Risk Based Internal Auditing - UK-OAR351

You will learn how to plan, perform, and report on the results of risk-based audits. Also, how this approach differs from controls-based, raise awareness, and better articulate the benefits of this approach as a means to add value.

• How we will work together over the next three days to ensure that the objectives are achieved
• Why risk based internal auditing?
• Overview and Objectives
• The role and purpose of internal audit
• The added value role of internal audit
• The different approached to internal audit
• The way the three key internal audit approaches fit together and/or conflict
• Exercise
• What does an organization seek from its internal auditors Risk Management – general concept

Risk management within the business

• Identifying the risks facing the business
• Assessing the risk impact
• Rating /prioritizing risks
• The risk continuum
• Exercise
• Create a corporate risk register for an organization

Corporate Governance

• Why corporate governance
• Fitting the pieces of the jigsaw together
• What does ‘good’ corporate governance look like
• Is it one size fits all?
• Exercise
• What does corporate governance mean to your business and what does it look like

Summary of the day

• The annual lifecycle of internal audit
• Tomorrow
• Any questions

A risk based audit plan

• Reliance on the organisations risk registers
• Nature and purpose of internal audit plans
• Risk based planning
• Key influences
• Control environment
• Exercise
• Case study create a risk based internal audit plan (including consideration of risks, resources, timescales and the level of assurance required)

Risk based internal auditing – how to guide

• Terms of reference for the audit
• Exercise
• Create a terms of reference for an audit considering approach, scope, risks, controls and added value
• Audit Documentation
• Exercise
• Consider the different methodologies for documenting a system including narrative, flowcharts, and risk matrices
• Internal audit testing
• Purpose
• Methodology
• Approach
• Test samples
• Exercise
• Consider the elements of and create a test programme for a predetermined internal audit
• Evidence
• Exercise
• Consider why evidence is important and what are the challenges facing internal audit with regard to evidence
• Emerging findings
• Exercise
• Draw together the issues that have arisen during the audit and explore the methods available for reporting them

Summary of the day

• How the pieces of the jigsaw are fitting together
• Tomorrow
• Any questions

Reporting

• Individual internal audit reports
• Internal audit reports to the Audit Committee
• Internal Audit annual assurance statement
• Statement on internal control
• Exercise
• Consider the content of the annual internal audit assurance statement and the link to the organisations statement on internal control

How to deliver a risk-based audit report

• What does your client want from an audit report?
• Written or verbal reporting
• Frequency of reporting
• Exercise
• Consider the format and content of a risk based audit report
• The internal audit report then what?
• Follow up
• Escalation

Is your organisation ready for risk based internal auditing?

• Profile of internal audit
• Skill set of the internal audits
• The maturity of risk management within the organisation
• The level of assurance required from internal audit by the organisation
• Exercise
• Consider whether to simply tick the box or really add value

Closure of the course

• Has the course achieved its objectives
• What happens now back at work?
• How to engage with your organisation
• Questions