and cloud computing; evaluate threats within the internet of things, and add value in the IT auditor’s organization regarding business continuity and disaster recovery planning and IT governance. The participant will also emerge with increased skills regarding effective communication and presentation of the results of the IT audit to various levels of leadership within the organization. The participant will be engaged through case studies of real-life examples and scenarios and acquire a wealth of resources, templates, and guides that can be adapted to and incorporated into any industry.

Auditors proficient in IT and cybersecurity are in high demand because they can assist organizations in their efforts to create and preserve value. Business models depend on the effective deployment, maintenance, and protection of the organizations’ computer infrastructure, the effective use of IT systems while complying with applicable rules and regulations, and the adoption of best practices whenever possible.

Topics covered include logical security concepts, social engineering, malware, user identification and authentication, user authorization, and privileged access monitoring. Other topics covered include log management, vulnerability assessments, middleware, virtualization, and audit considerations.

CPE: 3.5

The Intermediate IT Audit School: Cloud Computing course provides auditors and IT professionals with the knowledge and skills to assess cloud security, manage risks, and ensure compliance in cloud-based environments. Participants will explore key security concepts, identity and access management, virtualization, and audit considerations for effective cloud governance.

Topics covered include logical security concepts, social engineering, malware, user identification and authentication, user authorization, and privileged access monitoring. Other topics covered include log management, vulnerability assessments, middleware, virtualization, and audit considerations.

CPE: 4.5

Auditors proficient in IT and cybersecurity are in high demand because they can assist organizations in their efforts to create and preserve value. Business models depend on the effective deployment, maintenance, and protection of the organizations’ computer infrastructure, the effective use of IT systems while complying with applicable rules and regulations, and the adoption of best practices whenever possible.

Topics covered include logical security concepts, social engineering, malware, user identification and authentication, user authorization, and privileged access monitoring. Other topics covered include log management, vulnerability assessments, middleware, virtualization, and audit considerations.

CPE: 4

Auditors proficient in IT and cybersecurity are in high demand because they can assist organizations in their efforts to create and preserve value. Business models depend on the effective deployment, maintenance, and protection of the organizations’ computer infrastructure, the effective use of IT systems while complying with applicable rules and regulations, and the adoption of best practices whenever possible.

Topics covered include logical security concepts, social engineering, malware, user identification and authentication, user authorization, and privileged access monitoring. Other topics covered include log management, vulnerability assessments, middleware, virtualization, and audit considerations.

CPE: 2.5

The Intermediate IT Audit School: Logical Security course provides auditors and IT professionals with an in-depth understanding of logical security controls and their role in safeguarding digital assets. Participants will explore key security concepts, user access management, threat mitigation techniques, and audit considerations to strengthen an organization’s IT security posture.

Topics covered in this course include logical security concepts, social engineering, malware, user identification and authentication, user authorization, and privileged access monitoring. Other topics covered include log management, vulnerability assessments, middleware, virtualization, and audit considerations.

CPE: 6

The Intermediate IT Audit School: Logical Security course provides a deep dive into the critical security controls necessary to protect IT environments from cyber threats. Participants will explore logical security principles, identity and access management, risk assessment techniques, and audit methodologies to evaluate and enhance security frameworks effectively.

Topics covered include logical security concepts, social engineering, malware, user identification and authentication, user authorization, and privileged access monitoring. Other topics covered include log management, vulnerability assessments, middleware, virtualization, and audit considerations.

CPE: 5

An IT auditor with the skills, knowledge, and competencies to help organizations navigate the complex environment of IT risks has never been in higher demand. Every organization in every industry has become aware of the importance of proactively identifying, evaluating, and monitoring IT risks. This course will reinforce and enhance the principles of assessing IT risks.

Participants will examine ways to incorporate and implement the elements of risk assessment and audit planning; identify and apply pertinent audit and security resources; utilize tools of evaluating logical security; evaluate risks within database management systems; monitor risks within change management; test network perimeter security and cloud computing; evaluate threats within the internet of things, and add value in the IT auditor’s organization regarding business continuity and disaster recovery planning and IT governance.

The participant will also emerge with increased skills regarding effective communication and presentation of the results of the IT audit to various levels of leadership within the organization. The participant will be engaged through case studies of real-life examples and scenarios and acquire a wealth of resources, templates, and guides that can be adapted to and incorporated into any industry.

Topics covered include business IT definitions, types of threats and risks, building the IT audit program, NIST Cybersecurity Framework, Center for Internet Security (CIS) controls, COSO, COBIT, IIA GTAGs, ISO 27000 security standards and FISMA – NIST SP 800-53 R5.

CPE: 6.5

This course covers techniques for preparing high-quality audit workpapers that explain the purpose, results, and conclusions of the testing performed. The course also covers how to effectively document and communicate audit issues, methods for sample selection, and ways to perform tests on the entire population using data analytics to identify anomalies. Who Should Attend: Internal and IT Auditors looking for a comprehensive understanding of the process of Internal Audit. This foundational course can be used to onboard rotational Internal Auditors and other experienced professionals starting their careers.

CPE: 4

This course focuses on the key concepts, practices, and challenges to effective verbal and written communication. For verbal skills, this course covers ways to apply active listening skills, how to organize and conduct client interviews, techniques to effectively phrase questions to obtain the sought after information, probing skills, and ways to identify the possibility of deceit. In terms of writing skills, this course covers essential techniques to make the writing process more effective, and communicate audit results that are accurate, clear, concise, constructive, complete, and that become a call for timely action.
Who Should Attend: Internal and IT Auditors looking for a comprehensive understanding of the process of Internal Audit. This foundational course can be used to onboard rotational Internal Auditors and other experienced professionals starting their careers.

CPE: 6

This course covers foundational concepts and practices of internal auditing, including the definition, focus, and mission of internal auditing, the lifecycle of an internal audit, types of audits, and internal control frameworks. Participants will also gain familiarity with techniques to prepare risk assessments and risk-control matrices, and key considerations when selecting auditable areas.   CPE: 8

This course focuses on the types, tools, techniques, and ways of addressing challenges while documenting internal controls. It also covers how to define the audit’s objectives, scope and testing procedures while preparing audit programs. The course guides learners through fieldwork techniques, helping participants understand how to gather different types of audit evidence, and ways to assess the quality of the evidence obtained.

