IAC

Internal Audit and Controls

This part covers the initial phase of internal audit methodology, teaching participants to perform organizational risk assessments for audit planning using tools like PESTEL and SWOT analysis to identify key vulnerabilities.
Applicable IIA Standards
•2000 – Managing the Internal Audit Activity
•2010 – Planning
•2020 – Communication and Approval
•2030 – Resource Management
•2040 – Policies and Procedures Key Topics
•Key concepts and elements of internal audit.
•Macro Vs. Micro level risk assessment.
•High-level risk management concepts.
•Key objectives of internal control.
•Components of the COSO Framework.
•Role of Internal Audit in Corporate Governance.
Risk Assessment & Internal Audit Planning
•Objectives of the risk assessment process.
•Different types of risk assessment methodologies.
•The objective of internal audit planning.
•Resource allocation

Our internal audit courses emphasize the crucial message: “A flawed process understanding results in a flawed internal audit review.” Many auditors often skip in-depth process understanding and jump straight to testing internal controls, a practice that can lead to severe implications, such as:
•Key controls going undetected and therefore untested.
•Key control design deficiencies going unnoticed
•Not identifying unmitigated process risks
•Missing out on essential opportunities for data analytics
•Identify areas for significant process improvement and enhance their understanding. It includes the final steps of the audit methodology, focusing on effective communication and audit reporting skills. This part features a detailed outline and a case study on the procurement process.

•1120 – Individual Objectivity
•1200 – Proficiency & Due Professional Care
•2200 – Engagement Planning
•2201 – Planning Considerations
•2210 – Engagement Objectives
•2220 – Engagement Scope
•2230 – Engagement Resource Allocation
•2240 – Engagement Work Program
•2300 – Performing the Engagement
•2310 – Identifying Information
•Key challenges faced during the process understanding
•Key objectives behind the process understanding

•Obtaining Documentation & Information
•Analysing information
•Checking previous and other internal control reports
•Industry analysis and research
•Obtaining an understanding of the system functionality
•Understanding user profiles
•Obtaining process Key Performance Indicator

•Conducing the Business Understanding meeting
•Identifying control design deficiencies
•Understanding is not internal control testing
•Identifying process risks
•Identifying process controls
•Address audit issues during this exercise
•Conducing the Process Walkthrough
• Difference between the Understanding Meeting and the Process Walkthrough
•Identifying areas that can be subject to data analytics
•Identifying unsegregated duties
•Identifying automated controls
•Confirming your Understanding & Walkthrough
•Preparing the Risk & Control Matrix

•Applicable Internal Audit Standards
1. 2400 – Communicating Results
2. 2410 – Criteria for Communicating
3. 2420 – Quality of Communications
4. 2421 – Errors and Omissions
5. 2430 – Use of “Conducted in Conformance with the •International Standards for the Professional Practice of Internal Auditing”
1. 2431 – Engagement Disclosure of Nonconformance
2. 2440 – Disseminating Results
3. 2450 – Overall Opinions
•Internal Audit Report Writing
1. The Importance of the Internal Audit Report as the Departments Final Product
2. Understanding your audience
3. Report Content & Structure
4. Effective internal audit execution resulting in high quality internal audit reports
5. Internal Audit Report Content & Structure
6. Report Issuance Standards
7. Different Writing Styles
8. The Executive Summary – A Key Dimension of Successful Writing
9. Drafting a concise, clear and constructive internal audit observation.
10. Drafting an actionable internal audit recommendation
11. Using tables, graphs and charts as part of the internal audit report.
12. An image can say 1000 words
13. The tone of your Internal Audit Report
14. The Organized thought-process