CPE Credits: 15
Description: This course provides several approaches for performing risk-based auditing. Both macro-level risk assessment (identifying audits to perform in an organization) and micro-level risk assessment (performing a risk-based audit) are discussed, with the emphasis placed on micro-level risk assessment techniques. The course also provides an understanding of the many different ways “risks” are considered in auditing and in internal controls. Practice is provided in identification of objectives, risks and responses (controls). We’ll also discuss what to do if management doesn’t really have clearly stated business objectives.
Audience: The course is designed for auditing staff, supervisors, and managers seeking an understanding of risk assessment concepts and practice in macro- and micro-level risk based auditing techniques.
Prerequisites: No advance preparation or prerequisites are necessary for this course but a basic knowledge of internal auditing techniques will be useful. Additionally the concepts of COSO internal control and ERM frameworks will be useful. The minimum concepts are in Chapters 1, 2, 3 and 22 in Sawyer’s Internal Auditing 5th Edition.
Objectives:
This seminar is designed to help participants:
Improve ability to focus internal audit plans and individual engagements on the most important business areas and risks.
Increase skills in using risk assessment and control activities worksheets (Risk Control Matrix)
Practice identifying business and process-level objectives in organizations
Sharpen risk identification and evaluation skills
Practice using objective and risk identification frameworks
This seminar is designed to help participants:Improve ability to focus internal audit plans and individual engagements on the most important business areas and risks.
Increase skills in using risk assessment and control activities worksheets (Risk Control Matrix)
Practice identifying business and process-level objectives in organizations
Sharpen risk identification and evaluation skills
Practice using objective and risk identification frameworks
Course Outline:
Risk Fundamentals
· Basic Terms and Concepts
· Risk Assessment Process Overviews
· The COSO Philosophy
· A Clear Definition of Risk Assessment
· Impact of Risk Management Activities
· Using Frameworks in Identifying Risks and Controls
· Applicable Internal Audit Standards
Enterprise (Macro) Level Risk Assessment
· Identifying Auditable Activities
· Impact of COSO’s Internal Environment
· Using Risk Factors, Weights and Scales
Engagement (Micro) Level Risk Assessment
· Identification of Business Objectives
· Linking to Process and Control Objectives
· Methods of Identifying Risks
· Risk Responses and Controls
· Impact of IT Controls
· Risk Assessment and Control Activities Worksheet from COSO
Instructor Bio:
Larry Hubbard is a professional trainer and consultant with a broad background in accounting, auditing, and finance. Prior to founding Larry Hubbard & Associates, Larry’s work experience included Mobil Corporation and Ernst & Young. More information about Larry is at: www.LHubbard.com