Risk Based Internal Audit

This programme is only available on in-company basis. Please, contact us for more information

In-company Training, contact us to discuss your requirements

Course Description

The Institute of Internal Auditors defines Risk Based Internal Auditing (RBIA) as a methodology that links internal auditing to an organization’s overall risk management framework. RBIA allows internal audit to provide assurance to the board that risk management processes are managed effectively and appropriately to the risk appetite. 

But every organisation is different in terms of its attitudes to risk, organisational structures, internal processes and procedures. Experienced internal auditors need to adapt these ideas to the needs of their organisation in order to implement RBIA. Once implemented correctly, RBIA offers tremendous advantages to any company. 
 
This intensive 2-day course provides a thorough overview of RBIA processes, planning stages and measurement strategies. You will gain the practical tools to set up, analyse and manage RBIA within your organisation.

What Will You Learn

 By the end of this course you will: 

  • Have a sound understanding of Risk Based Internal Audit function and process and be able to differentiate it from a regular internal audit approach
  • Gain the tools to set up and affectively measure the framework within your organisation
  • Understand the role of COSO and ERM in internal auditing

Main Topics Covered During This Training

  • Traditional Approach versus Risk Based internal approach
  • Stages of Risk Based Internal Auditing
  • Measuring the effectiveness of Risk Based Internal Auditing
  • The COSO risk management framework
  • ERM – Enterprise Wide Risk Management
  • Analysing Risk Maturity
  • RBIA in practice
  • Model Process for Assessing & Evaluating Risks 
  • Risk Assessment Tools
  • Analysing Internal Audit Process

Who Should Attend

This practical hands-on training course is designed for professionals from corporates, financial institutions and risk sensitive organisations. The following job titles/ positions will benefit from attending:

 
  • Board members, especially risk and audit committee chairs and members
  • Chief Risk Officers
  • Heads of market, credit, and operational risk
  • Head of Risk Management
  • Chief Compliance Officers
  • Chief Audit Officers
  • Chief Financial Officers
  • Actuaries
  • Treasurers
  • Auditors (External & Internal)
  • Bank regulators and examiners
  • Risk management consultants

, call us for more information

In-company Training, contact us to discuss your requirements

Risk Based Internal Audit - A 2-Day Programme

What is Risk Based Internal Auditing? 

  • An introduction to Risk Based Internal Auditing
  • Traditional Approach versus Risk Based internal approach
  • Stages of Risk Based Internal Auditing
  • Measuring the effectiveness of Risk Based Internal Auditing
 
Risk Based Internal Auditing – Background 
 
  • Rationale behind Risk Based Internal Auditing
  • Internal Audit – Definitions, objectives and scope
  • The “Expectations Gap”
  • The RISK BASED Internal Audit
  • Comparison to the traditional approach
 
Risk Management
 
  • Understanding risk
  • The attributes of risk – Likelihood & Consequence
  • The Risk Heat Map
  • Audit risk
  • Business risks – classification, internal & external, controllable & non-controllable
 
The COSO risk management framework
 
  • Understanding COSO
  • COSO — An Integrated Risk Management Framework
  • The COSO ERM Framework
  • COSO in Finer Detail
  • Updates to COSO
 
Basic concepts of risk management
 
  • Risk capacity, risk appetite, risk response
  • Inherent & residual risk
  • Entity risk assessment & Business process risk assessment
  • Significant risk
  • Risk register
 
ERM – Enterprise Wide Risk Management
 
  • ERM and the Board of Directors
  • What is covered under ERM
 
Risk Maturity
 
  • What is risk maturity
  • Why it is important
  • Risk maturity levels
  • Scorecard for assessing risk maturity 
  • Analysing the risk maturity results
 
Using a Risk Based Internal Audit (RBIA) Methodology
 
  • Audit is of management of risks and not of risk
  • Key reporting areas in the management of risks
  • Documenting Board assurance requirements and risk appetite
  • Audit strategy & risk maturity
  • Selecting individual risks to audit
  • Frequency of coverage
  • Including the Risks into an Audit Assignment
  • Importance of selecting the right auditable unit
 
Stages of RBIA
 
  • Assessing risk maturity
  • Preparing the audit plan
  • Conducting the assurance audit
  • Reporting to the appropriate level
 
Model Process for Assessing & Evaluating Risks 
 
  • Risk assessment steps and tools
  • Risk identification
  • Business Activities that are Sources of Risk
  • Operational Risk and its categories
  • Risk identification methods
  • Industry risk models
  • Choosing which methods to use
  • Typical risk areas
  • Risk estimation (Risk measurement/ Risk scoring)
  • Risk evaluation
  • Risk Heat map & Actions Needed
  • Using risk scores
 
Risk Assessment Tools
 
  • Market survey
  • Dependency modeling
  • SWOT analyses
  • Event tree analysis 
  • BPEST (Business, Political, Economical, Social & Technological)
  • Fault tree analysis (Root Cause Analysis)
  • FEMA (Failure Mode and Effect Analysis)
 
Internal Audit Process
 
In this section we cover the complete Internal Audit Process including the RBIA methodology. This includes the need for the Internal Auditor to become acquainted with the business and the industry allowing him to assess the risk maturity which determines his/her ability to provide the RBIA assurance and to review the risk assessment done by management and the her/his conclusion whether this risk register may be relied upon.
 
The process covered includes:
 
  • Strategic analysis
  • Enterprise risk assessment
  • Internal Audit Plan development
  • What Risks to Audit – An Alternative Approach
  • Internal Audit execution
  • The Process Risk Matrix
  • Reporting 
  • Issue Resolution tracking
 
Case Study: How the RBIA methodology is applied
 
This is an illustrative case study showing how the RBIA methodology is applied in a real world environment. 
 
Comparing the Two Methodologies 
 
We compare the RBIA methodology to the regular audit methodology and examine them in terms of:
  • Managing risk
  • Setting responsibility for risk management, and
  • Usefulness to the Board of Directors
 
Risk Registers 
 
We examine and discuss examples of the RBIA documentation form the case study including:
  • Risk Register
  • Audit Procedures and 
  • Transaction Files
 
Closing Discussion: Difficulties facing the Internal Auditor 
 
We examine and discuss some of the pitfalls that the Internal Auditor may face in his/her assignment and some potential solutions.
Eureka Financial Faculty

* - Fields marked with a star are obligatory.

Your privacy is important to us and we will not share your details with any third-party.

Submit

Thank you for your brochure request. One of our team members will send it to you shortly.

In the meantime, did you have a chance to see what our clients say about us?

Follow us on:


* - Fields marked with a star are obligatory.

Your privacy is important to us and we will not share your details with any third-party.

Subscribe

Thank you for your interest in our company and your enquiry. We will contact you shortly.

In the meantime, did you have a chance to see what our clients say about us?

Follow us on:

Risk Based Internal Audit <p>The Institute of Internal Auditors defines Risk Based Internal Auditing (RBIA) as a methodology that links internal auditing to an organization&rsquo;s overall risk management framework. RBIA allows internal audit to provide assurance to the board that risk management processes are managed effectively and appropriately to the risk appetite.&nbsp;</p> <div>But every organisation is different in ...