Assessing Risk Ensuring Internal Audit Value

Focus and Features

Risk assessments in their various forms (e.g., annual audit planning, engagement planning, enterprise risk management, etc.) are a key building block for numerous internal audit activities, deliverables, and communications such as periodic audit planning schedules, audit engagement planning memos, audit reports, ERM activities, and audit committee reports. However, many internal auditors and internal audit functions struggle to find the right risk assessment framework that balances stakeholder needs and resources available for this time-intensive activity. Likewise, many internal auditors struggle with execution of risk assessment activities such as establishing practical and consistent measurement criteria for rating and ranking risks as well as keeping a keen focus on the risks that are most important to their stakeholders. Risk assessment is at the forefront of ensuring internal audit's value to its stakeholders. Without effective risk assessment activities, an internal audit function has little assurance that it is deploying its resources in a way that fulfills its mission within the organization.

This course provides practical insights relating to contemporary best practices of risk assessment activities and allows participants to apply what they have learned so that they can implement risk assessment activities at their organization. This interactive and engaging two-day course takes a deep dive into the fundamentals of risk assessment; nuances such as audit universe, risk appetite, and fraud; and the challenges of implementation. It also addresses skill gaps many internal auditors struggle with such as how to develop their own risk assessment frameworks and how to select or construct a risk ranking system. After reviewing real examples of risk assessment models used by leading internal audit functions, participants will have the opportunity to develop their own risk assessment frameworks by picking and choosing those elements and best practices that best meet the risk assessment needs of their organization, no matter the size or maturity level of their internal audit function.

What You Will Learn

Nature of Risk

• Explain the fundamental nature of risk.
• Recognize patterns of change in an organization.
• List potential changes that could impact organizational opportunities and threats.
• Recognize types and categories of risk.
• Explain the strategic influences on risk assessment.

Risk Assessment Essentials

• Identify the essential building blocks of a risk assessment.
• Clarify internal audit's role in risk management and risk assessment with its key stakeholders.
• Contrast various control framework risk assessment criteria.
• Utilize a common vocabulary for discussing risk assessment activities.
• List the common risk assessment activities in which internal audit functions have engaged historically.

Contemporary Risk Assessment Trends

• Discuss contemporary trends relating to risk concerns of internal audit stakeholders.
• Trace the history of events and regulatory influences on stakeholder perceptions and expectations concerning the role of the internal audit function.
• Describe the diversity of stakeholder needs for partnership in risk assessment activities (past and present).
• Recognize how legislation and regulatory activity have created opportunities for internal audit to engage differently with stakeholders (in regard to risk assessment activities).
• Identify your organization's risk-centric management maturity level.
• Assess how your organization's risk management maturity level will impact your internal audit risk assessment approach.
• Identify internal audit trends in regard to the risk focus continuum.
• Discuss the results from The IIA Research Foundations' 2010
• Common Body of Knowledge (2010) that relate to risk management and risk assessment.

The Audit Universe

• Assess the completeness of the audit universe.
• Identify auditable units to include in the audit universe.
• Create an audit universe.
• Validate the completeness of the audit universe.

Audit Universe Risk Assessment

• Develop a risk assessment methodology for assessing the audit universe.
• Identify the objectives of the audit universe risk assessment.
• Analyze examples of audit universe risk assessment methodologies.
• Determine the factors that influence the level of sophistication needed for the risk assessment methodology.
• Outline the audit universe risk assessment activities.
• Examine techniques for risk identification and measurement.
• Choose a method for prioritizing risk assessment results.
• Discuss communication of risk assessment results with various stakeholders.

Engagement Risk Assessment

• Develop a risk assessment framework for engagement planning.
• Identify the objectives of the engagement risk assessment.
• Analyze examples of engagement risk assessment methodologies.
• Determine the factors that influence the level of sophistication needed for the risk assessment methodology.
• Outline the engagement risk assessment activities.
• Examine techniques for risk identification and measurement.
• Choose a method for prioritizing risk assessment results.
• Discuss communication of risk assessment results with various stakeholders.

Fraud Risk Assessment

• Perform a fraud risk assessment.
• Identify the objectives of the fraud risk assessment.
• Identify potential fraud schemes.
• Prioritize potential fraud schemes base don risk.
• Discuss communication of risk assessment results to various stakeholders.

Risk Appetite

• Integrate risk appetite into the risk assessment framework.
• Define risk appetite.
• Contrast various risk appetite and risk tolerance viewpoints.

Risk Assessment Implementation Challenges

• Minimize risk assessment implementation issues.
• Contrast the advantages and disadvantages of various risk assessment models.
• Identify solutions to common implementation issues.

Course Closing

• Apply newly learned concepts, techniques, and skills to the work place.
• Restate major concepts, techniques, and skills learned during the course.
• Develop an action plan to apply select concepts, techniques, and skills.
• Identify additional resources to help stay current on issues related to assessing risk.

Who Should Attend

This Seminar is ideal for all auditors