Risk School

• Risk-Focused Pronouncements and Publications
  • ISO 3100 risk model
    
  • using the COSO ERM model as a baseline
    
  • ERM as presented in the UK/Ireland position paper: the role of internal audit
• Risk-Based Auditing
  • defining risk-based internal auditing
    
  • the undercurrent of change in internal auditing
    
  • comparing and contrasting audit approaches
    
  • risk-based auditing benefits
• Risk Basics: What You Need to Know
  • defining risk in business terms: essential for success
    
  • three key components of real risk assessment
    
  • the audit function and how it should be driven by risk
    
  • relating business risk and control failure
• Establishing a Framework for Risk Analysis
  • alternative methods of determining risk in audit practice
    
  • subjective
    
  • objective
    
  • using core business analysis to drive a top-down risk-based approach
    
  • centering risk assessment around the five key things a business does
• Aligning Key Business Risks with the Audit Universe
  • key universal business risk categories: examples
    
  • prioritizing risk by critical functionality of the business
    
  • identifying the key business risks types in your organization
    
  • creating an effective risk-based audit plan
    
  • truly integrating the risk-based audit plan into the engagement-level risk assessment
• Objectively Driving the Audit Risk Assessment
  • establishing a case for objective-based risk assessment
    
  • using data and proven information
    
  • making your analysis reactive rather than proactive
    
  • data analysis tools and how to use them for risk identification
    
  • interpreting data in the context of risk
    
  • data types: what you must know
    
  • KRIs: output or outcome-based?
    
  • types of analysis
    
  • risk in data movement
    
  • pivotal point of change analysis
    
  • mean dispersion analysis
    
  • others
• Identifying Risk Areas of Primary Concern
  • financial: how to determine what is risk and what is exposure
    
  • operational: focusing on areas of real opportunity
    
  • IS/IT: determining the big payback areas of risk
    
  • regulatory: identifying the real points of risk focus
• Building an Inventory of Key Risk Metrics
  • identifying essential key risk metrics
    
  • financial
    
  • operational
    
  • IS/IT
    
  • regulatory
    
  • keying the metrics to ensure minimum data and maximum risk analysis
• Engagement-Level Risk Assessment
  • engagement risk determined from the audit plan level
    
  • keying in on risk at the engagement level
    
  • focusing your evaluation on risk and control
    
  • building a risk-based audit program
• ERM: The New Risk Frontier
  • understanding the role of IA in ERM
    
  • identifying new areas of audit concern and involvement
    
  • ERM and IA’s symbiotic relationship
• Reengineering the Audit Process to Make it Truly Risk-Based
  • questioning everything in the current audit process
    
  • utilizing multi-purpose risk-based audit tools
    
  • establishing a risk basis for everything you audit
    
  • focusing your audit on discovering root causal events
    
  • narrowing the scope of your audits to focus on only what is risky
    
  • creating a highly efficient risk-based reporting format
• Maximizing on Risk: Internal Audit Opportunity
  • establishing a unique audit role that only you can fill
    
  • Provable Value Concept Auditing (PVCA)
• The Audit Spectrum
  • practice today, tomorrow, the future
    
  • progressing toward risk-focused thought process
    
  • establishing a strategic risk vision
    
  • focusing on the tools of the future: self monitoring
• Marketing Risk-Based Auditing
  • establishing the key advantages: how to get management buy-in
    
  • building the business case
    
  • formulating a transition plan
    
  • re-educating management and the audit committee

Classes start on the date(s) posted herein, and run from 8:30am to 5pm daily, except for the last day of class, which ends at 3pm.