Risk Based Internal Auditing - MIS Training

The International Leader 

in Audit and Information Security Training 

LONDON 

SUMMER 

SCHOOLS 

2010 

Risk Based Internal Auditing 

Significantly change the way internal audit operates 

within your organisation 

London 

Course Director 

Liz Sandwith 

Liz has a wealth of experience 

having worked in internal audit 

since the 1980’s 

3 day course 5 - 7 July 2010 

“Couldn't ask for a better instructor” 

Kuwait Petroleum Corporation 

“Good overall coverage of 

the subject” 

DONG Energy 

• Understand the basics of risk based internal auditing 

• Develop a risk based audit plan 

• Learn how to produce high quality audit reports 

• Take back the skills learnt into the workplace 

Earn 22 CPE credits 

SAVE 10% 

Attend Consultancy Skills for 

Auditors 8th - 9th July 2010, 

London, and save 10% 

SAVE 

UP TO 50% 

WITH IN HOUSE 

TRAINING 

Details inside 

Enquire or register today 

Web: mistieurope.com/training Email: training@mistieurope.com Tel: +44 (0)20 7779 8454


Significantly change the way internal audit operates 

within your organisation 

London 

3 day course 

5 - 7 July 2010 

Course Director 

Liz Sandwith 

Course focus and features 

Organisations are more and more requiring their internal auditors to increase the level of assurance 

they provide particularly with regard to the risks the organisation faces and how those risks are 

being managed. Internal audit adds value by providing assurances that the risk management 

framework, processes, controls and outcomes are effective. Internal audit provides a prime source 

of assurance for the organisation to consider when reviewing and reporting on the effectiveness of 

the system of internal control. 

In particular organisations are seeking assurances in relation to: 

• The company’s risk profile, how it is affected by major events, and how the company’s risk 

management arrangements are keeping up with changes to the profile 

• The adequacy of the company’s risk management processes, 

• Emerging risks of significant concern, particularly those outside the arena of financial risk 

(strategic, operational, and business risks in particular) 

• Risks associated with both corporate and business unit strategies, 

• Insights about systemic risk-related and control-related issues highlighted in internal audits 

• Risks that fall outside of internal audit’s scope 

• Internal audit’s assessment of what the company is or is not doing to address risks outside the 

scope of the internal audit plan 

Liz Sandwith has been involved in the 

internal auditing profession since the late 

1980’s. She has worked in the public 

sector including central and local 

government and also in the private 

sector. In 1995 she set up her own 

business providing internal audit and risk 

management to a number of businesses 

from central government and local 

government through housing 

associations, regional development 

agencies and including a UK Broadcaster 

– Channel 5. 

Liz has been involved in delivering 

internal audit training since 1991. Liz 

started as a distance learning tutor on 

the Advanced Management paper of the 

IIA-UK and Ireland’s MIIA qualification. 

She then became tutor co-ordinator for 

the same paper and then between 1996 

and 2001 she was Director of Studies for 

the IIA’s Distance Learning Programme. 

Liz was also an external verifier for the 

National Vocational Qualification in Audit 

(Internal) offered by AAT in conjunction 

with IIA-UK and Ireland until 2003. 

In order to keep up to date with new 

internal audit tools and techniques and 

be able to add realism and practicality to 

her training course Liz ensures that 75% 

of her time is spent delivering internal 

audits. She also speaks at internal 

auditing conferences on a variety of 

topics from ‘What do Audit Committies 

Expect from a Modern Internal Audit 

Function?’, ‘Business Continuity Planning’ 

and ‘Ethics, Standards and Trust.’ 

Liz was President of the IIA-UK and 

Ireland 2001-2002 and a Member of the 

European Confederation of IIA’s 2002- 

2004. Her training courses receive high 

ratings from the delegates in terms of 

content, delivery and the practical 

opportunity to ‘do’ and not just listen. 