CPE: 6

The International Standards for the Professional Practice of Internal Auditing (the Standards) require every internal audit department or activity to have either an external quality assessment review (QAR) or a Self-Assessment review with an external validation by an independent reviewer at least once every five years. This course will explain how to conduct a self-assessment as outlined by the IIA Standards.

This seminar will cover what is mandatory and recommended in the International Professional Practices Framework (IPPF) and provide attendees with what they need to know to prepare for and undergo an external quality assessment review.

Attendees will understand how a QAR can benefit the internal audit activity, learn about the various review methodologies available, and discuss the important decisions that arise when preparing an internal audit department for a review.

The International Standards for the Professional Practice of Internal Auditing (the Standards) require every internal audit department or activity to have either an external quality assessment review (QAR) or a Self-Assessment review with an external validation by an independent reviewer at least once every five years. This course will explain how to conduct a self-assessment as outlined by the IIA Standards.

This seminar will cover what is mandatory and recommended in the International Professional Practices Framework (IPPF) and provide attendees with what they need to know to prepare for and undergo an external quality assessment review.

Attendees will understand how a QAR can benefit the internal audit activity, learn about the various review methodologies available, and discuss the important decisions that arise when preparing an internal audit department for a review.

Participants will build on the fundamentals of modern internal auditing and practice how to conduct operational audits and develop audit programs for auditing business processes, including Purchasing, Contracting, Vendor Selection, Marketing, Sales, Human Resources, IT general controls, management, and accounting functions like Accounts Payable, Accounts Receivable, Inventory, Payroll, Treasury, and Fixed Assets.

Participants will build on the fundamentals of modern internal auditing and practice how to conduct operational audits and develop audit programs for auditing business processes, including Purchasing, Contracting, Vendor Selection, Marketing, Sales, Human Resources, IT general controls, management, and accounting functions like Accounts Payable, Accounts Receivable, Inventory, Payroll, Treasury, and Fixed Assets.

This course covers the techniques essential for auditing the finance, treasury, and accounting processes at organizations. The focus is on the objectives, risks, controls, and audit procedures relevant to these processes, and the unique conditions most auditors will encounter.

Topics covered include treasury, bank accounts and relationships, payroll, accounts payable, accounts receivable, fixed assets and capital expenses, budgeting and monitoring, and inventories.

CPE: 3.5

This course covers the techniques essential for auditing the human resources processes at organizations. The focus is on the objectives, risks, controls, and audit procedures relevant to these processes, and the unique conditions most auditors will encounter.

Topics covered include recruitment, succession planning, staff training and development, staff evaluations and disciplinary matters, and general human resources documentation and staff management practices.

CPE: 3

This course covers the techniques essential for auditing information technology processes at organizations. The focus is on the objectives, risks, controls, and audit procedures relevant to these processes, and the unique conditions most auditors will encounter.

Topics covered include IT processing, back-up and storage, system and operating software, system access control, and system development.

CPE: 2.5

This course covers the techniques essential for auditing management and corporate governance processes at organizations. The focus is on the objectives, risks, controls, and audit procedures relevant to these processes, and the unique conditions most auditors will encounter. This course also covers the future of operational auditing.

Topics covered include management tasks and responsibilities, strategic planning and budgeting, entity level controls, auditing ethics and culture, corporate social responsibility, ethics training, and whistleblowing programs.

CPE: 5

This course covers the techniques essential for auditing the marketing and sales processes at organizations. The focus is on the objectives, risks, controls, and audit procedures relevant to these processes, and the unique conditions most auditors will encounter.

Topics covered include product and service delivery, promotion and advertising, pricing and discount policies, sales management, and public relations.

CPE: 3

This course covers the techniques essential for auditing the purchasing and contracts processes at organizations. The focus is on the objectives, risks, controls, and audit procedures relevant to these processes, and the unique conditions most auditors will encounter.

Topics covered include contracting, contract management, vendor viability and competence, vendor list maintenance, the bidding process and project management.

CPE: 3.5

This course covers the techniques essential for auditing supply chain processes at organizations. The focus is on the objectives, risks, controls, and audit procedures relevant to these processes, and the unique conditions most auditors will encounter.

Topics covered include the value chain, measuring performance, shipping and Incoterms, distribution centers, and returns management.

CPE: 2.5

This course covers foundational concepts and practices of internal auditing, including the definition, focus, important trends and essential tools and techniques internal auditors use in their roles. Participants will gain familiarity with the identification and use objectives during an engagement, and essential practices to apply when preparing risk assessments, identifying relevant controls, and selecting the appropriate test procedures. Fraud and fraud red flags are also reviewed in this course as are the differences between financial and operational audits.

This course provides an overview, and covers the foundational aspects of performing internal audits, which are then applied more specifically to the companion courses in this series.

CPE: 9

While preventative controls remain a critical component of an effective information security program, the ability to detect and respond to security incidents continues to increase in importance. The number of breaches reported each year, combined with evidence of increasingly sophisticated attacks, only serves to emphasize the need for organizations to have staff members skilled in managing information security incidents. This course is designed to provide the knowledge and experience you need to develop critical incident response policies and procedures, as well as identify technologies that can help you effectively manage security incidents. Through discussion and hands-on exercises, participants gain specialized knowledge of security incident response. The course covers cyber-attacks, computer forensics, incident response detection and assessment, controls and preparation, communications, post-incident activity, and reporting. It also covers third-party incident response considerations, training and recovery, and key considerations when preparing audit programs. Another feature of the class is the review of guidance from organizations like the Center for Internet Security (CIS), the National Institute of Standards and Technology (NIST), the US Computer Emergency Readiness Team (CERT), the Federal Financial Institutions Examination Council (FFIEC), the Financial Services Information Sharing and Analysis Center (FSISAC), the National Cybersecurity and Communications Integration Center (NCCIC), and the Cloud Security Alliance (CSA).

