Using Risk Assessment to Build Individual Audit Programs

In this course, participants will learn how to use risk assessment techniques and principles to build and conduct risk-based and value-added audit programs. It explores progressive approaches to assessing risk and determining the most appropriate strategies to build targeted audit programs for organizations and audit units. Attendees will learn how to build audit programs that will encompass an evaluation of a wider spectrum of risks: financial, information systems, regulatory and compliance, human resources, health & safety, operational effectiveness and efficiency, and reputational risks.

Through case studies and other interactive approaches, participants will have an opportunity to be hands-on in working through various scenarios. Finally, participants will learn effective approaches to include sustainable risk-mitigation and corrective action strategies in the report and ongoing monitoring efforts. Attendees will emerge from this course with a toolbox of proven implementable approaches that will enhance any internal audit function to generate high-value and high-impact outcomes.

Why you should take this course.

For users with an intermediate knowledge of this topic, and are searching for a deeper understanding of its evolving complexities.

Here are the learning objectives we'll cover.

• The learner will be able to identify strategies to incorporate data analytics into the audit program to streamline audit work.
• The learner will be exposed to progressive approaches to creating audit reports that clearly and effectively communicate the audit results and risk posture to the audit committee, senior management, and organizational and operational leadership.
• The learner will learn effective approaches to include sustainable risk-mitigation and corrective action strategies into the report and ongoing monitoring efforts.

Here are the topics we'll cover.

1. What is Risk Assessment?

   • Setting the Stage
   • Goal and Audience
   • Uses for Risk Assessment

2. Strategic Plans

   • Strategic Plan, Vision, and Mission
   • Strategic Goals
   • Impediments to Strategic Goals

3. Organization’s Risk Assessment Approach

   • Compliance and Regulatory Requirements
   • Compliance Reports and Submissions
   • Responsible Parties
   • Current Strategies for Monitoring

4. Assessing Risk

   • Risks for Cross-Functional processes
   • Management Evaluation and Mitigation of Risk
   • Level of Monitoring

5. Categorization of Risks

   • Regulatory and Compliance Risk
   • Financial Risk
   • Information Systems Risk
   • Health and Safety Risk
   • Human Resources Risk
   • Operational Risk
   • Reputational Risk

6. Using Data Analytics

   • Data Analysis Tools
   • Data Mining
   • Summarize and Present Data

7. Risk-Based Audit Programs

   • Identification of Risk Areas
   • Organization units Included in the Audit
   • Objectives and Scope of Audit
   • Management and Staff Involved in Audit
   • Audit Steps That Focus on Risk
   • Mapping Observations

8. Risk-Based Audit Reports

   • Audit Reports and Risk Posture
   • Elements of a Risk-Based Audit Report
   • Visual representation of Audit Reports
   • Identification of the “Why”
   • Value-Added Recommendations and Strategies
   • Including Management Responses and Corrective Action Plans

9. Corrective Action Plans

   • Management Responses vs. Corrective Action Plan
   • Evaluating the Risk
   • Determining the Cause
   • Mitigating Steps
   • Determining Other Organizational Units Involved
   • Monitoring and Sign-Off

10. Updating Risk Assessments

    • Mapping Audits