Training Objectives

By the end of the webinar, participants will be able to:

• Explain the regulatory expectations for internal and external audits in EU/Cyprus Investment Firms (MiFID II, CySEC framework, governance principles).
• Clearly distinguish between the roles of Internal Audit, External Audit, Compliance, Risk Management and the Board.
• Translate audit findings into risk-based, prioritised and time-bound action plans.
• Use audit reports as a strategic tool to enhance the firm’s business model, client value proposition and operational resilience.
• Prepare effectively for CySEC onsite and offsite inspections using structured checklists and evidence packs.
• Identify common “red flags” and typical mistakes made by firms before, during and after inspections – and how to avoid them.

Training Outline

Regulatory & Governance Framework

• MiFID II, CySEC directives and ESMA guidelines relevant to audits
• The Three Lines of Defence model in investment firms
• Role and independence of Internal Audit and External Audit
• Responsibilities of the Board and Senior Management

Internal Audit in Investment Firms

• Risk-based audit planning and annual audit plan approval
• Scoping audits for key areas (safeguarding, best execution, AML, complaints, governance)
• Conducting effective fieldwork and documenting audit evidence
• Rating findings and agreeing realistic management actions

External Audit & Assurance Engagements

• Interaction with External Auditors and handling audit queries
• Using external audit reports to validate and refine internal control frameworks

Turning Findings into Action

• From findings to root-cause analysis and control design
• Prioritisation: risk/materiality, regulatory urgency, client impact
• Building and maintaining an Audit Findings Register and Action Plan Tracker
• Allocating ownership, deadlines, and measurable success indicators
• Reporting to the Board and Committees: dashboards and summaries

CySEC Onsite & Offsite Inspections – Do’s & Don’ts

• Understanding CySEC’s supervisory approach and documentation requests
• How to use audit work to demonstrate control effectiveness
• Dos and don’ts before the inspection (readiness checks, data rooms, internal alignment)
• Dos and don’ts during the inspection (interviews, behaviour, disclosure, consistency)
• Dos and don’ts after the inspection (responses, remediation, evidence, follow-up)
• Using inspection feedback to further strengthen the business model

Case Studies, Templates & Practical Tools

• Realistic case studies from Cyprus Investment Firms
• Mapping audit findings to business model and revenue streams
• Q&A and discussion on participants’ real-life challenges

Who Should Attend

This programme is designed for:

• Executive Directors and Board Members of Investment Firms
• Compliance Officers and Heads of Compliance
• Internal Auditors and members of Internal Audit functions
• Risk Managers and Operational Risk Officers
• Finance Managers and those liaising with External Auditors
• Heads of Portfolio Management, Dealing, Operations and Back-Office
• Consultants and professionals supporting Cyprus Investment Firms on governance, risk and compliance matters

Training Style

The course is highly practical and interactive, blending concise technical presentations with case studies from real supervisory experiences and guided discussions. The focus is on “how to do it in practice”, enabling participants to immediately apply tools and behaviours within their own firms.

CPD Recognition

This programme may be approved for up to 5 CPD units in Financial Regulation. Eligibility criteria and CPD Units are verified directly by your association, regulator or other bodies which you hold membership.

In-house Training

For groups within the same organisation, this course may be customized to meet any specific needs and delivered in-house.