This course is designed to give those new to information security auditing a basic understanding of information security key concepts, players, and components. Participants will learn how the information security function aligns with the organization's business and strategic objectives. Additionally, the course will highlight methods to provide assurance in the information security space and the critical importance of communication. This course will provide the foundational knowledge auditors need to perform information security governance audits and perform basic assessments of information security operations.

This instructor-led course is designed to give those new to information security auditing a basic understanding of information security key concepts, players, and components. Participants will learn how the information security function aligns with the organization's business and strategic objectives. Additionally, the course will highlight methods to provide assurance in the information security space and the critical importance of communication. This course will provide the foundational knowledge auditors need to perform information security governance audits and perform basic assessments of information security operations.

This course is designed to give those new to Information Security auditing a basic understanding of Information Security key concepts, players, and components. This course will provide the foundational knowledge auditors need to perform Information Security governance audits and basic assessments of Information Security operations.

Topics covered include communication with the board, senior management, external parties and within the internal audit function. It also covers ways to overcome challenges and roadblocks.

CPE: 3

This course is designed to give those new to Information Security auditing a basic understanding of Information Security key concepts, players, and components. This course will provide the foundational knowledge auditors need to perform Information Security governance audits and basic assessments of Information Security operations.

Topics covered include risk identification, assessment, response, and control monitoring and reporting. It also covers controls and countermeasures, security engineering, interdependencies, cost considerations and assurance programs.

CPE: 5.5

This course is designed to give those new to Information Security auditing a basic understanding of Information Security key concepts, players, and components. This course will provide the foundational knowledge auditors need to perform Information Security governance audits and basic assessments of Information Security operations.

Topics covered include user and software support, configuration management and backups, media controls, documentation, maintenance, and cost considerations. It also covers the uses, types, implementation challenges, interdependencies, and cost considerations of cryptography.

CPE: 5

This course is designed to give those new to Information Security auditing a basic understanding of Information Security key concepts, players, and components. This course will provide the foundational knowledge auditors need to perform Information Security governance audits and basic assessments of Information Security operations.

This course provides an overview of security, roles and responsibilities, risk management, security assessments, asset security, organization security strategy, and information security control design.

CPE: 5.5

The Introduction to Information Security: Threats, Vulnerabilities, and the Security Policy course provides a foundational understanding of information security principles, risk management, and policy development. Participants will explore key security threats, vulnerabilities, and the critical role of security policies in mitigating risks and ensuring organizational resilience.

Topics covered include security incident management, logical access, threat sources and events, policies, interdependencies, and cost considerations.

CPE: 5

This course provides an overview of the ethical dynamics associated with accounting transactions and financial analysis situations where judgment may be applied, resulting in ethical and compliance breakdowns.

This course focuses on lists of key challenges encountered when applying judgment and describes ways of ensuring judgment is applied in key audit areas.

CPE: 1

Internal auditors cannot leave their career advancement to others, but must instead develop practical and actionable strategies of their own. This course examines practical steps so auditors can take control of their careers as they advance within the profession, or transition to other fields.

CPE: 2

This course provides guidance and standards from the IIA for audit professionals and effective ways of conducting audits, from the audit plan to engagement planning as well as execution and audit reporting. These concepts are complemented with innovative tools and methodologies, including data analytics, agile auditing, and GRC software for more efficient and effective audits that add value. In addition to best practices for technical skills for auditors, it also covers soft skills that are critical for an audit leader’s success, including best practices in project management, communication skills, conflict management, and leading with empathy.

The course addresses the challenging pursuit of Internal Audit, becoming strategic partners, and having a seat at the table. Additionally, there is coverage on how audit leaders can play a role and add value in several common strategic initiatives related to risk management (ERM), corporate culture, IT, operations, and others. Finally, the course wraps up with how best to communicate with and report to the Board and the Audit Committee, whether the participant attends Board meetings or is involved with providing input into Board reporting. These concepts will be reinforced with exercises and case studies throughout the course to allow participants to apply what they have learned using real-world examples and situations.

This course provides guidance and standards from the IIA for audit professionals and effective ways of conducting audits, from the audit plan to engagement planning as well as execution and audit reporting. These concepts are complemented with innovative tools and methodologies, including data analytics, agile auditing, and GRC software for more efficient and effective audits that add value. In addition to best practices for technical skills for auditors, it also covers soft skills that are critical for an audit leader’s success, including best practices in project management, communication skills, conflict management, and leading with empathy.

The course addresses the challenging pursuit of Internal Audit, becoming strategic partners, and having a seat at the table. Additionally, there is coverage on how audit leaders can play a role and add value in several common strategic initiatives related to risk management (ERM), corporate culture, IT, operations, and others. Finally, the course wraps up with how best to communicate with and report to the Board and the Audit Committee, whether the participant attends Board meetings or is involved with providing input into Board reporting. These concepts will be reinforced with exercises and case studies throughout the course to allow participants to apply what they have learned using real-world examples and situations.

Successful internal audit departments have people, processes and tools that work effectively together throughout the audit planning, fieldwork, and reporting phases. The result is the delivery of value-adding services that exceed stakeholder expectations.

Topics covered in this course include planning, risk assessment, audit recommendations, and audit reports.

Successful internal audit departments have people, processes and tools that work effectively together throughout the audit planning, fieldwork, and reporting phases. The result is the delivery of value-adding services that exceed stakeholder expectations.

Topics covered in this course include project management, effective communication, leading with emotional intelligence, and conflict management.

Successful internal audit departments have people, processes and tools that work effectively together throughout the audit planning, fieldwork, and reporting phases. The result is the delivery of value-adding services that exceed stakeholder expectations.

Topics covered in this course include data analytics, GRC tools, and agile auditing,

Who Should Attend

Internal Audit Managers, Directors, and Supervisors.

This course provides a roadmap to develop, implement and sustain an integrated GRC infrastructure to help participants implement and maintain a GRC framework. Many organizations have implemented selected components of a GRC framework, but the challenge remains to integrate the disparate components. Those attending this course will examine ways of building, sustaining, and reviewing GRC programs.

