Focus & Features

Get ready to immerse in a comprehensive 4-day seminar on advanced risk-based auditing. The virtual sessions will be held on April 26-27 via Zoomfollowed by in-person sessions on May 3-4 at Diamond Suites & Residences, Cebu City.

This course equips participants with fundamental knowledge for effective risk-based internal audits, covering key concepts like risk nature, sources, appetite, and frameworks. Through interactive sessions and real-life scenarios, gain insights into risk assessment processes and their impact on audit engagements. Understand the importance of risk management in corporate governance and internal control, with risk-based auditing linking planning activities to organizational risk frameworks. Explore advanced topics, including governance, strategic, fraud, and IT-related risks, enhancing your ability to develop comprehensive audit plans tailored to your organization's needs. Walk away with valuable insights and tools for creating a risk-based department audit plan that adds value to your organization.

Course Objectives

I. Fundamentals of Risk-Based Auditing

  • Explain the role of the internal auditor in risk-based auditing.
  • Identify key risk and risk management concepts and principles.
  • Identify internal and external influences of risk.
  • Identify risk categories.
  • Identify well-known risk frameworks, including COSO and ISO 31000.
  • Explain the importance of risk appetite and risk tolerance.
  • Define risk measurement criteria that support the analysis of risk.
  • Interpret the nature of inherent and residual risk.
  • Apply risk and risk management concepts in planning a risk-based audit engagement.
  • Apply tools to conduct a control evaluation in a risk-based audit engagement.
  • Develop best practices for effectively communicating observations in a risk-based audit engagement.

II. Advance Risk-Based Auditing

  • Summarize risk management principles and concepts.
  • Identify corporate governance principles.
  • Explain the relationship between governance principles and COSO frameworks.
  • Explain the relationship between governance, risk and control.
  • Identify strategy risk audits.
  • Identify strategy process audits.
  • Identify types of fraud.
  • Examine an anti-fraud program and the role of risk assessment.
  • Identify IT risk assessment frameworks.
  • Discuss cybersecurity, information security, and information technology (IT) governance risks.
  • Assess enterprise risk management process risks.
  • Apply enterprise risk management maturity and comprehensive assessment approaches.
  • Develop an auditable universe risk assessment.
  • Apply risk identification, measurement, and prioritization techniques.

You'll Learn

Risk-based Internal Auditing: An Overview

  • The definition of internal auditing
  • The International Standards for the Professional Practice of Internal Auditing (Standards)
  • The value of risk-based internal auditing


Risk and Risk Management: Principles and Concepts

  • Risk overview and the definition of risk
  • Risk management definitions
  • Risk and risk management misconceptions
  • Objectives as they relate to risk
  • Uncertainty as it relates to risk
  • External risk versus internal risk
  • Risk categories
  • Other risk considerations


Risk Frameworks: An Overview

  • The purpose of risk management frameworks
  • Major risk and control frameworks
  • COSO Internal Control Framework
  • COSO ERM Framework
  • ISO 31000


Risk Assessment Criteria

  • The importance of risk assessment criteria in risk-based auditing
  • Risk appetite definition and concepts
  • Integrating risk appetite with risk assessments
  • Risk tolerance definition and concepts
  • Risk likelihood and impact
  • Other risk criteria


The Risk-based Audit Engagement: Planning and Risk Assessment

  • Risk-based audit engagement purpose
  • Risk-based audit engagement approach
  • Risk maturity
  • Risk identification
  • Risk assessment


Risk-based Audit Engagement: Control Evaluation

  • Managing risks
  • Definition of control
  • Types of controls
  • Evaluating controls
  • Tools for evaluating controls


Risk-based Audit Engagement: Communicating Results

  • Purpose of communicating
  • Why audit reports fail to communicate
  • Communicating an audit observation


Risk-based Audit Engagement: Implementation Challenges

  • Roadblocks to success
  • Personal implementation challenges
  • Possible solutions

Risk Management Principles and Concepts: A Review

  • Risk definitions
  • Risk management definitions
  • Major control and risk frameworks
  • Risk management assessment criteria


Corporate Governance Risk

  • Overview, definition, and standards
  • Relationship between governance, risk and control
  • Governance breakdowns
  • Corporate governance principles
  • Governance principles and COSO frameworks
  • Audit activities and approach


Strategic Risk

  • Strategy overview
  • Definition of strategic risk
  • Internal audit's consideration of strategic risk
  • Strategy related audit
  • Strategy risk audits
  • Strategy process audits


Fraud Risk Assessment

  • Definition and principles
  • Standards and guidelines
  • Anti-fraud program
  • Role of internal audit
  • Internal audit approach
  • Types of fraud
  • The fraud triangle


Information Technology Risk

  • The IT risk landscape
  • IT risk assessment frameworks
  • Internal audit considerations
  • Internal audit focus
  • Cybersecurity
  • Information security
  • Governance


Auditing the ERM Process

  • Enterprise risk management audits: Internal audit considerations
  • Assessing enterprise risk management
  • Maturity assessment approach
  • Comprehensive assessment approach


Developing the Risk-based Audit Plan

  • Auditable universe: General attributes
  • Audit universe risk assessment: Examples
  • Assessment criteria: Sophistication factors
  • Risk identification
  • Risk measurement
  • Risk prioritization


  • Alvin Sun Cadalin (PROPRIETOR at Alvin Sun Cadalin CPA Consultancy)

    Alvin Sun Cadalin

    PROPRIETOR at Alvin Sun Cadalin CPA Consultancy

    Read Bio

General Information

Who will benefit from this course?

This course will enhance the skills of experienced internal audit leaders who want to build on their knowledge and increase their value to the organization by developing effective risk-based department audit plans that address emerging risks based on organizational and internal audit risk assessments, interviews, and research. This course is designed for:

  • Chief Audit Executives (CAE)
  • Audit Directors
  • Audit Managers
  • Senior Internal Audit Practitioners.


  • Participants should be senior internal audit practitioners or internal audit managers.
  • Completion of the Fundamentals of Risk-based Auditing course is recommended.

No. of CPE Units: 32 for IIA Certification

Cancellation Policy:

  1. Cancellations received beyond April 19 and no-show will be charged 50% of the registration fee. Request for refund of the remaining fee must be done through email. Expect at least two weeks of processing time upon verification of refund.
  2. Substitutions are allowed if the membership status of the two participants is the same; otherwise, the difference in the ticket price must be settled.

Privacy Notice:

We collect your personal information to register you in our training/ membership events and photos/videos will be taken for evidentiary purposes in relation to IIAP events. We will use this information to provide services regarding your attendance and if you agree, to send you marketing information. By giving us your personal information you consent to our use of it for the purposes described in this Privacy Notice.

Tickets Register

Member Price ₱18,000