IA-105 EFFECTIVE RISK-BASED AUDIT PLANNING AND EXECUTION

IA-105 EFFECTIVE RISK-BASED AUDIT PLANNING AND EXECUTION

DESCRIPTION

Risk-based auditing requires a deep understanding of the business and business objectives and operating rules to properly identify, evaluate, and prioritize the risks to the business. Business objectives and operating rules—the primary drivers of risk—have to be fully understood to ensure risks are identified and effectively evaluated.

 

This course will provide auditors with the skills necessary to plan and execute an effective risk-based audit that delivers measurable results to the organization. Participants will learn through lecture, group discussion, case studies, and small group exercises to ensure an interactive experience.

LEARNING OBJECTIVES:

  • Understand risk and the types of risk
  • Learn to identify, evaluate, and prioritize risk in your organization
  • Enhance interview and research skills needed to understand the business and identify risks
  • Strengthen one’s skills in developing risk-based audit test steps and work programs
  • Learn to utilize tools for planning and executing risk-based, properly scoped audits that are targeted and focused on the most significant areas of the business and processes

 

COURSE OUTLINE

The Role of Audit

  • The role of Audit today
  • IPPF standards

Audit Development Cycle: Closing the Loop Process

  • Defining the closing the loop process
  • The importance of planning
  • Understanding the business
  • Identifying business risks
  • Evaluating and prioritizing risks
  • Developing Audit objectives and defining scope
  • Evaluating the control environment
  • Developing testing | Testing of controls
  • Facilitating action

Planning: Understanding the Business

  • Identifying and understanding business objectives
  • Understanding business rules
  • Document review
  • Understanding the business processes
  • Documenting business processes—narratives/process flow charts/walkthroughs

Planning: Understanding the Business Methodologies

  • Document review and research
  • Interviewing tools and techniques

Planning: Scope

  • Defining Scope—what’s in and what’s out | SIPOC
  • Setting expectations with Management | Scope statements

Engagement Risk Assessment

  • Understanding risk | Identifying risk | Prioritizing risk
  • Types of risks—operational/financial/reputation/regulatory
  • Evaluating risk—Likelihood/significance/duration/velocity
  • Tying risks to business objectives

Identifying Control Criteria

  • Types of controls | Control objectives
  • Entity-level controls | Activity-level controls
  • Evaluating Controls—design vs. operating effectiveness

Risk-Based Testing and Sampling Methodologies

  • Determining testing approach and method
  • Determining sufficient, relevant, and reliable evidence
  • Weighing evidence

Results and Conclusions

  • 5 Cs | Root causes
  • Tying action plans to business objectives and risks
  • Framing issues from a business perspective
  • Using visualization in reporting
Duration

CPE

Delivery

Field

Level

Who Should Attend

Prerequisites

Advanced Preparation

2 Days

16

Group-Live

Auditing

Intermediate

Internal auditor staff and management of all levels

Auditors with at least 2 years of experience

None