Risk Based Internal Auditing - UK-OAR351

You will learn how to plan, perform, and report on the results of risk-based audits. Also, how this approach differs from controls-based, raise awareness, and better articulate the benefits of this approach as a means to add value.

Objectives

Understanding the scope and content of the course, and how the next three days has the potential to significantly change the way internal audit operates within your organization.

Course Contract

• How we will work together over the next three days to ensure that the objectives are achieved
• Why risk based internal auditing?
• Overview and Objectives
• The role and purpose of internal audit
• The added value role of internal audit
• The different approached to internal audit
• The way the three key internal audit approaches fit together and/or conflict
• Exercise
• What does an organization seek from its internal auditors Risk Management – general concept

Risk management within the business

• Identifying the risks facing the business
• Assessing the risk impact
• Rating /prioritizing risks
• The risk continuum
• Exercise
• Create a corporate risk register for an organization

Corporate Governance

• Why corporate governance
• Fitting the pieces of the jigsaw together
• What does ‘good’ corporate governance look like
• Is it one size fits all?
• Exercise
• What does corporate governance mean to your business and what does it look like

Summary of the day

• The annual lifecycle of internal audit
• Tomorrow
• Any questions

A risk based audit plan

• Reliance on the organisations risk registers
• Nature and purpose of internal audit plans
• Risk based planning
• Key influences
• Control environment
• Exercise
• Case study create a risk based internal audit plan (including consideration of risks, resources, timescales and the level of assurance required)

Risk based internal auditing – how to guide

• Terms of reference for the audit
• Exercise
• Create a terms of reference for an audit considering approach, scope, risks, controls and added value
• Audit Documentation
• Exercise
• Consider the different methodologies for documenting a system including narrative, flowcharts, and risk matrices
• Internal audit testing
• Purpose
• Methodology
• Approach
• Test samples
• Exercise
• Consider the elements of and create a test programme for a predetermined internal audit
• Evidence
• Exercise
• Consider why evidence is important and what are the challenges facing internal audit with regard to evidence
• Emerging findings
• Exercise
• Draw together the issues that have arisen during the audit and explore the methods available for reporting them

Summary of the day

• How the pieces of the jigsaw are fitting together
• Tomorrow
• Any questions

Reporting

• Individual internal audit reports
• Internal audit reports to the Audit Committee
• Internal Audit annual assurance statement
• Statement on internal control
• Exercise
• Consider the content of the annual internal audit assurance statement and the link to the organisations statement on internal control

How to deliver a risk-based audit report

• What does your client want from an audit report?
• Written or verbal reporting
• Frequency of reporting
• Exercise
• Consider the format and content of a risk based audit report
• The internal audit report then what?
• Follow up
• Escalation

Is your organisation ready for risk based internal auditing?

• Profile of internal audit
• Skill set of the internal audits
• The maturity of risk management within the organisation
• The level of assurance required from internal audit by the organisation
• Exercise
• Consider whether to simply tick the box or really add value

Closure of the course

• Has the course achieved its objectives
• What happens now back at work?
• How to engage with your organisation
• Questions