Skip to main content

Process Flow Auditing

Back to Course Schedule
Date(s): Nov 29, 2017 - Nov 30, 2017
Time: 8:30AM - 5:00PM
Registration Fee: $429.00
Cancellation Date: Nov 22, 2017
City: Austin

Course Description

In this pragmatic two-day seminar, attendees will learn how to use process flow auditing (PFA) to analyze and breakdown a business into its core processes and to identify high-payback areas. We will focus on operational auditing and its interaction with IT auditing to arrive at an integrated approach to audits that will help control costs, minimize risks and exposures and maximize understanding of the business. You will explore the critical role of data in process reviews and analysis, determining how to apply business-oriented risks assessment techniques to the key processes of your organization. You will also learn alternative audit tools and methodologies you can use to make your engagements highly effective, boost productivity and maximize payback.

Potential CPE Credits: 16.0
Govt Hours: This class meets 16.0 hours of the 24-hour requirement for governmental CPE under Government Auditing Standards (yellow book), in most cases.
Technical Hours: This class meets 16.0 CPE credits of technical training in compliance with Texas Admin. Code Rule 523.102.

Instruction Type: Classroom
Experience Level: ALL
Category: Auditing

Course Objectives

Upon completion of this course, participants will be able to:

-       Analyze business core processes to identify high-payback areas

-       Recognize the role of data in process reviews and analysis

-       Understand which audit tools and methodologies can impact engagement payback

-       Process Flow Auditing: Primary Function?


Course Outline

1. Process Flow Auditing: Primary Function

2. Understanding the Business
  • primary interdependencies
  • core structure analysis and why it is important

3. Tools, Techniques and Approaches for Maximizing Efficiency
  • traditional tools and techniques: are they applicable to process-based auditing
  • one-on-one interviewing
  • narratives
  • flowcharting
  • alternative tools and techniques that will maximize your impact
     - group-based audit methodology
     - top-down flowchart
     - data/process flow diagrams
     - cause-and-effect diagrams
     - generalized audit software

4. Risk-Intense/Value-Added Processes
  • focusing on business risks
  • identifying key processes and what makes them critical
  • using data to determine risk
  • using risk to establish primary control points
  • maximizing returns

5. Applying PFA to Operational Areas
  • key operational areas and how they link to primary financial processes
  • correlating costs to risk assessment
  • process chains: what the auditor needs to know
  • identifying key performance indicators
  • operational risks in the context of your business
  • creating ongoing management oversight vs. crisis management
  • linking operations to the corporate strategic mission
  • critical questions to ask process owners in order to evaluate risk oversight effectiveness

6. Applying PFA to IS/IT
  • identifying the organization's core systems
  • five critical risk/control zones
  • impact of IS/IT on the primary business operations
  • understanding data flow
  • relating systems to the process flow review
  • key risk points and challenges surrounding IS/IT

7. PFA Case Study

8. IA's Role and Identity


No prerequisites required.


Greg Duckert

Greg Duckert is the Founder of Virtual Governance Institute LLC and is a Senior Consultant for MIS Training Institute. Mr. Duckert is an internationally recognized expert in the field of Enterprise Risk management. He is the author of the Wiley publication Practical Enterprise Risk Management: A Business Process Approach. He is Certified in Risk Management Assurance, Certified in Risk and Information Systems Control, a Certified Public Accountant, a Certified Information Systems Auditor, and is a Certified Internal Auditor. Mr. Duckert was educated at the University of Wisconsin - Madison and obtained an MBA in Accounting in 1989, a BBA in Accounting in 1978, and a BA in Economics in 1971. He specializes in consulting with major organizations regarding progressive Twenty-First Century methodologies for the construction of data centric enterprise risk assessment and management models including Financial, Operational, Regulatory, and IT areas of concern that yield high business value. He also consults with his clients in all areas of ERM, as well as auditing including continuous audit / consulting platforms.

Mr. Duckert is the sole developer and owner of a proprietary approach to risk assessment and management that is applied to both ERM and to enterprise risk data centric risk methodologies for Internal Auditing for organizations of all sizes. During 2012 he worked closely with the General Director - Global Automotive Audit & International Dealer Audit and the General Auditor and Chief Risk Officer of General Motors Corporation in transitioning to his proprietary audit approach known as ORCA™ (Outcome-Risk Centric Auditing). He is currently under contract with a major organization with revenues exceeding the multi-billion $ threshold to build risk based audit and ERM data centric models using his proprietary approaches. In addition, in depth hands on consulting is also performed in the areas of operational analysis and process improvement methodologies. He has developed extensive risk assessment metric inventories for evaluating risks in all organizational areas including operations, IT application systems, IT operations, regulatory and financial areas. Mr. Duckert has addressed the Permanent Undersecretary for Military Affairs of Parliament and the Defense Audit Board of the Ministry of Defense – United Kingdom on the subject matter of creating a risk based business approach to governmental oversight. He is involved in the building of or consulting on the creation of Data Centric Risk Assessment and Management models on an ongoing basis. He conducts seminars and workshops on a global basis and is a frequent speaker at conferences in his areas of expertise.

Mr. Duckert has been engaged in the professional practice of Internal Auditing and Risk Assessment and Management for over 35 years. He founded the Internal Audit function of a Fortune 500 corporation at the age of 27 and built the audit department from non-existence to a highly competent Financial, Operational, Information Technology and Regulatory audit div class="aboutText". He was also the General Auditor and Chief Audit Executive at two other major organizations. The audit positions were in the Manufacturing and Health Care industries. His work in Risk Assessment and Management spans virtually all key industry types.

Additional Information

TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.

If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.

The course coordinator will contact you with parking information. Handicapped parking is free at the meters around the downtown area.

Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.

You might want to bring a light sweater or jacket, as room temperatures vary.

To see answers to our Frequently Asked Questions, visit

Back to Course Schedule