This course focuses on the role of internal audit in governance, key steps pre-GRC implementation, and a review of the components and principles of the COSO Internal Control-Integrated Framework (IC-IF), and the COSO Enterprise Risk Management Framework (ERM).

The Managing the Internal Audit Department: Strategic Partners, the Audit Committee, and the Board course provides a strategic perspective on the evolving role of internal audit within an organization. Participants will explore how internal audit collaborates with key business functions, supports corporate governance, and enhances organizational resilience through effective communication and strategic alignment.

Topics covered include internal audit’s partnership with the Enterprise Risk Management (ERM), Compliance, Operations, and IT functions. It also covers the role of internal audit in relation to strategic initiatives and corporate culture, communication and reporting, and the maturity and evolution of the internal audit function.

This course will take learners on a journey examining real-world case studies. We will demonstrate how the use of mind-mapping techniques used in multi-billion-dollar organizations has saved lives. These techniques are still used today to detect fraud, misuse, inefficiencies, and recover funds. Learn how to apply modern-day case studies to audit plans, tests, and other audit components.

Delve with us into the specifics of data integrity, data quality, and data integration. Learners will study how to efficiently extract business insights from data and visually communicate those insights to their stakeholders. We will familiarize learners with identifying structured vs. unstructured data, intersecting data, and developing a systematic process of analysis. Learners will be able to provide assurance, consulting, or solution-based value to their organizations.

Fast-forward to the future into the world of data, big data, and management enhancement through analytics. We will introduce learners to artificial intelligence, machine learning, and the rise of quantum computing, and how these will impact the future of auditing.

Data analytics have become an integral part of modern internal auditing, and auditors knowledgeable about data integrity, and techniques to analyze it, are in high demand. Proficiency examining data helps auditors identify waste, abuse, and fraud, and provides great opportunities to add value to audit clients. But extracting insights from the data is not enough, practitioners must also acquire effective communication skills to successfully convey their results and the business implications, which are essential to promote positive change.

Topics covered in this course include identification and normalization of Accounts Payable (AP) data, AP data queries, visualizing AP data, the future, and the distant future.

In this course, participants examine real-world case studies demonstrating how various techniques are used to detect fraud, misuse, inefficiencies, and recover funds. The course covers data integrity, data quality, and data integration, and will familiarize learners with identifying structured vs. unstructured data, intersecting data, and developing a systematic process of analysis. Learners will learn how to efficiently extract business insights from data, visually communicate those insights to their stakeholders, and apply these techniques to audit plans, tests, and other audit components. The course introduces learners to artificial intelligence, machine learning, the rise of quantum computing, and how these will impact the future of auditing.

Topics covered include a historical perspective to data analytics, modern tools, understanding the structure of flat data files, and understanding the audit perspective. This course also includes finding fraud, predictive analytics, and accelerated learning techniques.

Data analytics have become an integral part of modern internal auditing, and auditors knowledgeable about data integrity, and techniques to analyze it, are in high demand. Proficiency examining data helps auditors identify waste, abuse, and fraud, and provides great opportunities to add value to audit clients. But extracting insights from the data is not enough, practitioners must also acquire effective communication skills to successfully convey their results and the business implications, which are essential to promote positive change.

Topics covered in this course include identifying data in human resources (HR), data queries, and visualizing HR results.

Data analytics have become an integral part of modern internal auditing, and auditors knowledgeable about data integrity, and techniques to analyze it, are in high demand. Proficiency examining data helps auditors identify waste, abuse, and fraud, and provides great opportunities to add value to audit clients. But extracting insights from the data is not enough, practitioners must also acquire effective communication skills to successfully convey their results and the business implications, which are essential to promote positive change.

Topics covered in this course include mind-mapping for data discovery and understanding structured vs. unstructured data. The course then focuses on data typically available from cash receipts, payroll, accounts payable and accounts receivable, data available from other organizations, mind-mapping for audit use, and the analytics process overview.

Data analytics have become an integral part of modern internal auditing, and auditors knowledgeable about data integrity, and techniques to analyze it, are in high demand. Proficiency examining data helps auditors identify waste, abuse, and fraud, and provides great opportunities to add value to audit clients. But extracting insights from the data is not enough, practitioners must also acquire effective communication skills to successfully convey their results and the business implications, which are essential to promote positive change.

Topics covered in this course include data dumps and access, security profiles for audit data, checksums for data security, and relational data files. The course also covers specific jargon, tools of the trade, the process of analytics supported audit, and the normalization of data. Other topics covered include pivot tables, data questions in payroll, in accounts payable, how to ask quality questions, creating a dashboard, and using business intelligence dashboard.

Data analytics have become an integral part of modern internal auditing, and auditors knowledgeable about data integrity, and techniques to analyze it, are in high demand. Proficiency examining data helps auditors identify waste, abuse, and fraud, and provides great opportunities to add value to audit clients. But extracting insights from the data is not enough, practitioners must also acquire effective communication skills to successfully convey their results and the business implications, which are essential to promote positive change.

Topics covered in this course include website effectiveness audit, data prep, website queries, and visualizing website data.

NIST is the de-facto standard for security, compliance, and privacy in the US. One must comply with NIST standards if/when doing business with the US federal government, managing critical infrastructure, or maintaining personally identifiable information (PII).

NIST provides the Cybersecurity Framework (CSF) and Risk Management Framework (RMF) to guide organizations in securing their infrastructure, systems, and data. In this course, participants will apply the NIST Cybersecurity and Risk Management Frameworks to better protect their infrastructure, detect possible cyber incidents, and appropriately respond and recover should they occur. We teach participants how to become well-versed in the NIST CSF and RMF, how to implement them, and ways to effectively manage CSF and RMF processes for optimal security, privacy, and compliance.

NIST is the de-facto standard for security, compliance, and privacy in the US. One must comply with NIST standards if/when doing business with the US federal government, managing critical infrastructure, or maintaining personally identifiable information (PII).

