Course Information

Internal Audit Today

• Best practices for auditing today

Updated May 2018

• Common opportunities for improvement and growth for audit

• BOD and Executive expectations of today’s auditor

• IIA CBOK Study: Core Competencies for Today’s Internal Auditor

• Identifying where value-added opportunities exist in your organization

• Identifying stakeholders and understanding their needs

• Today’s audit model

• Types of audit engagements

Risky Business: Risk Assessments and Risk Management

• Identifying and understanding business objectives

• Risk management concepts and terms

• Identifying potential risks to the business objectives

• Process Risks, Fraud Risks, Internal vs. External, Technology, Audit Risk

• Heat Maps, Value Maps, Risk Ranking, Impact and Likelihood

• Identifying and evaluating existing controls for known risks

• COSO Framework for controls and control issues

• Evaluating and addressing residual risk

Planning the Audit: Plan the Work, Work the Plan!

• Aligning audit objectives with business objectives while addressing risk

• Determining the risk-based audit plan annually

• Monitoring and updating the audit plan

• Planning individual audits

• Creating the audit plan—scope and objectives

• Staffing needs and roles and responsibilities

• Audit approach and process

• Time and budget

• Utilizing IPPF guidance for audit planning

• Leveraging formal Project Management methodologies for audits

• Involving the business in the initial planning

• Kicking off the audit—planning memos, audit announcement, opening conferences

• Audit planning best practices from leading audit functions Interviewing Tips, Techniques, and Styles

• Understanding how interviewing is used for an audit

• When to use an interview rather than other audit methods

• Avoiding pitfalls during follow-up interviews

• Best practices for planning and conducting interviews

• Interviewing practice exercises

Process Documentation Options and Methods

• When to formally document a process

• The Pros and Cons of using:

o Flowcharts

o Narratives

o Questionnaires

• Using walkthroughs and other walkthrough methods

Audit Programs Methods and Models

• Why an audit program?

• Developing the audit program

• Pros and Cons of standard audit programs versus ad hoc audit programs

• Classifying inherent impacts and likelihoods for various types of risks

• Understanding types of controls—preventive vs. detective and automated vs. manual

• Using narratives, flowcharts, and walkthroughs to identify gaps and potential risks

• Using risk matrices

• Determining what to test—key controls, high-risk processes

• Determining the testing objectives—aligning with business objectives

• Changes in scope, scope limitations, and running out of time

• Review and evaluation of the programs during execution

• Stop-and-go auditing

Automated Tools: Auditing at the Speed of Light!

• Tools for automating the audit process

• Understanding the potential for automation, data analytics, and audit software

• Interpreting data and using it in the audit process

• Making the jump to automation

• Continuous Auditing and Monitoring

Plans, Methods, and Approaches for Testing, Sampling, and Evidence Gathering

• Testing methodologies—manual, automated, and others

• Gathering audit evidence to support objectives

• Comparison between various sampling and testing approaches

• Determining the appropriate sampling and testing approach to use for each audit

objective

• Workpapers and why we need them

• Necessary components of workpapers

• Cross-functional uses of workpapers

• Exercises for planning and testing approaches

• IIA/GASB/ISACA Standards for evidence

Bringing It All Together: Reporting

• The 5 Cs of Audit Reporting

• Identifying what makes a report good versus a bad one and what keeps reports

from getting read

• Determining the readers of audit reports

• Executive Summaries

• Report organization and layout and why it matters

• Using Appendices—why, when, how, and what

• The two-page audit report—your readers will thank you

• Tying evidence to audit objectives to business objectives

• Getting the report out the door quickly

Selling the Results: If You Don’t Do This, the Rest Doesn’t Matter!

• Marketing audit and audit reports and findings to the business

• Methodologies for “selling” audit findings to stakeholders

• Factors that help or hinder selling audit findings and recommendations

• Why timing is crucial

• Establishing relationships and becoming a business partner

• How to sell an audit finding

• Exit conferences and why successful ones are critical to your success

• Follow-up, Monitoring, and Action Plans

• Post-Audit surveys and questionnaires

• Getting the business to ask for audits!

The Audit Team—Yes, You

• Why working as a cohesive team is critical

• How teamwork increases your perceived value as an audit group

• Suggestions for creating a team environment and improving teamwork

• Performance metrics and when to use them