Professional Course

Risk Based Internal Auditing - UK-OAR351

ACI Learning, Online

Course description

Risk Based Internal Auditing - UK-OAR351

This course shows ways to maximize the quality and impact of internal audit by focusing on what matters most. Students learn how to develop a risk-based approach, and what tools, techniques and methodologies boost auditor effectiveness.

Do you work at this company and want to update this page?

Is there out-of-date information about your company or courses published here? Fill out this form to get in touch with us.

Who should attend?

Internal and IT auditors with 0-3 years of experience looking for a comprehensive understanding of the process of internal audit. This foundational course can be used to onboard rotational internal auditors, and other experienced professionals starting their carer in internal audit.


  • A basic knowledge of Internal Auditing

Training content

You will learn how to plan, perform, and report on the results of risk-based audits. Also, how this approach differs from controls-based, raise awareness, and better articulate the benefits of this approach as a means to add value.


Understanding the scope and content of the course, and how the next three days has the potential to significantly change the way internal audit operates within your organization.

Course Contract

  • How we will work together over the next three days to ensure that the objectives are achieved
  • Why risk based internal auditing?
  • Overview and Objectives
  • The role and purpose of internal audit
  • The added value role of internal audit
  • The different approached to internal audit
  • The way the three key internal audit approaches fit together and/or conflict
  • Exercise
  • What does an organization seek from its internal auditors Risk Management – general concept

Risk management within the business

  • Identifying the risks facing the business
  • Assessing the risk impact
  • Rating /prioritizing risks
  • The risk continuum
  • Exercise
  • Create a corporate risk register for an organization

Corporate Governance

  • Why corporate governance
  • Fitting the pieces of the jigsaw together
  • What does ‘good’ corporate governance look like
  • Is it one size fits all?
  • Exercise
  • What does corporate governance mean to your business and what does it look like

Summary of the day

  • The annual lifecycle of internal audit
  • Tomorrow
  • Any questions

A risk based audit plan

  • Reliance on the organisations risk registers
  • Nature and purpose of internal audit plans
  • Risk based planning
  • Key influences
  • Control environment
  • Exercise
  • Case study create a risk based internal audit plan (including consideration of risks, resources, timescales and the level of assurance required)

Risk based internal auditing – how to guide

  • Terms of reference for the audit
  • Exercise
  • Create a terms of reference for an audit considering approach, scope, risks, controls and added value
  • Audit Documentation
  • Exercise
  • Consider the different methodologies for documenting a system including narrative, flowcharts, and risk matrices
  • Internal audit testing
  • Purpose
  • Methodology
  • Approach
  • Test samples
  • Exercise
  • Consider the elements of and create a test programme for a predetermined internal audit
  • Evidence
  • Exercise
  • Consider why evidence is important and what are the challenges facing internal audit with regard to evidence
  • Emerging findings
  • Exercise
  • Draw together the issues that have arisen during the audit and explore the methods available for reporting them

Summary of the day

  • How the pieces of the jigsaw are fitting together
  • Tomorrow
  • Any questions


  • Individual internal audit reports
  • Internal audit reports to the Audit Committee
  • Internal Audit annual assurance statement
  • Statement on internal control
  • Exercise
  • Consider the content of the annual internal audit assurance statement and the link to the organisations statement on internal control

How to deliver a risk-based audit report

  • What does your client want from an audit report?
  • Written or verbal reporting
  • Frequency of reporting
  • Exercise
  • Consider the format and content of a risk based audit report
  • The internal audit report then what?
  • Follow up
  • Escalation

Is your organisation ready for risk based internal auditing?

  • Profile of internal audit
  • Skill set of the internal audits
  • The maturity of risk management within the organisation
  • The level of assurance required from internal audit by the organisation
  • Exercise
  • Consider whether to simply tick the box or really add value

Closure of the course

  • Has the course achieved its objectives
  • What happens now back at work?
  • How to engage with your organisation
  • Questions

Certification / Credits

Completion of this course is worth 24 CPE Credits

ACI Learning

ACI Learning

At ACI Learning, we train leaders in Cybersecurity, Audit, and Information Technology. Whether you're starting your IT career, mastering your profession, or developing your team, we're with you every step of the way. We believe that training is not a...

Read more and show all training delivered by this supplier