Focus & Features

This course provides the fundamental knowledge needed to become effective in performing risk-based internal audits. Foundational concepts such as the nature of risk, risk sources and categories, risk appetite and tolerances, and risk frameworks are provided to help you understand the application to the audit engagement planning.

During this course, you will participate in interactive activities and real-life scenarios. Be prepared to walk away with best practices an understanding of the risk assessment process and the impact on an audit engagement. The course will offer and key takeaways you can apply to your organization and its internal audit function department. In addition, you will learn the value this approach brings to your organization.

Course Objectives

  • Explain the role of the internal auditor in risk-based auditing.
  • Identify key risk and risk management concepts and principles.
  • Identify internal and external influences of risk.
  • Identify risk categories.
  • Identify well-known risk frameworks, including COSO and ISO 31000.
  • Explain the importance of risk appetite and risk tolerance.
  • Define risk measurement criteria that support the analysis of risk.
  • Interpret the nature of inherent and residual risk.
  • Apply risk and risk management concepts in planning a risk-based audit engagement.
  • Apply tools to conduct a control evaluation in a risk-based audit engagement.
  • Develop best practices for effectively communicating observations in a risk-based audit engagement.

What You Will Learn

Risk-based Internal Auditing: An Overview

  • The definition of internal auditing
  • The International Standards for the Professional Practice of Internal Auditing (Standards)
  • The value of risk-based internal auditing

Risk and Risk Management: Principles and Concepts

  • Risk overview and the definition of risk
  • Risk management definitions
  • Risk and risk management misconceptions
  • Objectives as they relate to risk
  • Uncertainty as it relates to risk
  • External risk versus internal risk
  • Risk categories
  • Other risk considerations

Risk Frameworks: An Overview

  • The purpose of risk management frameworks
  • Major risk and control frameworks

o COSO Internal Control Framework

o COSO ERM Framework

o ISO 31000

Risk Assessment Criteria

  • The importance of risk assessment criteria in risk-based auditing
  • Risk appetite definition and concepts
  • Integrating risk appetite with risk assessments
  • Risk tolerance definition and concepts
  • Risk likelihood and impact
  • Other risk criteria

The Risk-based Audit Engagement: Planning and Risk Assessment

  • Risk-based audit engagement purpose
  • Risk-based audit engagement approach
  • Risk maturity
  • Risk identification
  • Risk assessment

Risk-based Audit Engagement: Control Evaluation

  • Managing risks
  • Definition of control
  • Types of controls
  • Evaluating controls
  • Tools for evaluating controls

Risk-based Audit Engagement: Communicating Results

  • Purpose of communicating
  • Why audit reports fail to communicate
  • Communicating an audit observation

Risk-based Audit Engagement: Implementation Challenges

  • Roadblocks to success
  • Personal implementation challenges
  • Possible solutions

Who Should Attend

This course is designed for internal auditor practitioners who want to learn the principles and concepts of risk and risk management, as well the tools and techniques used to perform a risk-based audit. This course would be beneficial for individual currently performing internal control testing that are transitioning to a risk-based audit approach.

Number of CPE units: 7


  1. Cancellations received 48 hours before the seminar date and no-show will be charged 50% of the registration fee. Request for refund of the remaining fee must be done through email. Expect at least two weeks of processing time upon verification of refund.
  2. Substitutions are allowed if the membership status of the two participants is the same; otherwise, the difference in the ticket price must be settled.


IIAP's new bank account information under UNIONBANK OF THE PHILIPPINES (UBP)

Note that the submission of Proof of Payment is still mandatory for Official Receipt (OR) issuance.


Bank Details

Account Name : Institute of Internal Auditors Philippines, Inc.


Branch : Insular Ayala-Paseo Branch

Bank Address : GF Insular Life Building Ayala Avenue corner

Paseo de Roxas Makati City

Swift Code : UBPHPHMM

Account no. : 0030 6000 2627 (Peso Checking Account)

Purpose of Transactions : for Seminar/Events Registration and Membership Fees

IMPORTANT! Mandatory submission of proof of payment

via IIAP Website :

Email it to

Privacy Notice: We collect your personal information to register you in our training/ membership events and photos/videos will be taken for evidentiary purposes in relation to IIAP Seminars. We will use this information to provide services regarding your attendance and if you agree, to send you marketing information.

By giving us your personal information you consent to our use of it for the purposes described in this Privacy Notice.


Virtual set-up/via Zoom

See route

Contact us

For additional event or venue information, please email training@iia-p.orgYou can also reach us at +63 9409551

Sponsors and Partners