Risk Based Internal Audit

Course description

This course is available on in-company basis only at the moment. If you have 3-4 people or more we can deliver it either virtually or in-person in any location worldwide. Contact us to discuss your requirements. 

The course is conducted by a senior expert with over 25 years of practical international experience.

The Institute of Internal Auditors defines Risk Based Internal Auditing (RBIA) as a methodology that links internal auditing to an organization’s overall risk management framework. RBIA allows internal audit to provide assurance to the board that risk management processes are managed effectively and appropriately to the risk appetite.

But every organisation is different in terms of its attitudes to risk, organisational structures, internal processes and procedures. Experienced internal auditors need to adapt these ideas to the needs of their organisation in order to implement RBIA. Once implemented correctly, RBIA offers tremendous advantages to any company.
This intensive 2-day course provides a thorough overview of RBIA processes, planning stages and measurement strategies. You will gain the practical tools to set up, analyse and manage RBIA within your organisation.

What will you learn

By the end of this course you will:

  • Have a sound understanding of Risk Based Internal Audit function and process and be able to differentiate it from a regular internal audit approach
  • Gain the tools to set up and affectively measure the framework within your organisation
  • Understand the role of COSO and ERM in internal auditing
You may be interested in the following programmes:

Register for any 2 courses at the same time and save extra £100 (in total, not per course). 

Main topics covered during this training

  • Traditional Approach versus Risk Based internal approach
  • Stages of Risk Based Internal Auditing
  • Measuring the effectiveness of Risk Based Internal Auditing
  • The COSO risk management framework
  • ERM – Enterprise Wide Risk Management
  • Analysing Risk Maturity
  • RBIA in practice
  • Model Process for Assessing & Evaluating Risks
  • Risk Assessment Tools
  • Analysing Internal Audit Process

Who should attend

This practical hands-on training course is designed for professionals from corporates, financial institutions and risk sensitive organisations. The following job titles/ positions will benefit from attending:

  • Board members, especially risk and audit committee chairs and members
  • Chief Risk Officers
  • Heads of market, credit, and operational risk
  • Head of Risk Management
  • Chief Compliance Officers
  • Chief Audit Officers
  • Chief Financial Officers
  • Actuaries
  • Treasurers
  • Auditors (External & Internal)
  • Bank regulators and examiners
  • Risk management consultants

Risk Based Internal Audit - A 2-Day Programme

What is Risk Based Internal Auditing? 

  • An introduction to Risk Based Internal Auditing
  • Traditional Approach versus Risk Based internal approach
  • Stages of Risk Based Internal Auditing
  • Measuring the effectiveness of Risk Based Internal Auditing
Risk Based Internal Auditing – Background 
  • Rationale behind Risk Based Internal Auditing
  • Internal Audit – Definitions, objectives and scope
  • The “Expectations Gap”
  • The RISK BASED Internal Audit
  • Comparison to the traditional approach
Risk Management
  • Understanding risk
  • The attributes of risk – Likelihood & Consequence
  • The Risk Heat Map
  • Audit risk
  • Business risks – classification, internal & external, controllable & non-controllable
The COSO risk management framework
  • Understanding COSO
  • COSO — An Integrated Risk Management Framework
  • The COSO ERM Framework
  • COSO in Finer Detail
  • Updates to COSO
Basic concepts of risk management
  • Risk capacity, risk appetite, risk response
  • Inherent & residual risk
  • Entity risk assessment & Business process risk assessment
  • Significant risk
  • Risk register
ERM – Enterprise Wide Risk Management
  • ERM and the Board of Directors
  • What is covered under ERM
Risk Maturity
  • What is risk maturity
  • Why it is important
  • Risk maturity levels
  • Scorecard for assessing risk maturity
  • Analysing the risk maturity results
Using a Risk Based Internal Audit (RBIA) Methodology
  • Audit is of management of risks and not of risk
  • Key reporting areas in the management of risks
  • Documenting Board assurance requirements and risk appetite
  • Audit strategy & risk maturity
  • Selecting individual risks to audit
  • Frequency of coverage
  • Including the Risks into an Audit Assignment
  • Importance of selecting the right auditable unit
Stages of RBIA
  • Assessing risk maturity
  • Preparing the audit plan
  • Conducting the assurance audit
  • Reporting to the appropriate level
Model Process for Assessing & Evaluating Risks 
  • Risk assessment steps and tools
  • Risk identification
  • Business Activities that are Sources of Risk
  • Operational Risk and its categories
  • Risk identification methods
  • Industry risk models
  • Choosing which methods to use
  • Typical risk areas
  • Risk estimation (Risk measurement/ Risk scoring)
  • Risk evaluation
  • Risk Heat map & Actions Needed
  • Using risk scores
Risk Assessment Tools
  • Market survey
  • Dependency modeling
  • SWOT analyses
  • Event tree analysis
  • BPEST (Business, Political, Economical, Social & Technological)
  • Fault tree analysis (Root Cause Analysis)
  • FEMA (Failure Mode and Effect Analysis)
Internal Audit Process
In this section we cover the complete Internal Audit Process including the RBIA methodology. This includes the need for the Internal Auditor to become acquainted with the business and the industry allowing him to assess the risk maturity which determines his/her ability to provide the RBIA assurance and to review the risk assessment done by management and the her/his conclusion whether this risk register may be relied upon.
The process covered includes:
  • Strategic analysis
  • Enterprise risk assessment
  • Internal Audit Plan development
  • What Risks to Audit – An Alternative Approach
  • Internal Audit execution
  • The Process Risk Matrix
  • Reporting
  • Issue Resolution tracking
Case Study: How the RBIA methodology is applied
This is an illustrative case study showing how the RBIA methodology is applied in a real world environment.
Comparing the Two Methodologies 
We compare the RBIA methodology to the regular audit methodology and examine them in terms of:
  • Managing risk
  • Setting responsibility for risk management, and
  • Usefulness to the Board of Directors
Risk Registers 
We examine and discuss examples of the RBIA documentation form the case study including:
  • Risk Register
  • Audit Procedures and
  • Transaction Files
Closing Discussion: Difficulties facing the Internal Auditor 
We examine and discuss some of the pitfalls that the Internal Auditor may face in his/her assignment and some potential solutions.



