About this course:

Course Description

As an organization grows and its internal processes change and evolve, its quality monitoring process must keep pace. To ensure consistent quality in this dynamic environment, an ongoing commitment to growth and improvement is essential.

The required elements of a Quality Assurance and Improvement Program (QAIP) include periodic internal assessments and external assessments to demonstrate conformance with The IIA’s International Standards for the Professional Practice of Internal Auditing. In addition, a quality QAIP can provide evidence to the audit committee and management that the internal audit activity is efficient, effective, and adding value. It can also build stakeholder confidence and document a commitment to quality, leading practices, and the internal auditors’ mindset for professionalism.

This course will provide you with the appropriate knowledge and skills to plan, perform, and evaluate the results of an external quality assessment case study. You will also learn about the processes and tools in the IIA Quality Assessment Manual (QA Manual) that can help you identify opportunities to improve your internal audit quality activities.

Course Objectives

Enrichment of knowledge: The scope for the course is to assist the participants to understand the needs and best practices for maintaining a Cutting-Edged IAD. All challenges will be discussed openly by all participating delegates coming from various backgrounds and industries. Updating of skills: During the course via the use of short presentations and the related workshop talks the CAE’s will be discussing, analysing and given directions to achieving a topnotch internal audit department/process.

Who Should attend?

This is targeted to the upper level of management of an internal audit department.

• Heads of Internal Audit (CAE)
• Audit Managers and those about to be appointed to that role
• Audit supervisors
• Managers of other assurance functions such as Compliance or Quality Assurance
• Directors or VP’s who need to know about the modern IA role

Course Outline:

The Modern Internal Auditor

1. Classical V’s Modern Internal Auditor

• How the IA profession has changed
• The transition from a Systems-based Approach to Risk based Auditing
• Risk and Internal Audit complementing each other
• E&Y and Protiviti survey results
• ECIIA research paper – making the most of the IA function
• Customer complaints / employee complaints?
• Whistle Blowing policy?

2. Facing those challenges head on!

• CAE’s other roles beyond Internal Auditing (risk management and compliance –
  independence and objectivity)
• Assurance services Vs Consulting services
• Developing the Risk-Based Audit Plan
• Quality Assurance audit of the IAD
• Board / AC communication
• Relationship between the IAD & RM
• Close monitoring of the effectiveness of the IAD using the WIP report
• Ensure that the strategies of the IAD are aligned with the company’s strategies

3. Corporate Governance:
   • Introduction to Corporate governance
   • CEO Vs Chairman of the Board – roles and segregation of duties
   • The three-way evaluation of the Board (sample templates will be provided)
   • Board Committees and their structures
   • Frequency of their meetings
   • The relationship of the CAE with the Audit Committee
   • The reporting lines of the CAE
   • Role in Fraud and Fraud prevention
   • Effectiveness assessment of the internal control environment by the AC
   • Reporting of the AC Chairman to the Board
   • AC and the relationships between the IA and the EA
   • Educating the AC!
   • A fully functional IAD

1. IIA – Bench marking your Internal Audit department

• IAD stakeholders and their expectations
• Is the IAD exceeding these expectations?
• Do you obtain written feedback from your customers? if yes, bravo! If not, Why not?
• Assessment of the effectiveness of the risk management process.
• Assist the Risk manager to embed the risk culture in the organization. How?
• Is the IAD’s employees aware what is “RISK?”
• IAD is aware of its own reputational risk?
• Reputation is the best asset but at the same time it can become its biggest nightmare!

5. Enhancing the existing internal audit team
   • Criteria for Recruitment process in the IAD:
     • What is your long-term strategy in building your IAD team?
     • When recruiting you look both internally and externally if no, why not?
     • Specialised knowledge?
     • Do you co-source? Do you outsource? or do have it fully internally?
     • When you consider recruitment what factors do you consider?
       • Professional or not qualifications?
       • Experience in the same industry or not?
       • Competent internal auditor?
       • Communication skills? Etc.
       • Leaders versus doers’ mix?
       • Use of coaching? Teambuilding? Leadership? Training?
     • How often do you perform appraisals on your staff? After every audit?
     • Succession planning in the IAD?

6. IIA – Internal Audit cutting-edge methodology

• IAD Charter
• IIA standards
• Policies & procedures manual of the IAD
• Code of Ethics
• Internal controls – hard and soft controls
• The three lines of defense fully analysed and discussed
• ACFE – Report to the Nations 2018 discussed
• Risk management from an internal audit perspective up to and including the risk-based audit plan
• Risk based internal audit methodology
• Writing a Risk based internal audit Report:
  • Do’s and Don’ts of an IA report
  • Full analysis of a risk-based IA report (template will be provided to delegates)
  • The three reports into one:
    • Executive summary
    • Detailed report
    • Report for Risk manager

7. Continuous monitoring
   • Why continuous monitoring?
   • Who is responsible for continuous monitoring?
   • Continuous assurance – new guidance 2320-4
   • Continuous auditing and continuous monitoring
   • CAAT’s V’s CAATT’s
   • The use of CAATT’s for continuous auditing
   • Continuous risk assessment techniques
   • Examples of continuous auditing
   • Thinking Out of The Box

1. The applicability of the “Three Lines of Defense Model” and avoiding work-duplication

• Third line Vs Second line i.e. Internal Audit, Compliance, Risk Management, AML, Security.
• The relationship between the risk register and the internal audit reports.
• Assisting the Risk manager to update the risk register with your findings.
• Environmental and Social audits where applicable
• First audit of the year should always be, without failure, the Approved Risk Register of the company.
• The organizations Business Continuity Plan (BCP &DR) has it been audited?

1. The challenges of the consultancy role

• The IIA standards
• Why consultancy should be encouraged
• The difference in approach
• How to document these assignments
• Reporting consultancy assignments Audit by workshop
• Facilitation –do’s and don’ts

1. Fraud Investigations

• Internal Audit Vs Fraud Investigations
• Additional skills required to perform a professional and competent investigation:
  • Interviewing skills
  • Observation skills
  • Body language skills
  • Financial knowledge
  • Custody of evidence

1. Communication challenges

• The Art of a Zen Presentation:
  • Techniques and skills required to prepare an effective presentation
  • Skills needed to deliver a successful presentation
• Presentation to the AC of the report findings