NIST provides the Cybersecurity Framework (CSF) and Risk Management Framework (RMF) to guide organizations in securing their infrastructure, systems, and data. In this course, participants will apply the NIST Cybersecurity and Risk Management Frameworks to better protect their infrastructure, detect possible cyber incidents, and appropriately respond and recover should they occur. We teach participants how to become well-versed in the NIST CSF and RMF, how to implement them, and ways to effectively manage CSF and RMF processes for optimal security, privacy, and compliance.

NIST is the de-facto standard for security, compliance, and privacy in the US and widely accepted around the world. The NIST Cybersecurity Framework (CSF) and the Risk Management Framework (RMF) are useful guides to help organizations secure their infrastructure, systems, and data.

Topics covered in this course include an overview of the NIST Core and Identify Function, inventory of critical assets, business impact assessment, and security policies and procedures.

NIST is the de-facto standard for security, compliance, and privacy in the US and widely accepted around the world. The NIST Cybersecurity Framework (CSF) and the Risk Management Framework (RMF) are useful guides to help organizations secure their infrastructure, systems, and data.

Topics covered in this course include an overview of the NIST Core Review and Protect Function, awareness and training, access control, network and systems protective technologies, data security and encryption, maintenance, personnel and physical security, system auditing and logging, monitoring and alerting, and assessments.

Who Should Attend

Information Security and Network professionals, Chief Data Officers, Chief Information Security Officers, and Senior IT Auditors wanting to gain a deep understanding of the Cybersecurity Management System Framework.

NIST is the de-facto standard for security, compliance, and privacy in the US and widely accepted around the world. The NIST Cybersecurity Framework (CSF) and the Risk Management Framework (RMF) are useful guides to help organizations secure their infrastructure, systems, and data.

Topics covered in this course include response planning and incident response plan examples, digital forensics, response training and testing, mitigation and improvements, continuity of operations planning, backup and recovery, virtualization and the cloud.

NIST is the de-facto standard for security, compliance, and privacy in the US. One must comply with NIST standards if/when doing business with the US federal government, managing critical infrastructure, or maintaining personally identifiable information (PII).

NIST provides the Cybersecurity Framework (CSF) and Risk Management Framework (RMF) to guide organizations in securing their infrastructure, systems, and data. In this course, participants will apply the NIST Cybersecurity and Risk Management Frameworks to better protect their infrastructure, detect possible cyber incidents, and appropriately respond and recover should they occur. We teach participants how to become well-versed in the NIST CSF and RMF, how to implement them, and ways to effectively manage CSF and RMF processes for optimal security, privacy, and compliance.

Topics covered include an overview of the NIST cybersecurity (CSF) and risk management (RMF) frameworks, related publications, relationships, CSF Core, Tiers, and Profiles, the vocabulary of risk, and NIST relationships.

NIST is the de-facto standard for security, compliance, and privacy in the US and widely accepted around the world. The NIST Cybersecurity Framework (CSF) and the Risk Management Framework (RMF) are useful guides to help organizations secure their infrastructure, systems, and data.

Topics covered in this course include system authorization, risk response, the monitoring controls step, change management and configuration control, and system disposal.

NIST is the de-facto standard for security, compliance, and privacy in the US and widely accepted around the world. The NIST Cybersecurity Framework (CSF) and the Risk Management Framework (RMF) are useful guides to help organizations secure their infrastructure, systems, and data.

Topics covered in this course include the RMF Assessment Step and Process, assessment plans, conducting the assessment, analyzing assessment results, assessment documentation, and risk remediation.

NIST is the de-facto standard for security, compliance, and privacy in the US and widely accepted around the world. The NIST Cybersecurity Framework (CSF) and the Risk Management Framework (RMF) are useful guides to help organizations secure their infrastructure, systems, and data.

Topics covered in this course include an RMF overview and preparation, the risk-based approach to security, the Preparation step, system security plans, categorizing information systems, establishing scope, the RMF categorize step, and the categorization risk analysis.

NIST is the de-facto standard for security, compliance, and privacy in the US and widely accepted around the world. The NIST Cybersecurity Framework (CSF) and the Risk Management Framework (RMF) are useful guides to help organizations secure their infrastructure, systems, and data.

Topics covered in this course include an RMF overview and preparation, the risk-based approach to security, the Preparation step, system security plans, categorizing information systems, establishing scope, the RMF categorize step, and the categorization risk analysis.

This course covers the (ISC)2 Common Body of Knowledge (CBK) and evaluates real world. This course covers the basic operating characteristics and risks associated with LANs, WANs, client/server, and other forms of networking and distributed computing architectures. It includes best practices for securing and auditing network applications, interconnection devices and remote access, and perimeter security services. Participants map and organize the use of built-in and add-on tools to security policy and audit requirements to determine the essential topics that must be addressed in compliance and risk management, security administration standards and procedures, and audit programs. The course also includes checklists at the end of each control-related section.

This course is tailored specifically for oil, gas, and petrochemical companies and provides practical and valuable guidance on risk-based operational auditing. It teaches participants how to identify and prioritize the risks and assess the efficiency, effectiveness, and economics of both core and non-core business processes and provides practical exercises to help delegates gain confidence in the techniques presented and their ability to use them. Report writing is also explored to help delegates not only understand who Internal Audit’s stakeholders are but to help delegates get their messages across clearly and concisely. Delegates are given the opportunity to provide examples from their workplace for review and discussion.

Since oil and gas relies on the need for outside experts, the course also covers the requirements for reporting on the opinions of others. It explores areas such as walkthrough contracts that are necessary and risky when it comes to oil and gas companies. It also examines how oil and gas companies can still be ESG compliant and stand out from the competition.

Philosophy has played a key role in defining ethical thought and practice for centuries. This course explores, and expands, on classical philosophies and links them to business practices that help enhance the ethical climate within organizations.

CPE: 1

In this course, we will explore proven techniques based on an understanding of the psychology of fraud to help prevent and mitigate fraud within core business systems. After defining fraud and establishing the universal scope of the problem fraud presents to organizations worldwide, we will examine the psychology and motivations of fraudsters to help us to understand and develop strategies for prevention and detection. By understanding the psychology of fraud, we will be better able to design fraud prevention, detection, and deterrence controls. We will increase our skills in the areas of fraud prevention, detection, analysis, and some skills relating to investigations. Specifically, we will analyze proven techniques of fraud prevention and detection that are based upon an understanding of psychological factors related to fraud. Armed with a thorough understanding of how psychology impacts behaviors, we will leave this course prepared with the knowledge we need to create a more effective anti-fraud environment. There is no CPE available for this course.

