Focus & Features

The need to manage risks is increasingly recognized as essential to effective corporate governance and to maintaining an effective system of internal control. Internal audit plays a key role in providing assurance that risks to the organization are properly managed. Risk-based auditing links the internal audit department's planning activity to an organization's overall risk management framework.

This course provides participants with the knowledge to develop an audit universe and complimentary risk-based internal audit department audit plan. This course also addresses emerging and advanced risk management topics such governance risk, strategic risk, fraud risk, information technology-related risk, and provides insight into auditing the organization's risk management processes. During this course, you will participate in interactive activities and real-life scenarios. Be prepared to walk away with concepts and tools to develop a value-added, risk-based department audit plan for your organization.

Course Objectives

  • Summarize risk management principles and concepts.
  • Identify corporate governance principles.
  • Explain the relationship between governance principles and COSO frameworks.
  • Explain the relationship between governance, risk and control.
  • Identify strategy risk audits.
  • Identify strategy process audits.
  • Identify types of fraud.
  • Examine an anti-fraud program and the role of risk assessment.
  • Identify IT risk assessment frameworks.
  • Discuss cybersecurity, information security, and information technology (IT) governance risks.
  • Assess enterprise risk management process risks.
  • Apply enterprise risk management maturity and comprehensive assessment approaches.
  • Develop an auditable universe risk assessment.
  • Apply risk identification, measurement, and prioritization techniques.

What You Will Learn

Risk Management Principles and Concepts: A Review

  • Risk definitions
  • Risk management definitions
  • Major control and risk frameworks
  • Risk management assessment criteria

Corporate Governance Risk

  • Overview, definition, and standards
  • Relationship between governance, risk and control
  • Governance breakdowns
  • Corporate governance principles
  • Governance principles and COSO frameworks
  • Audit activities and approach

Strategic Risk

  • Strategy overview
  • Definition of strategic risk
  • Internal audit's consideration of strategic risk
  • Strategy related audit
  • Strategy risk audits
  • Strategy process audits

Fraud Risk Assessment

  • Definition and principles
  • Standards and guidelines
  • Anti-fraud program
  • Role of internal audit
  • Internal audit approach
  • Types of fraud
  • The fraud triangle

Information Technology Risk

  • The IT risk landscape
  • IT risk assessment frameworks
  • Internal audit considerations
  • Internal audit focus
  • Cybersecurity
  • Information security
  • Governance

Auditing the ERM Process

  • Enterprise risk management audits: Internal audit considerations
  • Assessing enterprise risk management
  • Maturity assessment approach
  • Comprehensive assessment approach

Developing the Risk-based Audit Plan

  • Auditable universe: General attributes
  • Audit universe risk assessment: Examples
  • Assessment criteria: Sophistication factors
  • Risk identification
  • Risk measurement
  • Risk prioritization

Who will benefit from this course?

This course will enhance the skills of experienced internal audit leaders who want to build on their knowledge and increase their value to the organization by developing effective risk-based department audit plans that address emerging risks based on organizational and internal audit risk assessments, interviews, and research. This course is designed for chief audit executives (CAE), audit directors, audit managers, and senior internal audit practitioners.

PREREQUISITES: Participants should be senior internal audit practitioners or internal audit managers. Completion of the Fundamentals of Risk-based Auditing course is recommended.

No. of CPE Units: 16

Privacy Notice: We collect your personal information to register you in our training/ membership events and photos/videos will be taken for evidentiary purposes in relation to IIAP events. We will use this information to provide services regarding your attendance and if you agree, to send you marketing information. By giving us your personal information you consent to our use of it for the purposes described in this Privacy Notice.

Cancellation & Substitution Policy

  • Cancellations received less than 24 hours prior to the event or after receiving the final confirmation email and zoom link will be charged a cancellation fee, which is 50% of the registration fee.
  • Substitutions are allowed within the same event without incurring a cancellation fee. (Rate should be the same, if not, difference should be paid)
  • No show registrants will be charged 50% of the registration fee.


Virtual set-up/via Zoom

See route

Contact us

For additional event or venue information, please email training@iia-p.orgYou can also reach us at +63 9409551

Sponsors and Partners