Risk Based Auditing Techniques for Banks and other Financial Institutions

In recent times, audit functions in most forward-looking organizations have adopted a risk-based approach that is truly business oriented by focusing their efforts and deploying resources on significant risk that impacts overall business performance. The objective of this course is to present an opportunity for prospective internal auditors and people currently working as internal auditors to be exposed to technical skills and the requisite body of knowledge to enable them to conduct a basic risk-based internal audit. Internal auditors are expected to add value by collaborating with the management team in an organization and proactively identify and mitigate unforeseen events that can impact negatively on the operations and objectives of their organization.

In terms of the new definition internal auditors are also required to evaluate and audit risk management, controls, and the governance processes. The internal auditor is expected to assist management by providing assurance as to whether the systems they have implemented are working as intended and whether the risks that threaten the company’s objectives have been identified and are being properly managed.

Programme Objective

This course will aid people in risk-based internal auditing and even people who would like to re-skill into this new dynamic field to adapt to the requirements surrounding a risk based internal audit of an organization.

Overview of the Function of Internal Auditing

• Identify the value of internal auditing.
• Internal auditing – definitions, concepts, and terminologies.
• Internal audit standards related to risk-based auditing.
• Risk-based auditing in organization

Why Risk-Based Internal Auditing

• Risk-based internal auditing defined.
• Paradigm shifts in internal auditing.
• Differentiating risk-based auditing from current approaches.

Corporate Governance               

• Define corporate governance.
• Identify Performance Standard 2110: Governance
• Identify the areas an internal audit must assess, evaluate, and report on to assure adequate corporate governance.

Module 3: Enterprise Risk Management

• Define enterprise risk management (ERM) and risk.
• Identify the difference between inherent and residual risk.
• Risk Management Assumptions

Module 4: Control (and Risk) Frameworks

• Define Performance Standard 2130: Control.
• Identify the elements of COSO control and ERM frameworks.
• Identify the internal control environment factors, risk management factors, control activity factors, information and communication factors, and monitoring factors.

Module 5: Entity-wide Risk Assessment

• Identify Assurance Performance Standard 2130.A1.
• Identify the process for performing an entity-wide risk assessment.
• Define business process.
• Identify the process of developing an audit plan.

Module 6: Risk-based Audit Engagement

• Identify the process of performing a risk-based engagement.
• Identify the attributes of a business process definition or objective.
• Identify the risk-to-business processes and risk events.
• Identify the four common ways to manage risk.
• Identify the definition of controls, the type of controls, and evaluation methods for controls.
• Identify internal audit Standards 2210, 2210.A1, 2210.A2, 2210.A3, and 2240.
• Identify the guidelines for reporting the results of a risk- based audit engagement, Is it right for you?

For Whom:

This course is targeted at.

• Internal Auditors
• Risk Managers and
• Compliance Officers across all sectors