Risk‐based Internal Audit
According to the Basel Committee on Banking Supervision, internal auditors and supervisors should use risk-based approaches to determine their respective work plans and actions.
Furthermore, the International Standards for the professional practice of Internal Auditing (2010) indicate that the Internal Audit’s Activity Plan of engagements must be based on a documented risk assessment, undertaken at least annually. The COSO – ERM Internal Control System is the most modern and dynamic framework to approach and assess a company’s risks, and its adoption is a major challenge as a bank’s risk profile is constantly evolving.
In addition, the audit approach has changed dramatically in the past decade so that, instead of auditing processes and systems, great emphasis is given to risk–based auditing approaches. To keep up with modern trends, internal auditors should adopt a risk-based engagement. All the more so, considering that companies rarely have excess audit capacity, thus available resources should be used effectively and efficiently.
Taking part in many case studies and group discussions, participants of the seminar will understand how to systematically assess all types of risks by using a globally accepted practices and will realize their role in the risk assessment process, explore control self-assessment techniques and learn how to organize and execute risk-based auditing.
By the end of the seminar participants will attain a good understanding of the audit process currently used by world class internal audit units and will understand how to effectively execute risk–based audits.
- Definition of Risk
- The internal Control Framework of COSO – ERM
- Comparison of COSO to COSO – ERM
- Risk components (Internal Environment, Objective Setting, Identification of Risks, Risk Assessment, Risk Response, Control Activities, Information and Communication, Monitoring)
- Types of Risks
- Methods of Risks’ identification
- Risk Assessment Factors
- Gross and net Risks
- Risk Appetite
- Applying COSO – ERM model
- Factors of success
- The internal auditor’s role during the implementation of COSO – ERM
- The International Standards for the Risk Based Audit
- Procedures for the formulation of risks catalogue
- Basic categories of risks
- Basic principles for the Internal Control Systems
- Control Self-Assessment techniques – organization of a live workshop
- Risk Register and Risk Mapping
- Formulation of the annual audit plan
- Execution of risk-based audits
- The internal audit report based on risks
- Knowledge, capabilities and skills of the auditor to implement risk-based audit
The programme is designed to deliver knowledge and enhance participants’ skills via short lectures, case-studies, practical examples, real-life simulations. Participants will also benefit from customised feedback at the end of the programme and take away the knowledge gained to be transferred to their workplace.
Most of the training time will be invested in analysing a real-life case study that will help participants understand how to run risk-based audits at all audit faces, how to create the long term and annual planning based on prioritization of risks, how to prepare the audit reports based on risks’ size and how to implement follow up activities risk-based.
Who Should Attend:
- Officers and staff working in Internal Audit Units at all levels (inspectors, internal auditors)
- Officers working in Compliance Units
- External auditors
- Audit Committee members
- Security professionals
- Risk Management analysts