Advanced Risk Based Auditing (Two Days Training)

Advanced Risk Based Auditing (Two Days Training)

  • Overview
  • Course Outline
  • Fee & Instructions:
  • Why Should Attend
  • Testimonials


Course objectives:

The Institute of Internal Auditors in a professional guidance statement stated the following:-

‘Internal Audit is being asked to provide much greater assurance to Senior Management than ever before. The Institute believes that the only way to provide such objective assurance is by means of risk-based auditing.

Most Internal Audit functions would say that their functions have adopted a risk-based approach However, has this process been fully embedded? This course covers the latest developments. The course features a case study on the step-by-step approach to a risk-based audit in the fast-changing business environment.

Course Level:
  • This is an intermediary level course and delegates should have at least 12 months experience in Internal Audit (or other assurance roles) to attend
  • Delegates should have a good educational standard and/or a professional qualification or be in the process of studying for such qualifications
  • No advance preparation is required
  • Delivery method – On-line live (with exercises and case studies to provide practical application of the tools and techniques)
After completing this course, you will be able to
  • ENHANCE internal audit’s contribution to the business
  • ENGAGE more positively with senior management
  • DETERMINE a strategic audit plan which is flexible, but simple to explain to senior management
  • DELIVER more focussed audit plans through developing the appreciation of operational risk
  • PLAN assignments effectively to focus on the key risks
  • CHALLENGE management’s evaluation of the residual risks
  • PLAN risk based assignments efficiently and effectively
  • COORDINATE your role with the other assurance providers
  • AUDIT the Corporate Governance process
 CPE credits
  • Participants will earn 9 CPE credits ( 6 in the Auditing field of study and 3 in the Management Advisory Services field of study)
Course Director:
Phil Griffiths, FCA

CEO of Business Risk Management Ltd.

A Chartered Accountant, he has over 35 years’ experience in Risk Management, Corporate Governance, Internal Audit and Fraud Prevention as a practitioner, professional adviser, facilitator, and trainer. .

Expert in design learning using gamification, simulation and a high degree of customization. Conducting Corporate training using self-designed techniques like board games, jigsaw puzzles, Wallboards, Story Boards, Behavioral Assessments etc.

He has held top management positions with four international Groups, in roles embracing internal audit, risk management, finance, IT, and project management.
Phil is recognized as one of the world’s leading experts in Internal Audit and Enterprise Risk Management.

He has wide extensive international experience having trained professionals from over 2500 organisations across the world during the past 20 years

Phil has extensive experience in the GCC region having worked with over 700 businesses/Consulting/training in the Middle East and worked with all major sectors.
He is an accomplished author. His book ‘Risk Based Auditing’ is an international bestseller and his latest book ‘Enterprise Risk Management – The Key to Business Success is receiving global acclaim
Phil is known as an accomplished and charismatic facilitator, trainer and lecturer and is in continual demand to speak at the most prestigious events on Risk Management, Corporate Governance, Internal Audit and Fraud.

Below is a list of just some of the many testimonials given by Phil’s Participants:

Essentials of Internal Audit | Audit Committee Awareness | Risk based audit | 

| Effective Audit Manager

“It is always my pleasure to attend your training courses and learn from your vast experience.” Abu Dhabi Health Authority

“Of all the courses I have attended, this was the best organised and the easiest to learn from” Singapore Stock Exchange

“We really benefited from the risk based audit training and everyone, without exception, had good words to say.” Oman Oil

“It’s been a great honor meeting you and having this very interesting training I would like to thank you very much for all your valuable information and experience shared with us.” Black Sea Trade & Development Bank

“Excellent course – the breadth of knowledge shown was awesome.” Oman International Bank

“Phil covered the topic thoroughly. The course was pitched at just the right level. It should be mandatory for all new auditors.” East Riding of Yorkshire Council

“I wish to express sincerest thanks and gratitude for conducting the Audit Committee Awareness Session.” Tamkeen (Bahrain)

Enterprise Risk Management (ERM)

“The feedback provided by the delegates was overwhelmingly positive. Mr. Phil Griffiths was able to enhance our understanding on a wide range of ERM aspects and at the same illustrate how to enhance our process by providing related real life scenarios.” Emirates National Oil Company (ENOC)

“Thanks for all your wonderful guidance and support in the development of the ERM process.” Economic Community of West African States (ECOWAS)

“Thank you for delivering the in-house course last week.  The feedback has been extremely positive.” Department of Agriculture, Food and the Marine (Ireland)

“It was a real pleasure having you visit us on campus at KFUPM this week and for delivering such an insightful risk management workshop.” King Fahd University of Petroleum & Minerals (Saudi Arabia)

” Your workshop was fantastic and it gives us a broader perspective about Risk Management.” TAIB Islamic bank -Brunei

” Thanks a lot for the informative ERM training we received over the last 3 days.” Saudi Arabian Railways
Fraud The Invisible Enemy

“My objectives of developing better awareness of internal fraud were fully met.” Revenue Commissioners, Ireland

“Thanks for the inspiring and entertaining course”Bank Negara (Central Bank of Malaysia) Advanced Enterprise Risk Management

“Thank you so much for the comprehensive workshop. We’ve learn a lot from you.”Hong Kong Adventist Hospital

“Thank you once again Phil for sharing your expertise and wide experience.” Central Bank of the Solomon Islands

Our Affiliations:

Course Outline

Day One : Embedding a risk-based audit process

The Changing Risk Based Audit approach

  • The principles of RBA
  • Worldwide trends
  • Trends (from GRC research and our Internal audit best practice database)
  • The need to focus more audit attention on the operational risks
  • The need to significantly refocus the Internal audit to meet the updated IIA standards :-

oInternal audit credibility and value are enhanced when auditors offer new insights and consider future impact

oA higher level of assurance (coordinated with the work of the other assurance providers) must be provided

oInternal Audit needs to add measurable value to the business.

