1. Certificate I
Essentials Of Internal Audit
9 – 13 February 2014 • 31 August – 4 September 2014
Certificate II
The Developing Internal Auditor
9 – 13 March 2014 • 12 – 16 October 2014
Certificate III
Risk Based Auditing
16 – 20 March 2014 • 19 – 23 October 2014
Certificate IV
Advanced Audit Techniques
15 – 19 June 2014 • 7 – 11 December 2014
Certificate V
Leading The Internal Audit Function
22 – 26 June 2014 • 14 – 18 December 2014
Certificate In Internal Audit
A Series Of Training Certificates For Audit Professionals
5Cutting-Edge Audit Certificates In One
Exclusive Programme
www.iirme.com/auditcertificate
Follow us on:
www.twitter.com/iirmiddleeast
www.facebook.com/iirmiddleeast
www.youtube.com/iirmiddleeast
Dusit Thani Hotel, Dubai, UAE
*Earn Upto
30
CPE credits
on each course
To Register Call Howard Fernandes at 00971 4 4072657 or Email him
at howard.fernandes@iirme.com
2. The George Washington University School of Business, IIR
Middle East’s Academic Partner, is dedicated to
excellence: in its teaching and research about management,
in the public and private sectors, within the United States and
internationally.
The school has a 75 year history of preparing men and women
for leadership in both the public and private sectors. Known
internationally for its dedication to academic excellence, the
school draws students from all parts of the United States and
around the world.
Beyond first class teaching and scholarship, the school’s
faculty offers practical experience in the issues and challenges
confronting business and government. Its research centres link
faculty and students with US and international business and
government organisations. Recent distance learning initiatives
have expanded the school’s global reach.
Course Requirements And Certificates
Delegates must meet two criteria to be eligible for an IIRME/GW
Certificate of Completion for a course:
1. Satisfactory attendance – Delegates must attend all sessions
of the course. Delegates who miss more than 2 hours of t
he course sessions will not be eligible to sit the course
assessment.
2. Successful completion of the course assessment.
Delegates who do not meet these criteria will receive an IIRME
Certificate of Attendance. If delegates have not attended all sessions,
the Certificate will clearly state the number of hours attended.
Business Risk Management Ltd is in the process
of seeking approval for registration with the National
Association of State Boards of Accountancy (NASBA)
as a sponsor of continuing professional education on
the National Registry of CPE Sponsors.
State boards of accountancy have the final authority on the
acceptance of individual courses for CPE credit. Complaints regarding
registered sponsors may be submitted to the National Registry of CPE
Sponsors through its website: www.learningmarket.org
Course Assessment
Assessment will be based on an interview with each delegate
anda multiple-choice questionnaire, each equally weighted.
Meet Your Expert Course Leader
Phil Griffiths is founder and Managing Director of
Business Risk Management Ltd. A Chartered
Accountant with over 30 years experience in risk
management, internal audit and fraud prevention
as practitioner, professional adviser, facilitator and
trainer.
His specialisms are:
• Assisting senior management to identify, manage and then exploit
the risks within their business via facilitated business risk
management programmes
• Helping Internal Audit functions to implement world class standards
• Developing fraud prevention, detection and investigation
programmes
• Training both private and public sector organisations in all the
above disciplines
He has extensive experience of the MENA region having trained
professionals from over 600 organisations in this region during the
past 15 years.
He has developed over 60 training courses on all aspects of internal
audit, risk management and fraud and delivered them across the
globe.
He is an accomplished author. His first book ‘Risk Based Auditing’
is an international best seller and his brand new book ‘Enterprise
Risk Management’ – the key to business success’ is receiving much
acclaim.
He is recognised as an accomplished and charismatic facilitator,
trainer and lecturer and is in continual demand to speak at the most
prestigious events on risk management, internal audit and fraud.
T: +971 4 335 2437 F: +971 4 335 2438 W: www.iirme.com/auditcertificate
• Heads of internal audit
• Audit managers and those about to be appointed to that role
• Directors responsible for internal audit
• Senior auditors
• Audit managers and those about to be appointed to that role
• Auditors that need to audit projects, contracts or technical business areas
• Assurance professionals who need to assess technical issues
• Audit managers and senior auditors
• Auditors responsible for developing or implementing a risk based approach
• Auditors with more than 6 months experience in internal audit
• Auditors or other assurance professionals who want to significantly improve
their reports
• Personnel in other functions who need a wider understanding on the modern
• internal audit role or improve their reports
• New entrants to internal audit
• Internal auditors with up to 18 months experience
• Those returning to or already working in internal audit who need practical
guidance on the changing role of the function
• Personnel in other functions who need a better understanding on the
modern internal audit role
Who Should Attend:
Certificate V
Leading The
Internal Audit
Function
Certificate IV
Advanced Audit Techniques
Certificate III
Risk Based Auditing
Certificate II
The Developing Internal Auditor
Certificate I
Essentials Of Internal Audit
V
IV
III
II
I
*CPE Credits (subject to approval)
• Delegates can earn upto 30 CPE credits
To Register Call Howard Fernandes at 00971 4 4072657 or Email him at howard.fernandes@iirme.com
3. After Completing This Course You Will Be Able To:
• Practice the skills required by a modern auditor
• Apply the professional standards of the Institute of Internal Auditors
• Deliver a range of audit assignments
• Plan and complete an effective audit
• Deliver successful audit programmes
• Evaluate the balance between risk and control
• Write a report with impact
• Persuade management to accept your recommendations
CPE Credits
• Delegates can earn up to 30 CPE credits in the auditing field of
study
Who Should Attend?
• New entrants to Internal Audit
• Internal auditors with up to 18 months’ experience
• Those returning to or already working in Internal Audit who need
practical guidance on the changing role of the function
• Personnel in other functions who need a better understanding on
the modern Internal Audit role
Course Level
• This is a basic level course and delegates are not required to have
any previous experience in Internal Audit to attend
• There are no minimum educational requirements
• No advance preparation is required
• Delivery method – Group-live (with exercises and role-plays to
simulate audit scenarios and situations that new auditors will
encounter)
• A pre-course questionnaire will be sent out 2 – 3 weeks prior to
the course date to obtain some information about the delegates’
roles and to provide an opportunity to indicate specific learning
requirements
New For 2014
• New IIA guidance on delivering Internal Audit
• How to deliver audit assignments – step-by-step guide
• How to gather and evaluate information
• 7 attributes of effective Internal Auditors
• How to follow up recommendations
• Audit methodology flowchart
Why You Should Attend
This course covers everything you need to know as a newcomer to
Internal Audit regarding the most effective audit practices.
There has probably never been a more important or interesting time
to be an Internal Auditor. The function has changed significantly
from the basic compliance and checking function it used to be.
People are joining Internal Audit from a variety of backgrounds
and the function is becoming much more operationally rather than
financially based.
Internal audit should be vibrant and exciting, adding real value to
the organisation and being recognised as a catalyst for change and a
business partner.
If you have staff who are new to Internal Audit you will want them to
learn the best audit practices and be able to apply them efficiently.
The course will introduce you to the worldwide best practice and
how to apply it.
Maybe you have auditors who are returning to the function, or staff
who are to be seconded to you for a period of time? You will want
them to learn about the changing role of the audit function.
Perhaps you work in a line function with responsibility for providing
assurance to the Board and need a fuller understanding of the
Internal Audit role.
T: +971 4 335 2437 F: +971 4 335 2438 E: register@iirme.com W: www.iirme.com/auditcertificate
Certificate I
Course Timings: Registration will be at 08:00 on Day One. The course will commence at 08:30 every day and finish at 14:30. There will be
breaks for refreshments at approximately 10:30 and 12:30 and lunch will be served at the end of each day’s session.
Day One
The Challenges For Internal Audit
What Is Internal Audit?
• New IIA guidance
• How the profession has changed over the last decade
• What it means to be an internal auditor
Exercise 1 – What is internal audit?
