< Home > < Open Courses > < Outlines > Risk Based Audit

RISK BASED AUDIT

Audit functions that are able to focus their efforts towards the significant risk in their organisations are able to concentrate their limited resources on the issues which drive business goals and aspirations. In consequence audit plans are directed at the issues, which really matter.
Moreover, a participative approach whereby auditors and managers work together to identify, assess and control business risks significantly enhances the level of assurance and reduces the chances of nasty surprises

Led by Phil Griffiths, Managing Director of Business Risk Management Ltd, you and your colleagues can benefit from his expert knowledge of this value added concept. This course has been specifically designed to include exercises and case studies to enhance your knowledge and provide an opportunity for group discussion and interaction.

By attending this highly practical seminar you will discover how to:

• Address the full range of issues that concern management
• Understand how to identify, mitigate and control risks effectively
• Challenge management and sell the benefits of proactive risk management
• Audit major areas of risk for your business with confidence
• Add value to your organisation by the application of risk-based audit services
• Gain confidence in your audit plans through understanding the role of risk
• Develop and use high productivity techniques and tools
• Master all the modern techniques
• Measure success effectively

COURSE OUTLINE

Day 1 Risk and Internal Audit

Seminar Introduction

Risk Based Audit

• Definitions
• Trends (from the BRM Internal audit best practice database)
• The transition from systems based to risk based assurance
• The different approaches to audit
• Audit’s primary roles, objectives and concerns
• What is best practice?
• Perceptions of internal audit – various survey results
• The role of the function – policeman, risk assessor or consultant
• How to ensure you adopt best practice
• The key challenges resulting

  Exercise 1 Challenges for Internal Audit

• The need to widen the coverage - to become less financially based
• The need to introduce a broad business based approach and the actions required
• The steps needed to embrace a risk based approach

The Nature of Risk

• The concept of risk
• The relationship between risk and objectives
• Why senior management may lack a full understanding of the risks
• Risk culture
• Surprises and risk
• Measurement of risk: probability and impact (or likelihood and consequences)
• Categories of risk
• Inherent and residual risk

Business Risk

Exercise 2: Key Risks

• The wider business agenda – understanding strategic risks
• How risk management has grown from being a useful tool to being the very pulse of the organisation
• Corporate governance and the challenges posed
• Building an appreciation of your organisation’s risk appetite
• The AUS/NZ and COSO Risk Management Standards
• Steps to take in establishing a business risk management programme
• Leading the programme – skills required
• Outline of a best practice process

Risk Identification and Evaluation

• Approaches and techniques
• Explanation of a risk workshop approach
• The need for facilitation skills and the characteristics required
• How to identify, sift and group the risks
• The use of diagnostic questions and thought- provokers
• Measuring the consequences and the likelihood of occurrence of each key risk
• Risk scoring
• The use of risk matrices to prioritise the risks

  Exercise 3 Analysing a disaster

Assessment of Risk Mitigation

• The need for separate mitigation workshops
• How to assess risk mitigation
• Identification and evaluation of risk exposures
• Dealing with the exposures (The 4 Ts – terminate, tolerate, treat or transfer)
• Exploiting opportunities
• Establishment of action plans

Day 2 Essentials of Risk Based Auditing

The Internal Audit Role

• Audit’s primary roles, objectives and concerns
• What is best practice?
• The audit charter and terms of reference
• The role of the function – policeman, risk assessor or consultant
• The reputation of the function and how to assess it

  Exercise 4: Measuring added value

• Perceptions of internal audit – various survey results
• Audit personnel – numbers, skills, experience, etc.
• Measuring the value added
• Marketing the function

  Exercise 5: Marketing of the Function

Strategic Audit Planning

• Strategic audit planning
• The audit universe
• Determining audit priorities
• Best practice audit risk planning model (an electronic version of this world renowned model will be provided)

  Exercise 6: Audit Planning Using the Model

Tactical Audit Planning

• Audit programme development
• Sources of audit work
• Assignment planning and control
• Managing audit requests
• Fieldwork techniques
• Technology – CAATS, audit automation, etc.
• Audit coverage – geographic and business units
• How to cover specialist areas
• The need for future orientation

Undertaking a Risk based audit (Interactive)

Exercise 7 . Specific audits will be chosen for the purpose by the delegates

• Brainstorm the issues
• Build a picture of the risks
• Consider threats and opportunities
• Plan the assignment
• Determine types of test and techniques to use
• Determine the threats to success