Focus & Features

This course provides the fundamental knowledge needed to become effective in performing risk-based internal audits. Foundational concepts such as the nature of risk, risk sources and categories, risk appetite and tolerances, and risk frameworks are provided to help you understand the application to the audit engagement planning.

During this course, you will participate in interactive activities and real-life scenarios. Be prepared to walk away with best practices an understanding of the risk assessment process and the impact on an audit engagement. The course will offer and key takeaways you can apply to your organization and its internal audit function department. In addition, you will learn the value this approach brings to your organization.

Course Objectives

  • Explain the role of the internal auditor in risk-based auditing.
  • Identify key risk and risk management concepts and principles.
  • Identify internal and external influences of risk.
  • Identify risk categories.
  • Identify well-known risk frameworks, including COSO and ISO 31000.
  • Explain the importance of risk appetite and risk tolerance.
  • Define risk measurement criteria that support the analysis of risk.
  • Interpret the nature of inherent and residual risk.
  • Apply risk and risk management concepts in planning a risk-based audit engagement.
  • Apply tools to conduct a control evaluation in a risk-based audit engagement.
  • Develop best practices for effectively communicating observations in a risk-based audit engagement.

What You Will Learn

Risk-based Internal Auditing: An Overview

  • The definition of internal auditing
  • The International Standards for the Professional Practice of Internal Auditing (Standards)
  • The value of risk-based internal auditing

Risk and Risk Management: Principles and Concepts

  • Risk overview and the definition of risk
  • Risk management definitions
  • Risk and risk management misconceptions
  • Objectives as they relate to risk
  • Uncertainty as it relates to risk
  • External risk versus internal risk
  • Risk categories
  • Other risk considerations

Risk Frameworks: An Overview

  • The purpose of risk management frameworks
  • Major risk and control frameworks

o COSO Internal Control Framework

o COSO ERM Framework

o ISO 31000

Risk Assessment Criteria

  • The importance of risk assessment criteria in risk-based auditing
  • Risk appetite definition and concepts
  • Integrating risk appetite with risk assessments
  • Risk tolerance definition and concepts
  • Risk likelihood and impact
  • Other risk criteria

The Risk-based Audit Engagement: Planning and Risk Assessment

  • Risk-based audit engagement purpose
  • Risk-based audit engagement approach
  • Risk maturity
  • Risk identification
  • Risk assessment

Risk-based Audit Engagement: Control Evaluation

  • Managing risks
  • Definition of control
  • Types of controls
  • Evaluating controls
  • Tools for evaluating controls

Risk-based Audit Engagement: Communicating Results

  • Purpose of communicating
  • Why audit reports fail to communicate
  • Communicating an audit observation

Risk-based Audit Engagement: Implementation Challenges

  • Roadblocks to success
  • Personal implementation challenges
  • Possible solutions

Who Should Attend

This course is designed for internal auditor practitioners who want to learn the principles and concepts of risk and risk management, as well the tools and techniques used to perform a risk-based audit. This course would be beneficial for individual currently performing internal control testing that are transitioning to a risk-based audit approach.

Number of CPE Units : 7

Privacy Notice: We collect your personal information to register you in our training/ membership events and photos/videos will be taken for evidentiary purposes in relation to IIAP events. We will use this information to provide services regarding your attendance and if you agree, to send you marketing information. By giving us your personal information you consent to our use of it for the purposes described in this Privacy Notice.


Cancellations received less than 24 hours prior to the event or after receiving the final confirmation email and zoom link will be charged a cancellation fee, which is 50% of the registration fee.

Substitutions are allowed within the same event without incurring a cancellation fee.

(Rate should be the same, if not, difference should be paid)

No-show registrants will be charged 50% of the registration fee.


Virtual set-up/via Zoom

See route

Contact us

For additional event or venue information, please email training@iia-p.orgYou can also reach us at +63 9409551

Sponsors and Partners