• Definitions and trends
• Internal Audit role and responsibilities
• Frequently asked questions
• Misconceptions about the role
• The global tree – IIA explanation about the role
The Professional Standards
• Integrity
• Objectivity
• Confidentiality
• Proficiency
• Due professional care
• Independence
Exercise 2 – The challenges for an inexperienced auditor
How Does The Role Differ From Other Assurance Providers?
• How should you coordinate your efforts with other assurance
providers?
• Optimising assurance – a model
• IIA GCC challenges
• Corporate Governance and the IA role
• The Audit Committee and the audit relationship
Audit Skills
• Internal Audit as a career or stepping stone
• 7 attributes of effective Internal Auditors
• The IIA competency framework
Exercise 3 – The skills inventory
• Technical skills
• Analytical skills
• Communication skills
• Soft skills
Exercise 4 – Moon shot
Day Two
The Internal Audit Role
The Modern Approach To IA
• Perceptions of Internal Audit – results of surveys
• How the role of the function has developed
• What is best practice?
• The audit charter
• The challenges
Exercise 5 – How is the role of IA changing?
Preparing For An Audit
• The different approaches to Internal Audit
- Compliance
- Systems Based Audit
- Risk Based Audit
- Assurance based IA
• Steps in preparing for an audit
• Paper with step-by step-guide will be provided
• How to approach unfamiliar areas – guidance paper
• New IIA guidance on delivering Internal Audit assignments
• The danger of making assumptions
• Delivering the IA flowchart
Essentials Of Internal Audit
9 – 13 February 2014
31 August – 4 September 2014
To Register Call Howard Fernandes at 00971 4 4072657 or Email him at howard.fernandes@iirme.com
4. The Need For A Risk Based Approach
• Challenge from the IIA
• Key requirements of risk based auditing
• Translating risks into the basis of the IA programme
• Asking about surprises
• The link between risk, objectives and control
Exercise 6 – Risk and control
• Identifying risk exposures
• Reviewing the risk register
• How IA needs to take the risk pulse
• Case study of a risk based audit assignment
• Documenting internal controls
Exercise 7 – Planning an audit assignment
Meeting With Functional Management To Discuss The Audit
• When to meet
• The need to treat your customers with respect
• Techniques to put management at ease
• IIA guidance on influencing skills
• Securing management input
Exercise 8 – Pre-meeting with management: role play
• Functional and audit objectives
• Developing terms of reference for the assignment
• Determining sources of information
Day Three
Internal Audit And The External Audit
Relationship
Meeting Management Expectations
• Relationships with management
• Expressing yourself effectively
• Recognising different management styles
Exercise 9 – Getting the most out of audit customers
• The need for simplicity
• Power words
• Auditor – it means someone who listens
• Active listening
Exercise 10 – Listening exercise
• How to get on the same wavelength as management
• Persuasion and negotiation
• Explaining the audit approach to staff of the function audited
• An example presentation will be shared
Marketing Your Services
Exercise 11 – Promoting your function
• Marketing measures
• An example audit brochure will be provided
Internal Audit And The External Relationship
• The differences in the roles
• Options for co-ordination
Developing Team Relationships
Exercise 12 – The final straw
Day Four
Completing An Audit
The Need To Understanding Controls
• Types of control
• Preventative, corrective and detective controls
• Questions to ask
• How to gather and evaluate information
• Documenting controls
T: +971 4 335 2437 F: +971 4 335 2438 E: register@iirme.com W: www.iirme.com/auditcertificate
Exercise 13 – Internal controls
The Audit Manual
• IA organisation
• Control framework
• Audit planning
• Completing the assignment
• Interpersonal awareness
• The audit file
• Audit assignment checklist
• Guest auditors
Audit Interviews
• The approach to interviews
• How to decide who to interview
• Tips for success
Exercise 14 – Audit interviews – role play
Audit Programmes And Testing
• Audit programmes with examples
• Walk through tests
• Fieldwork techniques (compliance, transactional, analytical review
and sampling of audit) – the differences and how to use them
• Audit testing – how to decide the type and depth of testing
• IIA guidance on testing
• Audit working papers
The Clearance Or Closing Meeting
• Tips for success
• Personnel to discuss the observations with
Exercise 15 – The clearance meeting – role play
Audit Tools And Measures Of Success
• The need for automation – software available
• Computer Assisted Audit Techniques (CAATs)
• Audit KPIs
• How to measure effective performance
• SMART measures
Exercise 16 – The puzzle: an exercise in planning
Day Five
The Audit Report
The Challenges Of Audit Reporting
• The need for reports with impact
• Examples of six reports – which are the best?
• Who reports are for and what are the implications
• The report as your shop window
• How do you know a good report when you see one?
Exercise 17 – What makes an excellent report?
What Management Expects
• Professional standards
• The problems with audit reports
• Questions about audit reports
• How to adopt best practice
• How to assess a report
Exercise 18 – Analysis of three reports
Getting Commitment To Action
• Best practice reports – the way forward
• The psychological dilemma with reports
• Why audit reports are taken as a criticism of management
• What causes attitudes to change
• Wording and layout ideas
• How to get 95% of your recommendations actioned
• The executive summary – dos and don’ts
• The main report – best practice ideas
• Words and phrases to avoid
• Audit opinions – how to express them
• New IIA guidance on following up recommendations
• Presenting results
• Tips and techniques for success
• Example – best practice report will be shared
Exercise 19 – Action plans
To Register Call Howard Fernandes at 00971 4 4072657 or Email him at howard.fernandes@iirme.com
5. T: +971 4 335 2437 F: +971 4 335 2438 E: register@iirme.com W: www.iirme.com/auditcertificate
Certificate II
Course Timings: Registration will be at 08:00 on Day One. The course will commence at 08:30 every day and finish at 14:30. There will be
breaks for refreshments at approximately 10:30 and 12:30 and lunch will be served at the end of each day’s session.
Day One
Challenges Of The Internal Audit Role
Worldwide Trends In Internal Audit
• The role of the Internal Audit function
- The policing role
- The risk assessor role
- The consulting role
• The future of Internal Audit (E&Y survey)
• What should the balance between the roles be?
• How much time should be given to each?
• Maturity model for assurance and consulting
Exercise 1 – The role of IA in 2014 and beyond
How Can A Better Understanding Of The Role Be Gained?
• How can the profile be enhanced?
• What do management think of the IA service?
• Ways to promote your function better
• Communication strategies
• New IIA guidance ‘What every director should know about IA’
• Opportunities for Internal Audit
The Role Of The Modern Auditor
• The multi-faceted role of the auditor
- Negotiating
- Planning
- Questioning
- Listening
- Establishing rapport
- Investigative skills
- Building trust
- People management
• What leadership means
• Leadership styles
• Delegation and tips for success
Exercise 2 – Performing a self analysis
The Different Requirements And Challenges Facing IA In Major
Sectors In The GCC And MENA Region
• Sector challenges
• The need to adapt quickly to new regulatory requirements
• Ensuring governance risk is recognised
• Smarter use of technology
• The move to continuous auditing
• Making IA a more strategic partner
• Thinking and acting more creatively
• Recruiting people from non traditional areas
Exercise 3 – Key audit challenges
Initial Planning
• The importance of planning
• Stages in planning
• Constraints to effective planning
• 20 questions to aid planning
• Preparing for an audit engagement
• The need to engage audit customers
Exercise 4 – The drawing exercise (planning)
The Audit Manual
• Outline of the key elements
• Assignment planning
• The audit file
• Working papers
• Personal learning planner
• Guest auditors
• Post audit questionnaire
• A 64 page manual will be provided to all delegates
9 – 13 March 2014
12 – 16 October 2014The Developing Internal Auditor
After Completing This Course You Will Be Able To:
• Perform a self-analysis of your skills and techniques
• Improve your audit manual
• Plan and lead assignments effectively
• Complete more audits on time
• Develop excellent working papers
• Use Computer Assisted Audit Techniques (CAATS) with confidence
• Simplify your reports and enhance their readability
• Significantly enhance the impact of your reports
• Make your reports easier to write, easier to review and easier for
management to implement
• Improve the acceptance and implementation of your
recommendations
CPE Credits
• Delegates can earn up to 30 CPE credits (14 in the auditing field
of study, 12 in the communications field of study and 4 in the
personal development field of study)
Who Should Attend?
