Risk-based Auditing and Reporting

What you will gain from this seminar:

  • Understand an audit process used increasingly by world class audit departments
  • Practice the key skills used in this process
  • Take home proven evaluation tools used in this process

Who should attend:
Internal auditors with at least one year of experience

Two-day seminar outline

- The COSO challenge: How to evaluate soft controls?
- Participative auditing:
Get your customer on the audit team

New Tools for Operational Auditing
- Results of two IIA research projects, Control Model Implementation: Best Practices and Best Practices: Evaluating the Corporate Culture

A Better Audit Process
- The traditional audit process
- A better audit process:

  • Risk-based
  • Participative
  • High-payback focus on evaluation of system design
- Audit Simulation: Introduction to Monolithic Diversified Industries (MDI) human resources function

Phase I: Planning
- Planning steps for a participative audit
- The acquisition audit approach

- Audit Simulation: How to digest needed information efficiently
- Audit Simulation: Participative audit planning meeting
- Identifying and assessing risks: four helpful categories
- Characteristics of well-defined audit objectives
- Audit Simulation: Define audit objectives and scope for MDI Human Resources audit

Phase II: Evaluate the Adequacy of System Design
- Documenting internal controls: traditional methods
- Documenting internal controls: the risk/control matrix
- How to guide your audit client through the risk assessment
- Audit Simulation: Concepts and exercises in using the risk/control matrix:
  • Defining objectives
  • Identifying risks
  • Analyzing and assessing risks
  • Internal controls: traditional and emerging concepts to help in evaluating design
- Alternative versions of the risk/control matrix:
  • Most common features
  • To help evaluate the design of controls
  • To evaluate a reengineered process
  • COSO-ized for a bank
  • To evaluate customer service
  • Larry Hubbard’s “better matrix”
  • Sample completed matrix for human resources
  • Sample completed matrix from TDAmeritrade
  • Sample completed matrix for insurance agent conduct
Phase III: Evaluate the Effectiveness of Key Controls
- Rules of audit evidence, and how they apply to soft controls
- Five principles for evaluating soft controls
- A “Working Inventory” of Soft Controls
- A risk/control matrix for evaluating the control environment
- Tools for evaluating effectiveness of soft controls: three audit project surveys
- Guidelines for using surveys during audit projects

Phases I-III: Identify Opportunities for Improvement
- The five attribute approach
- Form for developing and reporting opportunities for improvement
- Participative reporting

Two Real-World Examples
- Allina Hospitals and Clinics
- Securian
- Guidelines and Keys to Success

Phase IV: Reporting

- Trends and new approaches
- Alternate rating systems
- Techniques to give credit where credit is due