Richard’s professional experience spans over 25 years. He started his career with Wells Fargo Bank, following by Fundtech and then moving to international advisory and consulting for the private and high-tech sectors providing high-level consulting, business analysis, project management and training to a wide range of banking clientele across the globe.

Over his career Richard was involved in International Trade Finance, Cross Border Payments and Settlements, Operational Risk, AML and Corporate Governance amongst others.
He has spent extensive time servicing a diversity of financial institutional clients in many countries including: UK, Ireland, China, Singapore, Hong Kong, Philippines, Korea, Malawi, Ghana, Nigeria, Kenya, South Africa, Poland, Sweden, Netherlands, Greece, Norway, Bermuda and across North America.
Clients that Richard has trained & consulted to include: JP Morgan, Abu Dhabi Commercial Bank, Qatar Exchange, Abu Dhabi Investment Authority, Central Bank of Egypt, Irish Gas, UBS, Central Bank of Ireland, Central Bank of Norway, Merrill Lynch, PGGM, BP, Asian Development Bank, African Development Bank, Instinet, Fundtech, European Central Bank, Brunei Investment Agency, British Steel Pension Fund, Salesforce and Tullet Prebon amongst others.



We offer banking and finance courses as well as soft skills and business management training. You can either attend an open public course in London or Dubai or arrange customised in-house training to be delivered in any of your offices worldwide.

Most of our public courses are run over 2 full days. Some programmes are offered as a 1 or 3 day training.

In-house training is tailored to client’s requirements and can be organised over 1 day, 2-3 weeks or longer.

Public courses are organised mainly in London and Dubai. Occasionally we organise courses in other centres like Paris or New York. Check our public course calendar for the current list of programmes. We use a range of training venues, all in the centre of the cities and with excellent transport links to the airports and train stations.

In London we use venues in the centre (near Oxford Circus station or in Mayfair) or in the City (near Liverpool Street or Moorgate stations).

In Dubai our courses are organised in one of 4-5* hotels in the Deira district. Once you register we will send you detailed information together with accommodation options if required.

Our in-house courses can be delivered anywhere in the world. We work with over 25 trainers worldwide. Contact us do discuss your requirements. Check our list of available programmes.

Our courses are run in central locations from 9 a.m until 5-5.30 p.m. There are 2 coffee breaks and a lunch break. Lunch is always provided in the venue.

Dress code is smart casual.

All our programmes are taught by senior specialists who have spent many years in their respective sectors, working as senior managers and head of departments, so they understand very well the market and the challenges you are facing.

The experience of our trainers allows us to create very practical programmes, focused on current market trends and challenges. You can be sure that you will gain the knowledge which can be instantly applied in your workplace after the course. You will be analysing real life case studies, take part in group exercises and discussions as well as role plays, whenever applicable.

We want our courses to be as practical and interactive as possible so we limit the number of participants in order to optimise your time with the trainer and allow you to ask questions which are important for you.

In order to understand your requirements and expectations, we will send you a pre-course questionnaire.

You will also receive post-course support so if you have any questions after you left the training, you are welcome to contact us.

There are 2 easy ways to register:

  1. Go to the course of your choice and click Register Now button to fill the registration page
  2. Email us to enquiry@eurekafinancial.com

After you register, we will send you registration confirmation and an invoice so you can arrange the payment. Please note that your place is not confirmed until we receive it.

If you register within Early Bird discount period, there’s limited time to arrange the payment in order to be eligible for the discount. You will find all the details on the invoice.

We don’t advise to make any travel and hotel arrangements until you receive full course confirmation from us.