• This course will be particularly useful for delegates who have
previously attended the Certificate In Internal Audit I – Essentials Of
Internal Audit course
• It will also be very beneficial to auditors or other assurance
professionals who need to significantly improve their reports – as
this topic is covered in depth
• Personnel in other functions who need a wider understanding of
the modern Internal Audit role or want to improve their reports
Course Level
• This is a basic/intermediary level course and it is advisable that
delegates have six months’ experience in Internal Audit to attend
• There are no minimum educational requirements
• No advance preparation is required
• Delivery method – Group-live (with exercises and role-plays to
simulate audit scenarios and situations that auditors will encounter)
• A pre-course questionnaire will be sent out 2 – 3 weeks prior to
the course date to obtain some information about delegates roles
and to provide an opportunity to indicate specific learning
requirements
New For 2014
• New IIA guidance on developing audit competencies
• How to plan an effective audit engagement
• A method of assessing assurance maturity
• New guidance on audit sampling
• 20 questions to help you prepare better audit plans
• Proven ways to promote your function
• New guidance on communicating results
• New IIA guidance – ensuring your reports are transparent
• Audit report templates
Why You Should Attend
The course is designed to enable you to develop the key skills of a
modern auditor – communication, teamwork, negotiation, planning
and time management – to name but a few.
The course will be particularly beneficial for those supervising
assignments, lead auditors and those being asked to lead audit
teams.
It is designed to challenge your thinking about the whole approach
to writing and reviewing audit reports – it is targeted at both new
auditors and also more experienced personnel.
You will also be introduced to the new ideas in the IA profession and
how to apply them.
6. Exercise 5 – How to improve the audit manual
Day Two
Enhancing Audit Effectiveness
Organising The Assignment
• The key issues in assignment planning
• Developing a planning memo for the assignment
• Determining an effective time budget
• Determining the business process using a model
• Determining sources of information
• Getting management input
• Deciding on the audit team
• Allocating the roles
• Getting the most out of the team
• Determining the potential difficulties
• Process analysis
• Preventative, detective, directive and corrective controls
• Strategies for improving time management
Exercise 6 – How to complete more audits on time
Risk Based Auditing
• Determine business objectives
• Consideration of threat to achievement
• Understand the risk appetite
• Assess how well such risks are being managed
• Linking objectives, risks and audit observations
Audit Programmes
• Developing effective audit programmes
- What makes a good programme?
- Mistakes to avoid
- The dangers of re-inventing the wheel
- Assigning tasks
- Staffing factors
- The need for regular updates for standard programmes
• Example audit programmes will be shared
Exercise 7 – Preparing an audit programme
Fieldwork Techniques
• Types of fieldwork
• Compliance
• Transaction testing
• Analytical review
• Statistical sampling
• Process reviews
• Flowcharting
• Questionnaires
• Workshops
• How to decide what techniques to use
• How to determine the depth of testing required
• New IIA advice on audit sampling
• Audit testing
• Working papers
Exercise 8 – The challenges of audit testing
Use Of Computer Assisted Audit Techniques ( CAATs)
• The benefits of ACL and IDEA
• CAATs and data mining
• Opportunities
• Types of tests ideal for CAATs applications
• Cash monitoring
• Stock control
• Payroll
• Revenue
• Cost comparisons
• External comparisons (with external databases)
• Branch or business comparison
• Worked examples of the use of ACL will be provided
• Advice from ISACA will be shared
Exercise 9 – Use of ACL – group exercise using audits chosen by the
delegates
Day Three
Audit Reports – Your Shop Window
• The five dilemmas of audit reporting
• Video from IIA president
• What is a best practice report?
• Who do you need to convince?
• Top tips – communicating results
• The challenges of audit reporting
• Grabbing attention
• Getting the message across
• Getting action
• The need for impact
• Which of six reports shown would you be likely to read?
• Ideas on creating impact
• How do you know a good report when you see one?
• What Management expect – recent survey of chief executive
• IIA professional standards
• Who are the reports really for?
Exercise 10 – What are the factors that separate an excellent report
from the rest?
The Problems With Audit Reports
Exercise 11 – 35 questions about your audit reports issued during
the last 12 months
• The 35 questions (all based on best practice) – how did you score?
• What are the factors preventing the achievement of these best
practice measures
• 30 tips, techniques and ideas to help you score a maximum
- How to get 95% of recommendations implemented
- Use of charts and photos
- Dealing with minor issues
- Future focus
- Order of importance of the issues
- Actions rather than recommendations
- Action plans
• Discussion of the implications
• How to assess the needs of the audit customers
Analysis Of Actual Reports
• Explanation of a proven method to evaluate audit reports
Exercise 12 – Analysis of four actual reports
• Feedback and discussion
Assessment And Evaluation Of Your Own Reports
• A model for assessing reports will be outlined
Exercise 13 – Self evaluation against the model provided (delegates
are requested to bring along two recent reports – purely for their
own reference)
• Discussion of key issues and identification of opportunities for
improvement
The Executive Summary
Exercise 14 – Comparison of three executive summaries
• The role of the executive summary
• 20 tips for writing better summaries
• Targeting the executive summary to the reader
• The benefits of writing the executive summary before the main
report
• Asking a non-technical person to read it
T: +971 4 335 2437 F: +971 4 335 2438 E: register@iirme.com W: www.iirme.com/auditcertificate
7. Exercise 15 – Roleplay a meeting with senior management to discuss
the report
• Feedback and discussion of the issues
Exercise 16 – Writing an executive summary – based on the roleplay
Day Four
Best Practice Internal Audit Reports –
The Way Forward
Developing A Collaborative, Consultative Style
• The psychological problem with reports
• The need to meet and hopefully exceed management expectations
• The need to focus on benefits rather than problems
• Marketing the audit reporting process
• An example presentation will be shared
• Relationships with management
• Expressing yourself effectively
• The need to drive action
• Creating rapport with your customers – tips and techniques
• The need to understand the people receiving the reports
Exercise 17 – The psychology of reports
Writing Reports With Impact
• Messages rather than content
• Outcomes rather than output
• Solutions not problems
• Auditor and reader mindsets
• Why audit reports are taken as a criticism of management
• Ways to make the reports more positive
• Benefits and deliverables
• Conclusions
• How to draft a report with impact – discussion of banner
headlines and their relative impact
• Language and impact
• Simple and complex language
• The use of ‘power words’ in your communications
• How to get on the same wavelength as your customer
• Highlighting the issues that matter
• Audit observations
• New paper on audit observations will be shared
• Causes and effects
Exercise 18 – Causes and effects exercise
Ideas On Improving The Review Process
• The peer review process – the need for a positive approach
• Techniques for effective review
• Putting yourself in the position of the writer and recipient
• Avoiding the use of the ‘red pen’
• Encouraging the auditor
• Avoiding making changes for change sake
• Messages rather than content
• Outcomes rather than output
• Solutions not problems
Exercise 19 – Reviewing a draft report
Day Five
Keeping The Report As Simple As Possible
The Main Report
• Keeping it simple
• The report process
• Writing the main report
• Dealing with writer’s block
• Audit objectives
• Scope
• Forming and expressing the audit opinion
• Wording tips
• Tone
• Writing effective coherent sentences and paragraphs
• The editing process – tips for success
• The power of senior management comments
• Circulation lists
• Formatting ideas
• How to avoid repeating any sections in the executive summary
• Words and phrases to avoid
• How to reduce the number of words
• Why the spell checker sometimes does not help you
• Dealing with the difficulties of the English language
Exercise 20 – Picking the biggest paragraph from a report and
rewriting it in one third of the words originally used
Finalising The Report
• Recommendations and action plans
• Management comments
• How to reflect the right issues for the Audit Committee
• Audit Committee report examples
• The need to be on your customers’ side
• Follow up audits – using the action plan
• How to get management to take responsibility for actions
• Ways to improve the follow-up process
• Issuing the report
• Presenting or issuing reports (including use of e-mail and the
Intranet)
• Alternative methods of reporting e.g. PowerPoint
• Examples of excellent reports will be provided
• The need to be on your customers side
• Reporting performance indicators’
• Tracking actions
• Steps to success
Exercise 21– Follow up of reports
T: +971 4 335 2437 F: +971 4 335 2438 E: register@iirme.com W: www.iirme.com/auditcertificate
Phil was very explicit and gave good examples. He came
across clearly and is very knowledgeable.
