AuditTrends, LLC

Finding the best, sharing with the rest

• Home page
• James Roth
• Seminars
  • Best Practices in Internal Auditing
  • Auditing Culture
  • Implementing COSO 2013
  • Skills for the New Internal Auditor
  • Risk-based Auditing and Reporting
  • Audit Report Writing
  • Implementing ERM: A Practical Approach
  • Leadership & Supervision Skills
  • Relationship Building Skills
• Contact

Risk-based Auditing and Reporting

What you will gain from this seminar:

• Understand an audit process used increasingly by world class audit departments

• Practice the key skills used in this process

• Take home proven evaluation tools used in this process

Who should attend:
Internal auditors with at least one year of experience
_________________________________________________________________________________

Two-day seminar outline

Introduction
- The COSO challenge: How to evaluate soft controls?
- Participative auditing: Get your customer on the audit team

New Tools for Operational Auditing
- Results of two IIA research projects, Control Model Implementation: Best Practices and Best Practices: Evaluating the Corporate Culture

A Better Audit Process
- The traditional audit process
- A better audit process:

• Risk-based
• Participative
• High-payback focus on evaluation of system design

- Audit Simulation: Introduction to Monolithic Diversified Industries (MDI) human resources function

Phase I: Planning
- Planning steps for a participative audit
- The acquisition audit approach
- Audit Simulation: How to digest needed information efficiently
- Audit Simulation: Participative audit planning meeting
- Identifying and assessing risks: four helpful categories
- Characteristics of well-defined audit objectives
- Audit Simulation: Define audit objectives and scope for MDI Human Resources audit

Phase II: Evaluate the Adequacy of System Design
- Documenting internal controls: traditional methods
- Documenting internal controls: the risk/control matrix
- How to guide your audit client through the risk assessment
- Audit Simulation: Concepts and exercises in using the risk/control matrix:

• Defining objectives
• Identifying risks
• Analyzing and assessing risks

• Internal controls: traditional and emerging concepts to help in evaluating design

- Alternative versions of the risk/control matrix:

• Most common features

• To help evaluate the design of controls

• To evaluate a reengineered process

• COSO-ized for a bank

• To evaluate customer service

• Larry Hubbard’s “better matrix”

• Sample completed matrix for human resources

• Sample completed matrix from TDAmeritrade

• Sample completed matrix for insurance agent conduct

Phase III: Evaluate the Effectiveness of Key Controls
- Rules of audit evidence, and how they apply to soft controls
- Five principles for evaluating soft controls
- A “Working Inventory” of Soft Controls
- A risk/control matrix for evaluating the control environment
- Tools for evaluating effectiveness of soft controls: three audit project surveys
- Guidelines for using surveys during audit projects


Phases I-III: Identify Opportunities for Improvement
- The five attribute approach
- Form for developing and reporting opportunities for improvement
- Participative reporting

Two Real-World Examples
- Allina Hospitals and Clinics
- Securian
- Guidelines and Keys to Success


Phase IV: Reporting
- Trends and new approaches
- Alternate rating systems
- Techniques to give credit where credit is due

© 2023 AuditTrends, LLC Contact AuditTrends