© MIS Training 2010 

In-House Training - Save up to 50% when you run this course in-house 

In-house tailored training will enable you and your colleagues to make significant savings as we charge per day and not per participant so the cost 

remains the same regardless of how many people attend. We can offer any of our public courses or tailor them to your requirements. Training is available 

in all areas of Internal Audit, IT Audit, and IT Security. 

If you have six or more colleagues who would be interested in one of our courses and you would like to make significant savings, contact us now: 

Email Guy Cooper at gcooper@mistieurope.com or call +44 (0) 20 7779 8454 

You will have complete control of the training content and decide when it is run. We guarantee that we will be able to cater for all your business needs.

Who Should Attend 

Audit Managers and staff who will be involved in carrying out RBIA audit assignments 

Prerequisite 

A basic knowledge of internal auditing 

Learning Level Intermediate 

Fee GBP £1,995 

CPEs 22 

Day One 

Course objectives 

• Understanding the scope and content of the 

course, and how the next three days has the 

potential to significantly change the way 

internal audit operates within your 

organisation. 

Course contract 

• How we will work together over the next 

three days to ensure that he objectives are 

achieved 

Why risk based internal auditing? 

• Overview 

• Objectives 

Back to basics 

• The role and purpose of internal audit 

• The added value role of internal audit 

• Internal audit through the years 

• The different approached to internal audit 

• The way the three key internal audit 

approaches fit together and/or conflict 

Exercise: What does an organisation seek 

from its internal auditors 

Risk management – general concept 

• Risk management within the business 

• Identifying the risks facing the business 

• Assessing the risk impact 

• Rating/prioritising risks 

• The risk continuum 

Exercise: Create a corporate risk register for 

an organisation 

Corporate governance 

• Why corporate governance 

• Fitting the pieces of the jigsaw together 

• What does ‘good’ corporate governance 

look like 

• Is it one size fits all? 

Exercise: What does corporate governance 

mean to your business and what does it 

look like 

Risk based internal audit framework 

• Role of internal audit in the assessment of 

the organisation’s risk management 

approach 

• The link from an audit perspective between 

risk and objectives 

• Risk management continuum 

• The internal audit approach dependent 

upon the risk maturity of the organisation 

• Control environment (MOHICAN) 

Exercise: Consider the techniques available 

to help assess the control environment 

Summary of the day 

• The annual lifecycle of internal audit 

Day Two 

A risk based audit plan 

• Reliance on the organisations risk registers 

• Nature and purpose of internal audit plans 

• Risk based planning 

• Key influences 

• Control environment 

Exercise: Case study create a risk based 

internal audit plan (including consideration 

of risks, resources, timescales and the level 

of assurance required) 

Risk based internal auditing – how to guide 

• Terms of reference for the audit 

Exercise: Create a terms of reference for an 

audit considering approach, scope, risks, 

controls and added value 

• Documenting systems and processes 

Exercise: Consider the different 

methodologies for documenting a system 

including narrative, flowcharts, and risk 

matrices 

• Internal audit testing 

– Purpose 

– Methodology 

– Approach 

– Test samples 

Exercise: Consider the elements of and 

create a test programme for a pre 

determined internal audit 

• Evidence 

Exercise: Consider why evidence is 

important and what are the challenges 

facing internal audit with regard to evidence 

• Emerging findings 

Exercise: Draw together the issues that 

have arisen during the audit and explore the 

methods available for reporting them 

Summary of the day 

• How the pieces of the jigsaw are fitting 

together 

Day Three 

Reporting 

• Individual internal audit reports 

• Internal audit reports to the Audit 

Committee 

• Internal Audit annual assurance statement 

• Statement on internal control 

Exercise: Consider the content of the 

annual internal audit assurance statement 

and the link to the organisations statement 

on internal control 

How to deliver a risk based audit report 

• What does your client want from an audit 

report? 

• Written or verbal reporting 

• Frequency of reporting 

Exercise: Consider the format and content 

of a risk based audit report 

The internal audit report – then what? 

• Follow up 

• Escalation 

Is your organisation ready for risk based 

internal auditing? 