Clara Ngando, Audit Manager, National Lottery Authority, Ghana
The trainer had all the skills a trainer should have.
Hamad Abdulaziz Hamad Najem, Internal Auditor, Bahrain Bourse Bahrain Stock Exchange, Bahrain
8. After Completing This Course You Will Be Able To:
• Apply the concepts and practical approaches to risk based audit
• Advise management on the identification, mitigation and control
of risks
• Challenge management and sell the benefits of proactive risk
management
• Audit major areas of risk for your business with confidence
• Add value to your organisation by the application of risk-based
audit services
• Deliver more effective audit plans through understanding the role
of risk
• Plan risk based assignments efficiently and effectively
• Measure success effectively
CPE Credits
• Delegates can earn up to 30 CPE credits (20 in the auditing field
of study and 10 in the management advisory services field of study)
Who Should Attend?
• Heads of audit, audit managers and senior auditors
• Auditors responsible for developing or implementing a risk based
approach
• Other assurance professionals such as those in compliance and QA
functions who are wanting to develop their risk based approach
• Managers and directors of business functions – to aid their
knowledge of a risk based audit approach
• This course will be highly beneficial for delegates that have
previously attended the Certificate In Internal Audit II – The
Developing Internal Auditor or Certificate In Internal Audit I –
Essentials Of Internal Audit
Course Level
• This is an intermediary level course and delegates should have 12
months’ experience in Internal Audit (or other assurance roles) to
attend
• Delegates should have a good educational standard (Bachelors
Degree or above) and/or a professional qualification or be in the
process of studying for such qualifications
• No advance preparation is required
• Delivery method – Group-live (with exercises and case studies to
provide practical application of the tools and techniques)
• A pre-course questionnaire will be sent out 2 – 3 weeks prior to
the course date to obtain some information about delegates’
roles and to provide an opportunity to indicate specific learning
requirements
New For 2014
• A new 2 hour session – step-by-step guide to completing a risk
based audit
• New IIA professional guidance – an approach to implementing Risk
Based Audit (RBA)
• New IIA guidance on annual Internal Audit coverage plans
• Audit universe
• Internal Audit coverage of risks to achieving strategic objectives
• Risk Based Internal Audit plan example
• The RBA audit plan preparation
• New IIA guidance on preparing for an External QA review of IA
• Risk management challenges and the IA impact
• New audit programme – auditing ERM
Certificate III
Course Timings: Registration will be at 08:00 on Day One. The course will commence at 08:30 every day and finish at 14:30. There will be
breaks for refreshments at approximately 10:30 and 12:30 and lunch will be served at the end of each day’s session.
Why You Should Attend
The Institute of Internal Auditors in a professional guidance
statement stated the following:
'Internal Audit are being asked to provide much greater assurance
to senior management than ever before. The Institute believes that
the only way to provide such objective assurance is by means of risk
based auditing'.
Audit functions that are able to focus their efforts towards the
significant risk in their organisations are able to concentrate their
limited resources on the issues which drive business goals and
aspirations. In consequence audit plans are directed at the issues,
which really matter. This course provides all the latest developments.
The 2014 course features a case study on the step-by-step approach
to a risk based audit.
Furthermore, a participative approach whereby auditors and
managers work together to identify, assess and control business risks
significantly enhances the level of assurance and reduces the chances
of nasty surprises – a huge benefit in these more difficult times.
Day One
Risk And Internal Audit
What Is Risk Based Audit?
• Explanation of Risk Based Audit (RBA)
• Worldwide trends
• Trends (from the BRM Internal Audit best practice database)
• The transition from systems based to risk based assurance
• How risk based audit has changed the face of auditing
• Audit’s primary roles, objectives and concerns
• Questions about the maturity of the audit process
• How RBA links to other audit approaches
• The role of the function – policeman, risk assessor or consultant
• How to ensure you adopt best practice
• The need widen the coverage – to become less financially based
• RBA in the different sectors in the GCC
• The steps needed to embrace a risk based approach
• Audit risks (what risks do you face?)
• The key challenges resulting
Exercise 1 – Challenges for Internal Audit
The Nature Of Risk
• The concept of risk
• The relationship between risk and objectives
• Why senior management may lack a full understanding of the risks
• Risk cultures
• Surprises and risk
• Measurement of risk: probability and impact (or likelihood and
consequences)
• Categories of risk
• The most common critical risks
Exercise 2 – Analysing a disaster
Business Risk
• The wider business agenda – understanding strategic risks
• How risk management has grown from being a useful tool to
being the very pulse of the organisation
• Selling the need for an RBA approach
• Building an appreciation of your organisation’s risk appetite
• The International Risk Standard ISO 31000
16 – 20 March 2014
19 – 23 October 2014Risk Based Auditing
T: +971 4 335 2437 F: +971 4 335 2438 E: register@iirme.com W: www.iirme.com/auditcertificate
9. • A new paper on the audit implications of ISO 31000 will be shared
• The AUS/NZ risk management standard
• The COSO standard
• Steps to take in establishing a business risk management
programme
• Outline of a best practice process
• A new paper on risk management challenges and the IA impact
Risk Identification And Evaluation
• Approaches and techniques
• Explanation of a risk workshop approach
• The need for facilitation skills and the characteristics required
• How to identify, sift and group the risks
• The use of diagnostic questions and thought-provokers
• Measuring the consequences and the likelihood of occurrence of
each key risk
• Inherent and residual risk
• The use of risk matrices to prioritise the risks
• Case study and identification techniques
• A new paper on auditing risk assessment will be provided
Exercise 3 – Risk based audit – the risks
Day Two
Risk Management And The Audit Role
The Role Of Internal Audit In Risk Facilitation
• Key requirements of the facilitator
• Risk workshop do’s and don’ts
• Selling the benefits of attendance
• The workshop process
Exercise 4 – Interactive risk workshop
Assessment Of Risk Mitigation
• The need for separate mitigation workshops
• How to assess risk mitigation
• Identification and evaluation of risk exposures
• Dealing with the exposures (The 4 Ts – Terminate, Tolerate, Treat
or Transfer)
• Exploiting opportunities
• Completing the risk register
• Establishment of action plans
Exercise 5 – Risk exposures
Risk And Internal Audit
• New IIA professional guidance – an approach to implementing RBA
• Guidance on the links and differences between the audit and risk
management roles (including the IIA position)
• Identifying, appraising and evaluation risk during the audit process
• Translating key risks from the business risk process into the basis of
the audit programme
• Auditing the process
Exercise 6 – Risk and reward – team exercise
Embedding The Process
• Integrating the risk output with business plans
• Risk owners
• Annual statements from risk owners
• The risk register as a decision skeleton
• Quarterly board reporting to review progress in addressing the
exposures
• Risk Management Committee reporting
• Bi-annual evaluation of key risks to ensure new risks identified and
included
Exercise 7 – Interactive risk workshop – mitigation
Day Three
Practicalities Of Risk Based Auditing
The Internal Audit Role
• A strategic vision for Internal Audit
• The audit charter and terms of reference
• Measuring success and adding value
• Meeting management expectations
Exercise 8 – Success measures
Strategic Audit Planning
• Strategic audit planning
• How to decide which areas to audit
• The audit universe – new IIA guidance
• Determining the level of assurance
• New IIA guidance on annual Internal Audit coverage plans
• The RBA audit plan preparation
• Risk Based Internal Audit Plan example
• Demonstration of a best practice audit risk planning model
(an electronic version will be provided)
Exercise 9 – Developing a strategic audit plan using the model
Tactical Audit Planning
• Audit programme development
• Sources of audit work
• Assignment planning and control
• Managing audit requests
• Fieldwork techniques
• Use of technology – CAATs, audit automation, etc.