This course covers proven techniques based on understanding the psychology of fraud to help prevent and mitigate fraud within core business systems. After defining fraud and establishing the universal scope of the problem fraud presents to organizations worldwide, it examines the psychology and motivations of fraudsters to help understand and develop strategies for prevention and detection. By understanding the psychology of fraud, we will be better able to design fraud prevention, detection, deterrence controls, analysis, and investigations. This course also includes proven fraud prevention and detection techniques based on an understanding of the psychological factors related to fraud. Armed with a thorough understanding of how psychology impacts behaviors, participants will be better prepared with the knowledge needed to create a more effective anti-fraud environment.

This course covers the basic concepts of risk assessments and enterprise risk assessments (ERAs) and how data analytics can optimize the risk assessment process; it also covers how to use risk assessments in risk-based auditing at the annual audit planning, the engagement planning, and the audit program development levels. It also includes Enterprise Risk Management (ERM) fundamentals, best practices, and examples of tools, templates, and reports commonly used in the risk management process. There is also coverage of ERM metrics using data analytics.

To better partner with key business stakeholders and add value to one’s organization, it is necessary to understand key business risks. Therefore, the course devotes significant coverage to common business functions and their respective key processes, as well as the related risks, including Accounting, Financial Reporting, Human Resources, Legal, Sales, Contracts, Customer Service, Transportation/Delivery Service, IT, Manufacturing, Compliance, Quality Assurance, and Research & Development.

Throughout the course, there are exercises, informative articles, case studies, examples of tools and templates, and graphical depictions to help the participant apply concepts and theories to practical use in their organization. The course wraps up with reporting risk information to key stakeholders, including what’s important to the Board as it relates to communicating risk information.

This course covers the basic concepts of risk assessments and enterprise risk assessments (ERAs) and how data analytics can optimize the risk assessment process; it also covers how to use risk assessments in risk-based auditing at the annual audit planning, the engagement planning, and the audit program development levels. It also includes Enterprise Risk Management (ERM) fundamentals, best practices, and examples of tools, templates, and reports commonly used in the risk management process. There is also coverage of ERM metrics using data analytics.

To better partner with key business stakeholders and add value to one’s organization, it is necessary to understand key business risks. Therefore, the course devotes significant coverage to common business functions and their respective key processes, as well as the related risks, including Accounting, Financial Reporting, Human Resources, Legal, Sales, Contracts, Customer Service, Transportation/Delivery Service, IT, Manufacturing, Compliance, Quality Assurance, and Research & Development.

Throughout the course, there are exercises, informative articles, case studies, examples of tools and templates, and graphical depictions to help the participant apply concepts and theories to practical use in their organization. The course wraps up with reporting risk information to key stakeholders, including what’s important to the Board as it relates to communicating risk information.

Modern internal auditing is risk-based, objectives-centric, data-driven, and dynamic. This course provides key tips, tools, techniques, and examples to understand risk, and ways to apply data analytics during risk assessments and the review of various business functions.

This course focuses on risk assessments, and the use of data analytics while reviewing procurement, compliance, legal, human resources, and the IT functions.

Modern internal auditing is risk-based, objectives-centric, data-driven, and dynamic. This course provides key tips, tools, techniques, and examples to understand risk, and ways to apply data analytics during risk assessments and the review of various business functions.

This course focuses on risk assessments, and the use of data analytics while reviewing sales, financial reporting, contracts, customer service, and transportation.

Modern internal auditing is risk-based, objectives-centric, data-driven, and dynamic. This course provides key tips, tools, techniques, and examples to understand risk, and ways to apply data analytics during risk assessments and the review of various business functions.

This course focuses on risk assessments, and the use of data analytics while reviewing Heath, Safety, and Environmental Services (HSES), Research and Development (R&D), manufacturing, the organizational culture, and reporting.

This course covers the basic concepts of risk assessments and enterprise risk assessments (ERAs) and how data analytics can optimize the risk assessment process; it also covers how to use risk assessments in risk-based auditing at the annual audit planning, the engagement planning, and the audit program development levels. It also includes Enterprise Risk Management (ERM) fundamentals, best practices, and examples of tools, templates, and reports commonly used in the risk management process. There is also coverage of ERM metrics using data analytics.

To better partner with key business stakeholders and add value to one’s organization, it is necessary to understand key business risks. Therefore, the course devotes significant coverage to common business functions and their respective key processes, as well as the related risks, including Accounting, Financial Reporting, Human Resources, Legal, Sales, Contracts, Customer Service, Transportation/Delivery Service, IT, Manufacturing, Compliance, Quality Assurance, and Research & Development.

Throughout the course, there are exercises, informative articles, case studies, examples of tools and templates, and graphical depictions to help the participant apply concepts and theories to practical use in their organization. The course wraps up with reporting risk information to key stakeholders, including what’s important to the Board as it relates to communicating risk information.

This course covers the basics of risk assessments, risk assessment steps, templates, and examples. It also covers ERM metrics and effectiveness.

Modern internal auditing is risk-based, objectives-centric, data-driven, and dynamic. This course provides key tips, tools, techniques, and examples to understand risk, and ways to apply data analytics during risk assessments and the review of various business functions.

Topics covered in this course include an overview of risk-based auditing, developing an audit plan and audit programs. It also covers key data analytics terminology, continuous monitoring, the role of data analytics in risk management, and steps for using data analytics in risk assessments.

Modern internal auditing is risk-based, objectives-centric, data-driven, and dynamic. This course provides key tips, tools, techniques, and examples to understand risk, and ways to apply data analytics during risk assessments and the review of various business functions.

This course includes an overview of top risks every organization should be on the lookout for. It also covers risk assessments, and the use of data analytics while reviewing inventory, treasury, accounting, and travel and entertainment.

