Risk Audit School
Overview
This course introduces participants to the basic concepts of risk, types of risks, and risk management (ERM) frameworks such as ISO 3000 and COSO ERM, and the IIA’s professional guidance on risk management. It also covers how to conduct risk assessments and ways of reviewing several common types of functional risk assessments, such as a fraud risk assessment, an IT risk assessment, a financial risk assessment, and best practices. The course includes examples of tools, templates, and reports commonly used in the risk management process. Also covered are risk appetite, measuring the impact/likelihood or risks, and black swans.
The course then transitions to risk-based auditing and applies it toward developing the annual audit plan and planning at the engagement and audit program levels. Other topics include talent management strategies for risk-based auditing, root cause analysis, risk mitigation strategies, data analysis, and continuous monitoring tools to ensure there is an effective method for addressing risk.
The course also covers key business risks, including operational, strategic, people, regulatory and financial, cybersecurity, and culture, in addition to emerging risks. Participants will review articles, case studies, examples of tools and templates, and graphical depictions to help the student apply concepts and theories to practical use in their organization.
Why you should take this course.
For users with an introductory knowledge of this topic, and are searching for additional information and its application.
Here are the topics we'll cover.
-
Risk Basics
- Risk Definitions
- Risk Frameworks
- Risk Assessments
-
Enterprise Risk
- Enterprise Risk Assessments – Overview
- Enterprise Risk Assessments – Example
- Risk Appetite
- Internal Audit’s Role in Risk Management
- Fraud Risk Assessment
- SOX Risk Assessment
- SOX Risk Assessment – Example
- IT Risk Assessment
- IT Risk Assessment - Example
- Black Swans
- Black Swans – Example
-
Enterprise Risk Management (ERM)
- ERM Governance
- ERM – Standard Template
- ERM Effectiveness
- ERM Metrics
- ERM – Exercse
-
Risk-Based Auditing
- Defining Risk-Based Auditing
- Annual Audit Plan
- Engagement Level Planning
- Risk-Based Audit Program
- Audit Planning – Exercise
- Root Cause Analysis
- Risk Mitigation Plans
-
Risk-Based Tools
- Data Analytics
- Data Analytics – Exercise
- Continuous Monitoring
- Continuous Monitoring – Case Study
-
Key Business Risks
- HR/People
- Talent/People Risk – Case Study
- Regulatory Risk
- Regulatory Risk – Case Study
- Strategic Risk
- Strategic Risk – Case Study
- Financial Risk
- Financial Risk – Case Study
- Operational Risk
- Operational Risk – Case Study
- Cybersecurity Risk
- Cybersecurity Risk - Case Study
- Culture Risk
- Culture Risk – Case Study
- Emerging Risks
-
Executive Perspectives on Top Risks
- Top Risks – Article
- Top Risks – Exercise
-
Preparing Internal Audit Departments for Risk-Based Auditing
- Agile Mindset – Definition
- Applying Agile Principles to Auditing
- Agile Auditing – Case Study
- Agile Auditing – Exercise
- IA Talent Management
-
Marketing Risk-Based Auditing
- Benefits and Challenges
- Business Case
- Success Factors
Learning Style
Level
Who this course is for
NASBA Certified CPE
Field of Study
Length of course
Advanced Preparation
Here are the learning objectives we'll cover
- Know the fundamentals of the concept of risk, different types of risk, and some key regulatory frameworks and professional guidance available on the topic of risk, as well as how to assess and manage risks.
- Understand the steps of a risk assessment process through risk identification and risk measurement at a certain point in time, at both the enterprise level and the functional level, including the concept of risk appetite and through examples of several different functional risk assessments (Fraud, IT, Financial).
- Understand the risk management process (ERM) through recurring risk identification, measurement and mitigation, including the standard tools, templates, and reporting used in the ERM process through real examples and case studies.
- Understand the methodology and process for conducting risk-based auditing at the annual audit planning level, the engagement planning level, and the audit program level.
- Know how to prepare the IA function for a risk-based auditing approach, including adopting an agile mindset, hiring/developing audit talent, and communicating with key stakeholders about the benefits/value of risk-based auditing, as well as how to address certain challenges.