• Audit coverage – geographic and business units
• How to cover specialist areas
The Converging Roles Of The Assurance Providers
• The increasing emphasis on governance, assurance and control
• How should the various assurance providers rise to the risk
challenge?
• Synchronising regulatory compliance with Internal Audit and the
risk management functions
• The need to coordinate quality assurance, security, insurance and
the health and safety functions in relation to risk management
• Linking external auditors into the process
Exercise 10 – Coordinating your efforts with other assurance
providers
Day Four
Risk Based Auditing In Practice
Planning A Risk Based Audit
• A worked example of a risk based audit
• Brainstorming the functional objectives
• Building a picture of the risks
• Consider threats and opportunities
• Building the details of the controls
• Planning the assignment
• Determining the types of tests and techniques to use
• Determining the threats to success
Exercise 11 – Specific audits will be chosen for this purpose by the
delegates and the functional objectives and risks brainstormed in
groups
The Risk Based Audit Step- By-Step
• A risk based programme example will be walked through
• Reviewing the business objectives
- Are the objectives comprehensive and SMART?
T: +971 4 335 2437 F: +971 4 335 2438 E: register@iirme.com W: www.iirme.com/auditcertificate
10. • Do the risks in the register relate properly to the objectives?
- Are they specifically linked to the objectives and recorded?
• Are the inherent risks correctly evaluated?
• Are any key risks missing?
• Are the causes of the event identified?
• Have mitigating actions been recorded for each risk?
- Is such mitigating detailed enough?
• Are there any actions in progress to deal with risk?
- Assess the status of such actions
- Are there any management decisions pending?
- Has a target risk been established?
- Assess confidence levels to reduce the risks in a situation
- Is the target risk realistic?
• Audit testing
- Test each mitigating control by means of walk through tests
- Extend testing as required to obtain sufficient evidence
• Determining an audit risk and control assessment
- Evaluating and recording such assessments
- Presenting the evidence to management
- How to ensure consistency
Exercise 12 – The RBA in practice – using audits selected by you
The RBA Approach
• The need to assess the risk maturity of the function
• Commitment to risk management
• The questions to ask
• Assessing risk appetite
• Reviewing the effectiveness of the risk management process
adopted
• Determining which risks should be concentrated on in the audit
• Reviewing risk ownership and identifying gaps
• Identifying residual risks above the risk appetite
• Assessing the 4Ts
• Monitoring of action plans
• Evaluation and reporting of actual versus perceived controls
• Determining which key risks are not readily auditable
• New audit programme – auditing ERM
Exercise 13 – Challenges of the RBA – group discussion
Day Five
RBA Challenges
Relationships With The Board And Audit Committees
• Board requirements of Internal Audit
• Developing regular contact with the chief executive
• Role of the Audit Committee
• The Audit Committee relationship – how to develop this
• Evaluating the Audit Committee requirements
• How to anticipate requests
• Audit Committee oversight paper
• Questions the Audit Committee should ask
• How to develop effective audit committee reports
• Developing an annual report for the Board or Audit Committee
Exercise 14 – The Audit Committee or board report
Quality Assuring Or Benchmarking The IA Function (And The
RBA Approach)
• The IIA requirements
• New IIA guidance on preparing for a QA review of IA
• The power of EQA
• Internal and external reviews
• What constitutes an acceptable process (IIA)
• Selecting the assessor
• Key aspects of the review
• Corporate Governance and the Internal Audit role
• Professional standards
• Audit charter
• The Audit Committee relationship
• Skills, training and resources
• Strategic audit planning
• The audit manual
• Completing the audit
• Audit reports
• Measuring performance
• Marketing the function
• IIA QA checklist will be shared
• A global guidance paper on QA assessments will be provided
Exercise 15 – The challenges of EQA
Risk Based Audit Reporting
• The challenges of risk based audit reporting
• Getting the message across
• Getting the desired action
• The messages you want the Board to hear
• How to ensure no overreaction
• Including positive comments
• How to keep it short and focussed
• Developing a risk based executive summary
• How to get recipients to react positively
• How to write balanced reports
• Highlighting the issues that matter
• How to reduce the number of words
• The power of pictures and graphics
• The need to relate the issues to objectives and risk
• How to deal with sensitive issues in the report
Exercise 16 – Discussion – how to deliver risk based reports
T: +971 4 335 2437 F: +971 4 335 2438 E: register@iirme.com W: www.iirme.com/auditcertificate
Vast knowledge, priceless experience. Excellent presentation
and good material.
Azzan Al Raisi, Internal Auditor, Qalhat LNG, Oman
Phil has vast experience which he was able to share
and gave us real life examples that helped to explain the
material better.
Nadin El Hayek, Internal Auditor, Abu Dhabi Health Services Co., UAE
11. After Completing This Course You Will Be Able To:
• Assess Internal Audit’s contribution as a function
• Audit Corporate Governance effectiveness
• Audit the risk management process
• Apply continuous audit techniques
• Assess the effectiveness of business continuity planning
• Complete complex audits such as the marketing function and
performance management
• Deliver successful value for money audits
• Audit joint ventures and partnerships
• Deliver audits of technical areas such as IT and outsourced
contracts
CPE Credits
• Delegates can earn up to 30 CPE credits (24 in the auditing field
of study and 6 in the management advisory services field of study)
Who Should Attend?
• Senior auditors
• Audit managers and those about to be appointed to that role
• Auditors that need to audit projects, contracts or technical
business areas
• Assurance professionals who need to assess technical issues
• Assurance providers that need a greater understanding of
Corporate Governance
• This course will be beneficial as a development aid for delegates
that have previously attended the Certificate In Internal Audit II –
The Developing Internal Auditor course
Course Level
• This is an advanced level course and delegates should ideally have
at least 18 months’ experience in Internal Audit (or other assurance
roles) to attend
• Delegates should have a good educational standard (Bachelors
degree or above) and/or a professional qualification
• No advance preparation is required
• Delivery method – Group-live (with exercises and case studies to
provide practical application of the tools and techniques)
• A pre-course questionnaire will be sent out 2 – 3 weeks prior
to the course date to obtain some information about delegates’
role and to provide an opportunity to indicate specific learning
requirements
New For 2014
• Making the most of Internal Audit – new guidance
• New IIA guidance on auditing performance management
• Guidance paper on continuous assurance
• Audit Committee oversight of IA guidance
• New IIA paper on automated transaction testing
• New GTAG guide to audit sampling
• 10 steps to cyber security
• IIA guidance on auditing the marketing function
Why You Should Attend
As a progressive audit practitioner who strives for excellence, your
vision is world-class and you realise that long term survival in today’s
competitive marketplace means delivering impeccable products and
services and auditing the wide range of business risks.
An advanced and innovative auditing strategy coupled with effective
implementation can greatly enhance the departmental value added
and company-wide support of your auditing function.
Expertise in the more technical business areas is essential to maintain
a stable foundation from which your organisation can effectively
compete in the Middle East environment.
Certificate IV
Course Timings: Registration will be at 08:00 on Day One. The course will commence at 08:30 every day and finish at 14:30. There will be
breaks for refreshments at approximately 10:30 and 12:30 and lunch will be served at the end of each day’s session.