We will send you venue and course details as soon as possible but most likely about 3-4 weeks prior to the course commencement.

You can pay by:

  • Making a bank transfer
  • Debit/credit card
  • Cheque payable to Eureka Financial Ltd. - only within UK

Just mark preferred paying option on the registration form. Whichever form of payment you choose we will always send you an invoice.

If you pay by card, a 2.2% processing fee will be added. We will send you authorisation form so you can give us your card details.

Included in the price of a public course are:

  • Course tutorial
  • Take away course materials
  • Course Certificate
  • Lunch on the days of the training as well as drinks and snacks throughout the course

The price doesn’t include accommodation, flights, transfers and any additional costs outside of the training venue.

Yes, we always offer Early Bird discount, so the sooner you register the more savings you can make. We also offer group discounts and if you register for 2 or more programmes at the same time.

If you are a full time student or unemployed, we offer a 25% discount of the full price of the training. Student ID or unemployment status confirmation is required to claim this discount.

If you attend one of our courses you will be entitled to a special discount for a year after the last course you attend with us. Also, if you have attended and recommended us to a friend, both you and your friend will receive a special discount. You will receive more information about it after you attend the course.

See our Customer Loyalty Discounts page for more details.

All our courses based in the UK are subject to the VAT charge of 20%. This fee is irrespective of the country of residence of the delegates.

You can, however, claim the VAT back by contacting UK tax office - HMRC, and filling the relevant form, as long as you comply with the following rules:

For Delegates coming from the EU countries

If you represent a registered business in another EU country, you can use the Refund Scheme to reclaim VAT you pay in the UK as long as all of the following apply:

  • You're not registered for VAT in the UK and don't have to, or can't be, registered here
  • You don't have a place of business or a residence in the UK
  • You don't make any supplies in the UK

You can find some more information here. In order to claim the VAT you have to fill Form 65.

For the Delegates from Non EU countries

If you represent a registered business in a non-EU country, you can use the Refund Scheme to reclaim VAT you pay in the UK as long as all of the following apply:

  • You're not registered for VAT in the UK and don't have to, or can't be, registered here
  • You don't have a place of business or a residence in the EU
  • You can only use the Refund Scheme if your own country operates a similar scheme and makes it available to UK businesses. If your country has its own Refund Scheme but doesn't let UK businesses use it, you can't claim under the UK Refund Scheme.
  • You don't make any supplies in the UK

If the following rules apply to you, please fill the 65A form and send it to HMRC.


You can cancel your participation up to a month before the course and receive a refund minus 10% of the full course value. Between 2-4 weeks before the course you will be charged 50% cancellation fee and if you cancel less than 2 weeks before the course you can only offer your place to a colleague. Up to 2 weeks before the course you can reregister for another edition for 10% reregistration fee if there is another webinar offered or you can rebook for a course in London by paying the difference in price plus 10% reregistration fee.

Classroom Courses

If there is any official travel restriction or difficulty related to the COVID pandemic around the time of the course we will convert the training into a webinar or offer to attend the next classroom edition at no extra cost.

If you are unable to attend the course, you can either send a replacement at no extra charge or, up to 10 days before the training, you can transfer your booking to another edition within the next 6 months paying administrative fee of 20% of the full course price. For any cancellation requests received between 11 days and 4 weeks from the course we offer 50% refund or reregistration to another edition for 25% of the value of the booking. For any cancellation requests received more than 4 weeks before the course date we will offer a refund less an administration fee of 10% of the full course price.

Cancellations must be made in writing (letter or email) and reach our office four weeks prior to the course date. We regret that only limited refunds can be given after this period as per points above. Non-attendance without any notification will be charged at full rate. Your place on a course is not guaranteed until we receive the payment. All payments must be made in full before the course date.

All our trainers have been working for many years in their respective sectors before they begun to teach so they bring a wealth of practical experience to the classroom.

Most of them used to work for 15 or more years in the financial sector and corporate world, and were holding positions of Directors, VP and Senior Managers. Some of them have published books and have written articles for specialised magazines and newspapers including FT, The Independent, The Times etc. You can find detailed biography of each trainer on the page of the course you want to register for.

Yes, you will receive a Certificate of Attendance at the end of the course you attend.

If you have to apply for a Visa to attend a course in the UK, we will issue a letter to support your application. The letter will be issued only after the payment for the course has been made.

It is delegate’s responsibility to obtain a Visa and failure to do so will not make the participant exempt from the cancellation policy.

Anyone suspected of applying for a training course simply to gain a Visa letter will be reported to their embassy.

We will need the following information to issue an invitation letter:

  • Full name as it appears on your passport
  • Date of birth
  • Passport number
  • Passport issue date
  • Passport expiry date

This topic can be arranged on in-company basis. If you have a group of 4 or more we can customise it and deliver in any location worldwide. Contact us to discuss your requirements



We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.