This course introduces participants to the basic concepts of risk, types of risks, and risk management (ERM) frameworks such as ISO 3000 and COSO ERM, and the IIA’s professional guidance on risk management. It also covers how to conduct risk assessments and ways of reviewing several common types of functional risk assessments, such as a fraud risk assessment, an IT risk assessment, a financial risk assessment, and best practices. The course includes examples of tools, templates, and reports commonly used in the risk management process. Also covered are risk appetite, measuring the impact/likelihood or risks, and black swans.

The course then transitions to risk-based auditing and applies it toward developing the annual audit plan and planning at the engagement and audit program levels. Other topics include talent management strategies for risk-based auditing, root cause analysis, risk mitigation strategies, data analysis, and continuous monitoring tools to ensure there is an effective method for addressing risk.

The course also covers key business risks, including operational, strategic, people, regulatory and financial, cybersecurity, and culture, in addition to emerging risks. Participants will review articles, case studies, examples of tools and templates, and graphical depictions to help the student apply concepts and theories to practical use in their organization.

This course introduces participants to the basic concepts of risk, types of risks, and risk management (ERM) frameworks such as ISO 3000 and COSO ERM, and the IIA’s professional guidance on risk management. It also covers how to conduct risk assessments and ways of reviewing several common types of functional risk assessments, such as a fraud risk assessment, an IT risk assessment, a financial risk assessment, and best practices. The course includes examples of tools, templates, and reports commonly used in the risk management process. Also covered are risk appetite, measuring the impact/likelihood or risks, and black swans.

The course then transitions to risk-based auditing and applies it toward developing the annual audit plan and planning at the engagement and audit program levels. Other topics include talent management strategies for risk-based auditing, root cause analysis, risk mitigation strategies, data analysis, and continuous monitoring tools to ensure there is an effective method for addressing risk.

The course also covers key business risks, including operational, strategic, people, regulatory and financial, cybersecurity, and culture, in addition to emerging risks. Participants will review articles, case studies, examples of tools and templates, and graphical depictions to help the student apply concepts and theories to practical use in their organization.

Auditors that understand risk are better prepared to provide reasonable assurance to the board that the organization’s processes support the achievement of objectives and ongoing practices are managing risk to acceptable levels. This is Part 2 of the Risk Audit School course series.

Topics covered include enterprise risk assessments, risk appetite, fraud risk assessment, Sarbanes Oxley (SOX) risk assessment, IT risk assessments, and black swans.

Auditors that understand risk are better prepared to provide reasonable assurance to the board that the organization’s processes support the achievement of objectives and ongoing practices are managing risk to acceptable levels. This is Part 3 of the Risk Audit School course series.

Topics covered include enterprise risk management (ERM) overview, reporting, effectiveness, and metrics.

Auditors that understand risk are better prepared to provide reasonable assurance to the board that the organization’s processes support the achievement of objectives and ongoing practices are managing risk to acceptable levels. This is Part 6 of the Risk Audit School course series.

Topics covered include acquiring and applying an agile mindset to auditing, and internal audit talent management.

Auditors that understand risk are better prepared to provide reasonable assurance to the board that the organization’s processes support the achievement of objectives and ongoing practices are managing risk to acceptable levels. This is Part 5 of the Risk Audit School course series.

Topics covered include key talent/people, regulatory/compliance, strategic, financial, operational, cybersecurity, culture and emerging risks.

Auditors that understand risk are better prepared to provide reasonable assurance to the board that the organization’s processes support the achievement of objectives and ongoing practices are managing risk to acceptable levels. This is Part 7 of the Risk Audit School course series.

Topics covered include the benefits, business case, challenges and success factors for risk-based auditing.

This collection of risk audit school courses introduces participants to the basic concepts of risk, types of risks, and risk management (ERM) frameworks such as ISO 3000 and COSO ERM, and the IIA’s professional guidance on risk management. It also covers how to conduct risk assessments and ways of reviewing several common types of functional risk assessments, such as a fraud risk assessment, an IT risk assessment, a financial risk assessment, and best practices. The courses include examples of tools, templates, and reports commonly used in the risk management process. Also covered are risk appetite, measuring the impact/likelihood or risks, and black swans.

The course then transitions to risk-based auditing and applies it toward developing the annual audit plan and planning at the engagement and audit program levels. Other topics include talent management strategies for risk-based auditing, root cause analysis, risk mitigation strategies, data analysis, and continuous monitoring tools to ensure there is an effective method for addressing risk. The course also covers key business risks, including operational, strategic, people, regulatory and financial, cybersecurity, and culture, in addition to emerging risks. Participants will review articles, case studies, examples of tools and templates, and graphical depictions to help the student apply concepts and theories to practical use in their organization.

Auditors that understand risk are better prepared to provide reasonable assurance to the board that the organization’s processes support the achievement of objectives and ongoing practices are managing risk to acceptable levels. This is Part 4 of the Risk Audit School course series.

Topics covered include the annual audit plan, engagement level planning, audit programs, root cause analysis, risk mitigation plans, data analytics, and continuous monitoring.

This course focuses on ESX and Hyper-V security. The course begins with virtualization basics, hardware virtualization considerations, and different versions of ESX. It examines best practices for securing ESX servers, access to the management console, ESX logging, and other configuration issues to ensure the ESX virtual server hosts are secure and stable. It then covers Hyper-V and best practices for securing a Hyper-V environment. It also covers the benefits and synergy of virtualization when implementing the organization’s disaster recovery strategy. Participants tie these concepts together by formulating a suggested audit program of ESX/Hyper-V and the virtual server environment. The course includes case studies using a combination of live demonstrations and exercises that reinforce important virtualization concepts and associated audit points addressed in real audit projects.

This course focuses on the skills required to effectively audit Active Directory. Using a Cloud-based Lab, each participant will have their own virtualized Windows Server 2016 Domain Controller and Windows 10 Workstation to practice the concepts and techniques learned during the class with a series of 15 hands-on labs. Output from each of the labs will be incorporated into an Excel spreadsheet. This spreadsheet can be used as the basis for an audit program after the class is completed. Separate sheets in the Auditing Active Directory Excel Spreadsheet summarize how to obtain Active Directory data using PowerShell scripts, a place to store samples of the PowerShell output, and items to review in the output. Participants can email their completed spreadsheet to take with them after the class with lab notes and PowerShell Scripts.