The biggest challenges to modern Internal audit functions will be
covered during the course – including auditing your organisations
reputation and brand
Day One
The New Internal Audit Challenges
Recent Professional Guidance And Practice Advisory
Statements
• New guidance and its implications
• Aligning plans with risks
• Dealing with unacceptable risk – escalation with senior
management
• Gathering information from multiple engagements
• Expectations of senior management
• Relationship with the Board
• IT governance
• Fraud risk management
• Evaluating ethics programmes
• Quality assurance and improvement programme
• The IIA global tree
• Key issues from the IIA BOK (Body Of Knowledge) survey
• Imperatives for change – IIA standards
• An effectiveness of IA checklist will be shared
• Making the most of IA – new IIA paper
Exercise 1 – The challenges of the IIA standards
The Key Aspects Of Corporate Governance
• What is Corporate Governance?
• 6 core principles of governance
• 7 governance warning signs
• New Corporate Governance insights paper will be shared
• Meeting stakeholder requirements
• How the organisation is managed on behalf of the stakeholders
• The key parties within governance
- Audit Committee
- The Board
- Regulators
- Customers
- Suppliers
Exercise 2 – Defining the parties – Who killed Amos?
Auditing Governance Readiness
• Assurance mapping
• Holding a pre-meeting – dos and don’ts
• A new governance and accountability tool will be shared
• Developing a terms of reference for the assignment
• Should this be a review only – will evidence be gathered?
• A new audit programme will be shared
• Corporate Governance statements
Exercise 3 – The challenges in carrying out a Governance Audit
Auditing The Risk Management (RM) Process
• Establishing the position regarding RM in the business
• Establish corporate targets and monitor overall progress
• Risk management using ISO 31000 paper from IIA
• Keeping the Board apprised of the most significant risks
• Assessment of RM capabilities
• Review of risk evaluations in each function
• Ensuring actions to treat exposures are implemented
• Ensuring all functions evaluate their risks consistently
• Evaluating the results and challenging them where necessary
• Identification of exposures
• Reviewing risk registers
• Imperatives for change – RBA planning
• Basing audit programmes on most significant risks
15 – 19 June 2014
7 – 11 December 2014Advanced Audit Techniques
T: +971 4 335 2437 F: +971 4 335 2438 E: register@iirme.com W: www.iirme.com/auditcertificate
12. • Comparing perceived versus actual controls
• A risk management evaluation tool will be provided
Exercise 4 – The challenges in auditing the risk management process
Day Two
The Wider Internal Audit Brief
Auditing The Audit Committee Process
• The Audit Committee role
• Structure and independence
• Does the Committee approve (but not direct) Internal Audit
strategy, plan and performance?
• Does the Committee review summary IA reports and the main
issues arising and seek assurance that action has been taken?
• How does the Committee consider the reports of external audit
and other external agencies?
• How are the effectiveness of relationships between IA and EA and
other bodies reviewed?
• How are the effectiveness of the risk management environment
and anti fraud arrangements assessed?
• The Audit Committee/IA relationship
• New paper on how the Audit Committee should assess IA
• Case study and audit programme will be provided
• How does the Committee satisfy itself that assurance statements
and the annual statement of accounts properly reflect the risk?
• An Audit Committee checklist will be shared
Exercise 5 – The Audit Committee challenges
Continuous Auditing
• The IIA Global Technology Audit Guide (GTAG)
• The practicalities of continuous auditing
• Paper – fantasy or reality
• Continuous assurance – new guidance
• Continuous auditing and continuous monitoring
• The use of CAATs for continuous auditing
• Continuous risk assessment techniques
• Examples of continuous auditing
- Segregation of duties
- Purchase orders
- System access logs
- Purchase cards
• A paper on continuous audit using ACL will be shared
• New GTAG on audit sampling
Exercise 6 – Opportunities for continuous auditing
Auditing Complex Business Areas
• Environmental auditing
- Environmental risks
- Energy management audit
- Water management
- Waste management
• Auditing the marketing function
- The benefits
- Case study
- The 7Ps
- Determining metrics
• Auditing performance management
- The performance framework
- Risks and responses
- Audit considerations
Exercise 7 – Complex problems
Auditing Brand And Reputation
• The rise of reputation as a key risk
• The increasing importance of a positive image – the need to be
admired
• Where does reputation come from?
• How do you measure it?
• The magnifying effect of business failures on reputation
• Global brands
• How to judge reputation
• Identifying reputational risks
• A checklist for reviewing reputational risk will be provided to all
delegates
Exercise 8 – Auditing a reputational disaster
Day Three
Auditing Joint Ventures And Outsourced
Operations
Auditing Joint Ventures (JVs) And Partnerships
• Ensuring that there is a risk strategy for JVs
• What protocol is in place?
• What is the review mechanism?
• Is it effective?
• What is the frequency for review by the management?
• What is the mechanism to guide management in attending JV
meetings?
• Does anyone know the number of JVs and partnerships you are
involved in and how much money and other resources are invested
in them?
• Has each JV been risk reviewed?
Case Study – What can go wrong in JVs and partnerships
Reviewing A Current JV Or Partnership
• Rationale
• Added value
• Decision making
• Performance
• Finance
• Problems
• Termination
Exercise 9 – Select 2 JVs or partnerships – one you regard as
successful and another less so. Complete the checklist and try to
identify the main differences
Auditing Outsourced Contracts
• Overview of outsourced contract management
• Outsourcing objectives
• Transfer of risk
• Outsourcing delivery models
• Roles and responsibilities
• Different approaches to outsourcing
• The key risks
- Picking the wrong contractor
- Higher costs
- Negative impact on service
- Loss of control
- Loss of knowledge or resources
- Difficulty of bringing the activity back in-house
- Loss of public focus
- Conflicting objectives
- Payment issues
- Contract variations
• Assessing the contract
• How to assess continuing viability – performance management
• Right to audit clauses
• A new paper on auditing external business relationships
Exercise 10 – Challenges of auditing external contracts
Auditing Business Continuity Management
• The importance of Business Continuity Planning (BCP)
• The need to recognise BCP is not just about IT recovery
• Reviewing the different types of disaster – have all been
considered?
• Does the organisation’s leadership understand the current business
continuity risk level and the potential impacts of likely degrees of
loss?
• Can the organisation prove the business continuity risks are
mitigated to an approved acceptable
• Are they tested effectively?
• Is the Board well set up to respond swiftly and capably in a crisis?
• The transition from an emergency to a disaster and the questions
to ask at each stage
T: +971 4 335 2437 F: +971 4 335 2438 E: register@iirme.com W: www.iirme.com/auditcertificate
13. • Is there an appropriate contingency plan ready to be used to
manage a crisis?
• Communication testing
• Alternative site testing
• A paper on BCP resilience will be shared
Exercise 11 – BCP audit discussion
Day Four
CSR And VFM Audit
Social Responsibility, Ethics And Meeting Stakeholder
Expectations
• The increasing importance of Corporate Social Responsibility (CSR)
• New IIA standard 2110 re-auditing of ethics
• What constitutes CSR?
• The wider aspects of CSR and the implications for IA
• Doing responsible things responsibly
• A paper on auditing ethics will be provided
• Redefining the IA role with CSR in mind
• An audit framework
• How to audit CSR – key steps
- Is communication with main stakeholders taken seriously?
- Are the expectations of these stakeholders accurately
understood, and what are the risks that these will not be met?
- Are opportunities taken to develop the ethical reputation of the
business?
- How do we ensure that staff have and display the right
attitudes?
- Has the business assessed its reputation for social responsibility
and its impact on your business prosperity?
- Is the Board, and in particular the Chief Executive, sensitive and
responsive to the concerns of customers?
Exercise 12 – CSR and meeting expectations – the audit challenges
The Modern Approach To Value For Money (VFM) Auditing
• What is VFM auditing?
• How does it differ from other audit approaches?
