What You Will Gain from This Seminar

Risk-based Auditing and Reporting

What you will gain from this seminar:

·  Understand an audit process used increasingly by world class audit departments

·  Practice the key skills used in this process

·  Take home proven evaluation tools used in this process

Who should attend:
Internal auditors with at least one year of experience
______

Two-day seminar outline

Introduction
- The COSO challenge: How to evaluate soft controls?
- Participative auditing: Get your customer on the audit team
New Tools for Operational Auditing
- Results of two IIA research projects, Control Model Implementation: Best Practices and Best Practices: Evaluating the Corporate Culture
A Better Audit Process
- The traditional audit process
- A better audit process:

·  Risk-based

·  Participative

·  High-payback focus on evaluation of system design

- Audit Simulation: Introduction to Monolithic Diversified Industries (MDI) human resources function
Phase I: Planning
- Planning steps for a participative audit
- The acquisition audit approach
- Audit Simulation: How to digest needed information efficiently
- Audit Simulation: Participative audit planning meeting
- Identifying and assessing risks: four helpful categories
- Characteristics of well-defined audit objectives
- Audit Simulation: Define audit objectives and scope for MDI Human Resources audit
Phase II: Evaluate the Adequacy of System Design
- Documenting internal controls: traditional methods
- Documenting internal controls: the risk/control matrix
- How to guide your audit client through the risk assessment
- Audit Simulation: Concepts and exercises in using the risk/control matrix:

·  Defining objectives

·  Identifying risks

·  Analyzing and assessing risks

·  Internal controls: traditional and emerging concepts to help in evaluating design

- Alternative versions of the risk/control matrix:

·  Most common features

·  To help evaluate the design of controls

·  To evaluate a reengineered process

·  COSO-ized for a bank

·  To evaluate customer service

·  Larry Hubbard’s “better matrix”

·  Sample completed matrix for human resources

·  Sample completed matrix from TDAmeritrade

·  Sample completed matrix for insurance agent conduct

Phase III: Evaluate the Effectiveness of Key Controls
- Rules of audit evidence, and how they apply to soft controls
- Five principles for evaluating soft controls
- A “Working Inventory” of Soft Controls
- A risk/control matrix for evaluating the control environment
- Tools for evaluating effectiveness of soft controls: three audit project surveys
- Guidelines for using surveys during audit projects
Phases I-III: Identify Opportunities for Improvement
- The five attribute approach
- Form for developing and reporting opportunities for improvement
- Participative reporting
Two Real-World Examples
- Allina Hospitals and Clinics
- Securian
- Guidelines and Keys to Success
Phase IV: Reporting
- Trends and new approaches
- Alternate rating systems
- Techniques to give credit where credit is due