The course provides a practical methodology for auditing and securing Active Directory, attacks against Active Directory, and how to protect against those attacks. Audit techniques are designed to make Active Directory more secure and difficult to hack. The last day of class includes a role-playing exercise to put into practice the skills learned earlier in the course in a challenging real-world auditing environment. A working knowledge of Windows Server, Windows 7 or later, Excel, and VMware Workstation is helpful but not mandatory.

ATTENTION ... This is an ACCELERATED VERSION of our SSCP course. What that means for you is that we assume that you have a certain level of prior knowledge, and we move faster through the material We encourage you to try this format and see if it works well for you. The Systems Security Certified Practitioner (SSCP) is ideal for IT administrators, managers, directors and network security professionals responsible for the hands-on operational security of their organization’s critical assets. The certification demonstrates that the holder has been working in IT Security for at least one year, has a broad range of knowledge in seven domains related to creating, supporting, and maintaining a secure IT infrastructure and can implement things like risk management and risk identification.

This course provides the basic knowledge needed to understand and identify different types of occupational fraud that may exist in organizations.

This course provides the basic knowledge needed to understand and identify different types of occupational fraud that may exist in organizations.

This course focuses on the fundamental knowledge required to understand and identify asset misappropriation in organizations. Key points of the course include recommended practices for performing fraud risk assessments and planning fraud audits. You will learn how to identify common fraud indicators and red flags, understand typical cash theft schemes, as well as the audit procedures that can prevent and detect them. In addition, we cover common fraudulent disbursement schemes and the audit procedures to prevent and detect such payments. This course is designed for Auditors, Investigators, and Compliance Officers, and successful completion earns participants 2 CPE credits.

This course provides an overview of key psychological elements related to ethical and unethical conduct and the need for employee education.

In this course, participants will learn how to use risk assessment techniques and principles to build and conduct risk-based and value-added audit programs. It explores progressive approaches to assessing risk and determining the most appropriate strategies to build targeted audit programs for organizations and audit units. Attendees will learn how to build audit programs that will encompass an evaluation of a wider spectrum of risks: financial, information systems, regulatory and compliance, human resources, health & safety, operational effectiveness and efficiency, and reputational risks.

Through case studies and other interactive approaches, participants will have an opportunity to be hands-on in working through various scenarios. Finally, participants will learn effective approaches to include sustainable risk-mitigation and corrective action strategies in the report and ongoing monitoring efforts. Attendees will emerge from this course with a toolbox of proven implementable approaches that will enhance any internal audit function to generate high-value and high-impact outcomes.

In this course, participants will learn how to use risk assessment techniques and principles to build and conduct risk-based and value-added audit programs. It explores progressive approaches to assessing risk and determining the most appropriate strategies to build targeted audit programs for organizations and audit units. Attendees will learn how to build audit programs that will encompass an evaluation of a wider spectrum of risks: financial, information systems, regulatory and compliance, human resources, health & safety, operational effectiveness and efficiency, and reputational risks.

Through case studies and other interactive approaches, participants will have an opportunity to be hands-on in working through various scenarios. Finally, participants will learn effective approaches to include sustainable risk-mitigation and corrective action strategies in the report and ongoing monitoring efforts. Attendees will emerge from this course with a toolbox of proven implementable approaches that will enhance any internal audit function to generate high-value and high-impact outcomes.

Risk assessments are essential to build effective audit programs, and conduct risk-based auditing. This course is Part 2 of the Using Risk Assessment to Build Individual Audit Programs course series.

Topics covered include risks by cross-functional processes, management evaluation and mitigation of risks, levels of monitoring, categorization of risks, and an in-depth exploration of regulatory and compliance, financial, information systems, health and safety, human resources, operational and efficiency, and reputational risks.

CPE: 6.5

In this course, participants will learn how to use risk assessment techniques and principles to build and conduct risk-based and value-added audit programs. It explores progressive approaches to assessing risk and determining the most appropriate strategies to build targeted audit programs for organizations and audit units. Attendees will learn how to build audit programs that will encompass an evaluation of a wider spectrum of risks: financial, information systems, regulatory and compliance, human resources, health & safety, operational effectiveness and efficiency, and reputational risks.

Through case studies and other interactive approaches, participants will have an opportunity to be hands-on in working through various scenarios. Finally, participants will learn effective approaches to include sustainable risk-mitigation and corrective action strategies in the report and ongoing monitoring efforts. Attendees will emerge from this course with a toolbox of proven implementable approaches that will enhance any internal audit function to generate high-value and high-impact outcomes.

This course focuses on the uses and users of risk assessments, and how risk assessments relate to organizational goals, vision, mission, and strategic plans. It also covers compliance and regulatory requirements, compliance reports and submissions, responsible parties, and strategies for monitoring.

CPE: 5

Risk assessments are essential to build effective audit programs, and conduct risk-based auditing. This course is Part 4 of the Using Risk Assessment to Build Individual Audit Programs course series.

Topics covered include elements of a risk-based audit report and their visual representation, identification of the “why”, value-added recommendations and strategies, and the inclusion of management responses and corrective actions. It also includes evaluating risk, determining the cause, mitigating steps, involving other organizational units, monitoring, sign-off, updating the risk assessment, and mapping it to audits.

CPE: 7.5

Risk assessments are essential to build effective audit programs, and conduct risk-based auditing. This course is Part 3 of the Using Risk Assessment to Build Individual Audit Programs course series.

Topics covered include data mining and data analytics tools, summarizing and presenting data, the identification of risk areas, organization units included in the audit, and the objectives and scope of the audit. It also covers the management and staff involved in the audit, audit steps that focus on risk, and mapping observations.

CPE: 5

This course focuses on the three Es of performance auditing - economy, efficiency, and effectiveness of programs, projects, and processes - and provides ways to assess these themes within organizations.