• The relationship between VFM and other types of audit
• The benefits of VFM auditing
• The associated dangers e.g. trying to quantify non-quantifiable
savings
The 3 Es
• The 3 Es – the cornerstone of VFM auditing
• Economy and how it can be evaluated
• Examples of poor economy
• Efficiency and how it should be assessed
• Why it is critical to evaluate efficiency – with examples
• Effectiveness and how it can be assessed
• Identification of inputs and outputs
• How to measure the 3 Es
Exercise 13 – VFM review of customer service
Key Steps In Completing a VFM Review
• How to select VFM topics
• The research phase
• Objectives, methodology and techniques
• Establishing terms of reference (how this differs from a traditional
assignment)
• Defining the boundaries of the review
• Gathering of information
• Evaluation of data and effectiveness of management processes
• Evaluation of performance and cost saving potential
• Measuring the benefits
Exercise 14 – Assessing performance via PIs
VFM Audit Techniques
• The range of techniques
• Comparative analysis
• Evaluating effectiveness, efficiency and economy
• Evaluating productivity in practice
• Working with other specialists
• Measuring opportunities
Case Studies With Hints, Tips And Practical Advice
• Practical applications for VFM – open discussion with an
opportunity for delegates to raise specific concerns and ideas
Exercise 15 – VFM audits – topics will be chosen by the delegates
and the audit brainstormed
Day Five
Auditing In The IT Arena
Auditing IT Projects
• New GTAG IT risks
• Project management audit
- Project organisation
- Content and scope
- Time management
- Cost management
- Quality management
- HR issues
- Communication
- Reporting
- Risk management
- Procurement
• Other types of project audit
- Business case audit
- Business requirements audit
- Project framework audit e.g. use of PRINCE
- Post project audit
Exercise 16 – Completing an IT project audit
Auditing Systems Under Development
• Why auditing systems under development need not compromise
your wider audit role
• The need to audit at key stages – not to be part of the project
team
• Ensuring that the processes and policies are complied with
• Determining the points of potential failure
• Ensuring controls are not bypassed – due to time constraints
• Ensuring risks are identified at the start and regularly reviewed
• Ensuring sufficient end user involvement
• Audit stages and the questions to ask
Exercise 17 – Challenges of systems development audit
IT Auditing For Non IT Specialists
• Global Technology Audit Guides (GTAGs)
- Information technology controls
- Management of IT auditing
- Managing and auditing IT vulnerabilities
- Auditing application controls
- Information technology outsourcing
- Identity and access management
- Change and patch management controls
- Managing and auditing privacy risks
- Developing the IT audit plan
• What can be done without specialist IT audit resources?
• New paper on automated transaction testing
• The need to determine the boundaries
• Defining the IT audit universe
- Focus on high risk areas
- Assess IT vulnerabilities
• Target areas where you are focusing on process rather than
technical aspects
• Use of audit frameworks such as CoBIT and ISO 27000
• The need to review IT governance – IIA new standard
• Risk based audit of general controls (GAIT)
• IIA guidance regarding GAIT
• An ISO 27000 audit checklist will be shared
Exercise 18 – Challenges of IT audit
T: +971 4 335 2437 F: +971 4 335 2438 E: register@iirme.com W: www.iirme.com/auditcertificate
14. After Completing This Course You Will Be Able To:
• Benchmark your IA function against worldwide best practice
• Make the transition from a good function to a great one
• Quality assure your function in line with IIA requirements
• Build a world-class team
• Manage the audit process more efficiently and improve strategic
audit planning
• Deal with the challenges of consultancy
• Manage effective investigations
• Meet the governance challenges
• Deliver stakeholder assurance more effectively
CPE Credits
• Delegates can earn up to 30 CPE credits (18 in the auditing field
of study, 6 in the communications field of study and 6 in the
personal Development field of study)
Who Should Attend?
• Heads of Internal Audit
• Audit Managers and those about to be appointed to that role
• Directors responsible for Internal Audit
• Heads of other assurance functions such as Compliance or Quality
Assurance
• This course is specifically for the most senior audit professionals
Course Level
• This is an advanced level course and delegates should be Head of
the Internal Audit function or a senior manager in the IA or other
assurance role to attend
• Delegates should have a good educational standard (Bachelors
degree or above) and/or a professional qualification
• No advance preparation is required
• Delivery method – Group-live (with exercises and case studies to
provide practical application of the tools and techniques)
• A pre-course questionnaire will be sent out 2-3 weeks prior to the
course date to obtain some information about the delegate’s role
and to provide an opportunity to indicate specific learning
requirements
New For 2014
• A new paper on working with stakeholders will be shared
• New advice on auditing strategy
• New research papers from the ECIIA, E & Y and Protiviti
• Recent professional guidance and practice advisory statements
• New Audit Committee evaluation checklist
• New guidance on co-sourcing
• New guidance on managing dispersed teams
• New IIA guidance – maturity models for assurance
• New IIA integrated auditing guidance
• New IIA guidance on audit plan preparation
• A new paper on engaging senior management will be shared
• 20 questions directors should ask the CAE
Why You Should Attend
This course is unique in that it is targeted specifically to the most
senior assurance professionals – and is based on a series of round
table discussions on the key aspects of a modern Internal Audit
function – and the challenges faced by the ever changing world
economy.
Certificate V
Course Timings: Registration will be at 08:00 on Day One. The course will commence at 08:30 every day and finish at 14:30. There will be
breaks for refreshments at approximately 10:30 and 12:30 and lunch will be served at the end of each day’s session.
A wide range of key topics will be discussed – such as meeting the
changing needs of stakeholders, developing more proactive
relationships with the Audit Committee, auditing corporate social
responsibility and the challenges of making successful presentations.
The course represents a superb opportunity to meet your peers from
both your sector and others and develop new approaches to the
difficult challenges facing audit managers and Heads of Audit today.
The course also includes opportunities to discuss issues of your
choosing with fellow decision makers in the IA profession.
Day One
The Future Of Internal Audit In The MENA
Region
The Significant Changes In The Internal Audit Role
• How the IA profession has changed in the last 10 years
• The transition from a systems based approach to Risk Based
Auditing
• Key messages from the IIA Body of Knowledge survey
• Deciding the strategic direction for your function
• Pulse of the profession survey results
• E & Y and Protiviti survey results
• IIA becoming more effective guidance will be shared
• ECIIA research paper – making the most of the IA function
• Ensuring effective communication lines between the CAE and the
Board
• Gaining assurance regarding the quality of the function’s work
• Overseeing the relationship between the IA function and the
organisation’s centralised risk monitoring function
• Monitoring management follow-up of IA recommendations
Round Table Discussion 1 – The challenges facing Internal
Audit in the region
• Feedback and discussion – and ideas for dealing with the
challenges – generated by the delegates
Meeting Stakeholder Expectations
• Who are the stakeholders?
• Are stakeholders’ expectations known?
• Are the expectations clear?
• How can you meet the widely differing expectations?
• Are there any areas where expectations could be exceeded?
• Are there any quick wins?
• What reports should IA provide to stakeholders?
• A new paper on working with stakeholders will be shared
• New advice on auditing strategy
Round Table Discussion 2 – Meeting the ever expanding
needs of stakeholders – what should the IA role be?
• Feedback and discussion – and ideas for dealing with the
challenges – generated by the delegates
Benchmarking Or Quality Assuring Your IA function
• The power of benchmarking
- To demonstrate excellence
- To meet Board and Audit Committee challenges
- To identify opportunities
- To recognise progress made
- To ensure best practice is being followed
22 – 26 June 2014
14 – 18 December 2014Leading The Internal Audit Function
T: +971 4 335 2437 F: +971 4 335 2438 E: register@iirme.com W: www.iirme.com/auditcertificate
15. • The need for external evaluation as per the IIA standards
- Should be conducted at least once every 5 years
- By a qualified external reviewer
- Results should be given to the Board
• New QA checklists will be shared
Round Table Discussion 3 – Quality assuring the function –
achievements and challenges
• Feedback and discussion – and ideas for dealing with the
challenges – generated by the participants
Recent Professional Guidance And Practice Advisory
Statements 2013
• Risk management
• Senior management resolution of risk
• Management expectations
• IT governance
• Fraud risk
• Business ethics
Day Two
New Challenges
Proactive Audit Committee Relationships
• How to create the correct relationship with the Audit Committee
(or the Board if you do not have an Audit Committee)
• The need for at least one Audit Committee meeting per year
exclusively for Internal Audit
• The need for one–to –one meetings with the Chairman of the
Audit Committee
• The need for the Committee to approve (but not direct) Internal
Audit strategy, plan and performance
• How should the Audit Committee assess IA performance?
