Best Practices

in Planning and
Conducting Risk-
Based Internal
Audit

2 day Workshop
15 - 16 April 2019
Overview

This course will explain all the aspects related to planning and conducting effective risk-based 
internal audit. Attendees will learn how to identify risks, perform risk assessments, develop a 
risk-based assurance plan, understand entity-wide controls, and plan and conduct a risk-based 
engagement. In addition, the course will address the importance of corporate governance and
enterprise risk management and discuss the IT and Fraud risk issues that auditor should consid-
er while planning and conducting the audits.

Risk Based Internal Auditing (RBIA) is defined by the Institute of Internal Auditors (IIA) as “a
methodology that links internal auditing to an organization’s overall risk management frame-
work”. RBIA allows internal audit to provide assurance to the bank’s or organization’s board
that various risk management processes are managing risks effectively, in relation to the risk
appetite of the bank or organization. Generally, RBIA is a methodology that supports compli-
ance with international standards. It enables internal audit to be strategically and operationally
linked to the business risk and assurance frameworks.
However, every organization is different with different attitudes to risk, different management
and organizational structures, different processes and procedures, and the need to subscribe to
and comply with diverse conventions and regulations. Experienced internal auditors need to
adapt these ideas to the structures, processes and language of their organization in order to
implement RBIA.

Implemented correctly, RBIA offers tremendous advantaged to the organization. RBIA allows
internal audit to provide the Board of Directors with the assurance that it needs on three areas
including risk management processes, management of the risks classified as key and complete,
accurate and appropriate reporting and classification of risks.

This 2-day course will cover all the aspects related to planning and conducting effective
risk-based internal audit.
Benefits of attending

By end of this course, delegates will be able to:

• UNDERSTAND organisational risk, risk appetite and risk tolerance and how to incorporate
this into internal audit planning
• ACQUIRE the ability to link internal audit planning to organisational risk considerations,
and international frameworks and Standards to provide an organisational specific risk
focused internal audit plan
• UNDERSTAND risk assessment and classification, including application to internal audit
effort
• GAIN improved ability to evaluate risk, incorporate risk attributes into the internal audit
program, and record fieldwork in a manner that links recommendations and improvement
opportunities to controls and risks
• OBTAIN an understanding of Risk Based Internal Audit Methodology
• ATTAIN appreciation for global guidance, international frameworks, and Standards
relevant to Risk Based Internal Audit
• APPLY real risk based internal auditing into their organization
• LEARN how to write risk based audit reports that make an impact
• USE a risk based approach to redefine and refocus their audit activities
Program Outline: Day 01

Risk-based Internal Audit (RBIA)
• Introduction to modern internal audit Standards 
• The principles of risk-based internal auditing
• Control, Governance, and risk management processes 
• Understanding the difference between inherent and residual risk
• Risk assessment and management principles

ERM-Based Internal Audit:
• Understanding the elements of COSO control and ERM frameworks
• Understanding the process for performing an entity wide risk assessment
• Applying Audit Analytical Procedures to identify risky areas 

Identifying RBIA Objective: 
• Defining business process and the process of developing an audit plan
• Determining the audit objective, scope and staffing requirement
• Understanding the process of performing a risk-based engagement
• Identifying the attributes of a business process definition or objective
• Identifying the risk-to-business processes and risk events and how the organization can
manage them.

Program Outline: Day 02

Planning RBIA Engagement:
• Understanding how to prioritize the risks to address in the audit plan
• Interpreting the results when multiple engagements are performed that address the same
high-level risk
• Performing Fraud Risk Assessment and Fraud Audit
• Assessing an organization's risk maturity
Conducting and reporting RBIA Engagement:
• Understanding how to conduct effective internal audit risk-based engagements 
• Testing Internal Control and Transactions based on the risk areas 
• Analyzing the results of the testing based on the residual risks
• Additional considerations related to Fraud and IT Risk-based planning
• Reporting engagement results based on the audit plans

Modern Business Assurance Principles:

• Moving from RBIA planning to Objective-based Planning 
• Building continuous monitoring and auditing tools.
• Working with managing on changing the context to eliminate risks
• Improving the risk culture through effective risk reporting  

Who Should Attend?

This training is highly recommended for Internal Audit and Risk Professionals across all
industry groups including:
• Chief Risk Officers
• Heads of Market, Credit, and
• Operational Risk
• Head of Risk Management Chief Compliance Officers Chief Audit Officers
• Chief Financial Officers Actuaries
• Treasurers
• Auditors (External & Internal) Bank Regulators and Examiners Risk Management
Consultants
• Audit & Risk Committee Members