• Profile of internal audit 

• Skill set of the internal audits 

• The maturity of risk management within the 

organisation 

• The level of assurance required from internal 

audit by the organisation 

Exercise: Consider whether to simply tick 

the box or really add value 

Closure of the course 

• Has the course achieved its objectives? 

• What happens now back at work? 

• How to engage with your organisation 

• Questions 



The International Leader 

in Audit and Information Security Training 


Significantly change the way internal audit 

operates within your organisation 

When registering please quote reference WEB 

Registration 


5th - 7th July 2010, London (MT040705) 

GBP £1,995 (+VAT @ 17.5%) 

Please register me 

Customer Information 

Title 

First name 

Surname 

Title/Position 

Organisation 

EU VAT Number (A copy of your tax certificate is also required) 

E-Mail Address (Required) 

Address 

London 

5 - 7 July 2010 

Can’t make this date? 

Contact us to find out when we are next running the event 

Why attend? 

• MIS Training Institute is the global leader in audit and 

infosecurity training, with over 30 years experience and having 

trained over 200,000 delegates 

• MIS Training has been accredited by the British Accreditation 

Council (BAC). The BAC is recognised the world over and 

represents the clearest mark of educational quality. BAC is 

recognised by the UK Border Agency 

• Instructors/speakers are the most reputable in the industry 

• Group sizes are restricted to ensure optimum contact time with 

the facilitator 

• Courses are constantly reviewed and revamped to meet the 

latest legislative and market challenges 

• Gain CPE points towards your professional certification 

Country 

Telephone 

Postcode 

5 easy ways to register 

Tel +44 (0)20 7779 8454 

Fax 

I have read and agree to the terms & conditions 

Payment Information 

You can pay by credit/debit card online at 

www.misteurope.com or call +44 (0)20 7779 8454 

Cheque enclosed (payable to MIS Training) 

Please invoice my company PO# 

Fax +44 (0)20 7779 8293 (please complete this form) 

Email training@mistieurope.com 

Web www.mistieurope.com 

Post Carlos Doughty, MIS Training, Nestor 

House, Playhouse Yard, London EC4V 5EX UK 

(please complete this form) 

The information you provide will be safeguarded by the 

Euromoney Institutional Investor PLC group whose 

subsidiaries may use it to keep you informed of relevant 

products and services. We occasionally allow reputable 

companies outside the Euromoney Institutional Investor 

PLC group to contact you with details of products that 

may be of interest to you. As an international group we 

may transfer your data on a global basis for the purposes 

indicated above. If you object to contact by telephone 

fax or email please tick the relevant box. If you 

do not want us to share your information with other 

reputable companies please tick this box 

Cancellation Policy 

Please ensure you have read this carefully before submitting your registration] MIS Training operates a 20 working day cancellation policy. 

Any cancellations received after 20 days or any delegate that does not attend will be subject to full payment. You may transfer to another 

course/conference for a transfer fee of 25% of the initial booking fee plus the difference between the value of the course/conference you 

are transferred to. This will be invoiced or refunded. Please note that the replacement course/conference must take place within 6 months 

of the initial application. Alternatively you may send another colleague to the initial booked course/conference without incurring any 

additional fees.A full refund less an administration fee of £100 will be given for cancellation requests received up to 20 working days before 

the event. Cancellations must be made in writing and reach the MIS office before the 20 working days deadline. 

Accommodation 

All training venues will be confirmed 3-4 weeks 

prior to the course start date. MIS Training 

Institute has negotiated special accommodation 

rates in 4 star hotels in central London (Zone 1) 

for UK courses. 

VAT 

All delegates attending are liable to pay VAT. Overseas delegates can claim a 

VAT refund under the European Union (EU) 8th and 13th Directives on all eligible 

business expenses such as course fees, hotel accommodation, meals, car hire etc., 

provided you are not registered for VAT in the UK. For more information please 

visit www.mistieurope.com/VAT or email training@mistieurope.com.

Risk Based Internal Auditing - MIS Training

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?