• The annual report for the Audit Committee – best practice ideas
• Are effective relationships between IA and EA and other bodies
reviewed by the Audit Committee?
• Is the effectiveness of the risk management environment and
anti-fraud arrangements assessed – what information should be
provided by IA?
• Two new Audit Committee evaluation checklists will be provided
Round Table Discussion 4 – Assessing the Audit Committee/
Board relationship
• Feedback and discussion – and ideas for dealing with the
challenges – generated by the delegates
Building World-Class Internal Audit Teams
• The recruitment dilemma – what if you cannot get the talent you
need
• Determining a strategy for building the team
• Sources of talent – growing your own or recruiting from outside?
• New guidance on co-sourcing
• Should you try to recruit personnel with previous IA experience?
• Which is more important – knowledge of your sector or IA
knowledge?
• Use of coaching
• Performance management – what are the most effective
measures?
• What skills should you be looking for?
• Checklist of issues to assess in a potential auditor
• New guidance on managing dispersed teams will be provided
• Succession planning
Round Table Discussion 5 – The challenges of recruitment in
the Gulf market
• Feedback and discussion – and ideas for dealing with the
challenges – generated by the delegates
Challenges For Internal Audit
• Auditing outsourced operations
- Should these operations be audited?
- How should you tackle such assignments?
- Ensuring contracts include the right to audit
• Value for Money (VFM) Auditing
- What is VFM?
- What are valid VFM topics?
- Does your audit programme target areas of opportunity as well
as risk?
- Do you measure the value of monetary savings made as a direct
result of your audits?
- Are these savings known to and recognised by management?
• Corporate Social Responsibility Auditing
- What is CSR?
- Does it need to be audited?
- The importance of ethics and how it should be reviewed
- A new paper on auditing ethics will be provided
- The need for transparency and accountability
- Challenges of CSR in the Gulf region
Round Table Discussion 6 – Audit challenges (Topics to be
chosen by delegatess on the day) – this is your opportunity to
table any issue that you would like to discuss with your peers
• Feedback and discussion – and ideas for dealing with the
challenges
Day Three
Risk And Governance
Risk Management And Internal Audit
• The need to focus audit attention towards the most significant
risks
• New IIA guidance – maturity models for assurance
• The need for much higher levels of assurance than ever before
• What level of assurance can really be provided?
• What should be the audit role in relation to identification and
managing of risks
• What should the IA role be if your organisation has or does not
have a risk management function?
• Could working with management to identify and evaluate risks
compromise the independence of the function?
• How should audit plans be developed to ensure the correct risk
focus?
• Is Risk Based Auditing a methodology or a state of mind?
• Why has it become so important?
• What are the ideas behind RBA?
• Is RBA a revolution or an evolution?
• Can such an approach really enhance the profile of IA within the
business?
• New IIA integrated auditing guidance will be shared
Round Table Discussion 7 – What does Risk Based Auditing
mean to you? What are the challenges in driving better risk
awareness?
• Feedback and discussion – and ideas for dealing with the
challenges – generated by the delegates
Corporate Governance And The IA Role
• What is Corporate Governance?
• Key challenges for the Gulf region – Hawkamah research
• Meeting stakeholder requirements
• How the organisation is managed on behalf of the stakeholders
• Developments in CG – new paper
• The audit role in the CG process
• The risk focus of the function (and the relative roles of other
assurance providers)
T: +971 4 335 2437 F: +971 4 335 2438 E: register@iirme.com W: www.iirme.com/auditcertificate
16. • Coordination with other assurance providers
• A guidance paper on assessing organisational governance will be
provided
• The external audit relationship
• Role in fraud prevention and investigation
• Managing reputation
- Is communication with main stakeholders taken seriously?
- Do the goals and values of the business, as well as its principal
policies on conduct, sufficiently address the main areas of
reputational risk?
- Are corporate values shared?
- How is sufficient coverage of different business issues achieved
within the policy statements and codes of practice, and is
reputational risk addressed appropriately in each case?
- Are policies governing reputation management clearly
communicated internally?
• Crisis management
- Is there an appropriate contingency plan ready to be used to
manage a crisis?
Round Table Discussion 8 – The challenges of Corporate
Governance
• Feedback and discussion – and ideas for dealing with the
challenges – generated by the delegates
Strategic Audit Planning
• Determining audits priorities
• Determining the audit universe
• Building Risk-Based Audit plans
• Tapping into risk assessments carried out by management
• Determining the level of assurance required
• Getting management input
• New IIA guidance on audit plan preparation will be provided
• Audit planning model – an electronic version will be provided to all
delegates
Round Table Discussion 9 – Strategic audit planning – how to
convince senior management and the Audit Committee that
you are auditing the right topics
Day Four
Managing The Audit Process
• Building an understanding of the audit process
• Establishing audit objectives
• The audit manual
• Developing effective audit programmes
• What makes a good programme?
• Mistakes to avoid
• The dangers of re-inventing the wheel
• Assigning tasks
• Staffing factors
• The need for regular updates for standard programmes
• Supervising and controlling audits – tips for success
Round Table Discussion 10 – What makes a good audit
manual and effective audit programmes
Working Paper Review
• The need to motivate not criticise staff
• The need for peer review during the audit
• How to ensure all areas are covered
• Identification of key review points
• How to write value-added review notes
• Tips for electronic working papers
• Quality control mechanisms
Round Table Discussion 11 – Working paper reviews
Consultancy Assignments
• The IIA standards
• Why consultancy should be encouraged
• The difference in approach
• How to document these assignments
• Reporting consultancy assignments
• Audit by workshop
• Facilitation –dos and don’ts
Round Table Discussion 12 – How to convince management
that consultancy is the direction for Internal Audit
Investigations
• Investigations – the major differences from standard audits
• Which investigations should IA accept?
• How can this decision be made?
• The skills required
• The need for perfect audit trails
• Difficulties
Round Table Discussion 13 – Challenges of investigations
Day Five
Convincing Management
• A new paper on engaging senior management will be shared
• 20 questions directors should ask the CAE
• The need for effective presentations by senior audit management
• Determining the audience and preparing an appropriate approach
• The need for impact
• Deciding the form of presentation
• Use of visual aids
• How many notes should you use
• Use of humour – is this a good idea?
• Education or decision seeking – the different techniques
• How to deliver a successful presentation
- How to combat nerves
- Keeping in control
- How to deal with questions
- Keeping the flow
- The need not to over prepare
- Use of simple language
- How to keep the audience’s interest
- Use of props
- Anticipating the questions
- Considering what the audience will expect
- Assessing the results
- Getting feedback
Round Table Discussion 14 – Challenges of making successful
presentations
• Making presentations
Open Forum
• An open forum will be held to discuss any topic of interest. A
number of topics will be tabled – you can highlight the issues you
would like to discuss on the day
• Topics could include :-
- How to deliver world-class reports
- The challenges of Internal Audit within a family-owned business
- How to audit in an increasingly complex IT environment
- Continuous auditing
- How to make better use of CAATs
- Auditing ISO 31000, 14001 etc
- Selling IA to the business better
- The role of IA in project management
T: +971 4 335 2437 F: +971 4 335 2438 E: register@iirme.com W: www.iirme.com/auditcertificate