oIA needs to be regarded as a strategic  partner and advisor

oThe function needs to enhance organisational value by providing stakeholders with risk-based, objective and reliable assurance, advice and insight.

oIA must ensure that appropriate risk responses are selected that align risks with the organisation’s risk appetite

  • How risk based audit has changed the face of auditing
  • New 2020 Code of Conduct
  • Helping the Board to protect the assets, reputation and sustainability of the organisation.
  • Internal audit should have the right to attend and observe all or part of executive committee meetings

    Exercise One – Challenges for Internal Audit

Enterprise risk management and the IA role

  • Explanation of ERM and why it is not fully understood
  • The current economic crisis and how ERM can help
  • The role and responsibilities of directors and senior management with respect to ERM
  • ERM roles and responsibilities
  • Categories of risk.
  • Selling the benefits to top management
  • Surprises and risk
  • Measurement of risk: probability and impact (or likelihood and consequences)
  • Categories of risk
  • The most common critical risks

    Exercise Two –  Analyzing a disaster

Strategic Audit Planning

  • Strategic audit planning
  • How to decide which areas to audit and ensure more focus on operational risks
  • The audit universe – new IIA guidance
  • Determining the level of assurance
  • IIA guidance – Production of the audit plan
  • The RBA audit plan preparation
  • Risk Based Internal Audit Plan Example
  • A best practice audit risk planning model will be used (an electronic version will be provided to all delegates)

   Exercise Three –  Developing a strategic audit plan using the model

Coordinating the IA role with the other assurance providers

  • Ensuring your assurance providers roles e.g. Internal Audit, Compliance, Risk Management, Insurance, Security are coordinated to avoid duplication of effort
  • Why you should incorporate internal audit agreed actions in your risk register
  • Ensure environmental risk is taken seriously (even if you are in a sector such as Financial Services
  • Ensure that your Business Continuity plan covers all eventualities and ensure it is fully tested
  • Identify new ways to benefit the least able section of the wider community you serve
  • New guidance on coordinating RM & assurance

   Exercise Four – Team exercise – the mystery

Day Two : Risk Based Auditing in Practice

Planning a Risk based audit 

  • Brainstorming the functional objectives
  • Building a picture of the risks
  • Consider threats and opportunities
  • Building the details of the controls
  • Planning the assignment
  • Determining the types of test and techniques to use
  • Determining the threats to success

          Exercise Five – Audit topics will be chosen for the purpose by the delegates and the functional objectives and risks brainstormed in groups

The Risk Based audit step by step

  • A risk based program case study will be walked through
  • Reviewing the business objectives

oAre the objectives comprehensive and SMART?

  • Do the risks in the register relate properly to the objectives?

oAre they specifically linked to the objectives and recorded?

  • Are the inherent risks correctly evaluated?
  • Are any key risks missing?
  • Are the causes of the event identified?
  • Have mitigating actions been recorded for each risk?

oIs such mitigating detailed enough?

  • Are there any actions in progress to deal with risk?

oAssess the status of such actions

oAre there any management decisions pending?

oHas a target risk been established?

oAssess confidence level in the potential for such actions to reduce the risk required

oIs the target risk realistic?

  • Audit testing

oTest each mitigating control by means of walk through tests

oExtend testing as required to obtain sufficient evidence

  • Determining an audit risk and control assessment

oEvaluating and recording such assessments

oPresenting the evidence to management

oHow to ensure consistency

Exercise Six –  The RBA in practice – using audits selected by the delegates

Auditing the key risks of the Board

  • The development of strategic objectives, are taken without due consideration of the impact on the organisation
  • Non-executive directors (NEDs)/independent members of the board are unable to give independent, robust challenge
  • The Board does not have sufficient, complete or timely information on which to base its decisions.
  • Committees set up by the Board may not fulfil their obligations or there are too many committees
  • The Board does not have sufficient oversight across the whole organisation.
  • Policies, procedures and projects are not aligned to the organisation’s objectives.
  • The culture of the organisation is not fully defined or does not support the organisation in achieving its objectives.
  • Risks are accepted or taken which are outside of the organisation’s risk appetite.
  • The regulatory or legislation requirements are not adequately understood leading to increased regulatory sanction or censure

     Exercise Seven – Auditing the Board risks

Auditing IT Governance

  • Global Technology Audit Guides (GTAG’s)
  • The need to determine the boundaries
  • Defining the IT audit universe
  • Focus on high risk areas
  • Assess IT vulnerabilities
  • Target areas where you are focusing on process rather than technical aspects
  • Use of audit frameworks such as CoBIT and ISO 27000
  • IIA new standard on IT Governance
  • Risk based audit of general controls (GAIT)
  • IIA guidance re GAIT
  • An ISO 27000 audit checklist will be shared

       Exercise Eight – Challenges of IT Governance audit

Fee & Instructions:

  • 18-19 Augest, 2022 – 10:00 am – 03:00 pm (GST)
  • Regular Fee: USD 630 Per Participant (Exclusive of VAT)
  • Team Offer: : Pay for 2 and register 3rd for free
  • Includes: Courseware, and SIMFOTIX Certificate
  • For registration (s) send us your Name, Designation, Organization, and Mobile Number to [email protected]
  • For More Information please contact: Qazi Waqas Ahmed Mobile: +971 56 309 0819; Email: [email protected]

Why Should Attend

  • Audit managers and senior auditors
  • Auditors responsible for developing or implementing a risk based approach
  • Other assurance professionals such as those in Compliance and QA functions who are wanting to develop their Risk based approach
  • Managers and Directors of business functions – to aid their knowledge of a risk based audit approach



Registration Form