Enrol for this course

Course Description

This one day course provides a highly useful and practical introduction to RBIA, examines the Position Statements of the IIA, and then looks at the practical application. This is a great course for involving whole teams where a changing approach is required to auditing.

Introduction and objectives

• Introductions
• Setting course objectives and expectations
• Discuss the relationship between corporate objectives, risk, controls, assurance, and audit
• Overview of the Risk Management process

What is RBIA?

• Examining the IIA Position Statements on RBIA
• 3-stage approach to RBIA

 
What is “Risk Maturity”?

• Examining the IIA Position Statement
• Risk Naïve, Aware, Defined, Managed, Enabled
• Consultancy & Assurance approaches
• Putting Risk Management into context

How to determine a Risk Based Audit Plan

• What internal audit can offer.
• How to structure the audit universe in future?
• Where to concentrate audit effort?
• Maintaining the balance of work between risk management and traditional auditing.
• Do we need to keep auditing the same risks year on year?
• Assurance frameworks
• How can you seek assurances from other providers?

How to conduct an RBIA

• When management has a good quality Risk Register
• When management has not completed a risk register before
• When the management Risk Register is not sufficient: conducting a facilitated risk assessment for audit purposes.
• We will work through the audit cycle from start to finish
• Choosing the appropriate working style
• Planning the work - how and when to involve the audit client
• Validating the Risk Register
• Testing assurances
• Testing control activities