Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorLearning and EventsBreadcrumb SeparatorCoursesBreadcrumb SeparatorAdvanced Risk Assessment
Course Description Course Outline Bring Us On Site  

Advanced Risk Assessment

Course Description

​Print-friendly Course Description and Outline

Risk assessment is at the forefront of ensuring internal audit’s value to its stakeholders. Effective risk assessments help ensure an internal audit function is deploying its resources in a way that fulfills its mission within the organization. Risk assessments are also used in risk management, reporting audit issues, and designing internal controls.

Internal auditors, risk management functions and line management all deal with risks, and finding the right balances in an organization can be difficult.  Likewise, some organizations struggle with execution of risk assessment activities such as establishing practical measurement criteria for risks, keeping focus on the risks that are most important to their stakeholders, and deploying resources. Even the terminology around risk is confusing, and often used in different ways.

This advanced practices course is designed for experienced internal auditors and risk managers, and includes the following areas.

  • The fundamentals of risk assessment, beginning with an overview of corporate governance and risk assessment essentials, and continuing into audit universe, audit engagement, risk appetite, fraud, and current events.
  • Practical insights and discussions relating to contemporary best practices of risk assessment activities, including discussions of the causes of failures in risk management.
  • The skill gaps many audit and risk professionals struggle with, such as how to use risk and control frameworks, how to select or construct a risk ranking system, and how to use risk matrix and risk registers.
  • Normal accidents, cognitive biases about risks, and practical guidance on establishing risk appetites.

The critical roles of governance, risk and control (GRC) frameworks in risk assessment are covered and the course includes a simple, practical approach to using the 2013 COSO internal control framework in auditing.

Course Duration: 2 day(s)
CPEs Available: 16
Knowledge Level: Intermediate
Field of Study: Auditing
​Completion of the course, Assessing Risk: Ensuring Internal Audit's Value, or basic risk assessment  knowledge
Advance Preparation: 
Delivery Method: On-site Training (Group-Live)

Infrastructure for Effective Risk Assessment

  • The maturing of internal auditing from compliance to GRC
  • Models of effective of Organization Governance
  • The Three Lines of Defense model
  • Functional and Enterprise-wide Risk Management
  • Controllership and other compliance activities

Nature of Risk

  • The fundamental nature of risk
  • Types and categories of risk events and impacts
  • Clarity of Risk Based Auditing, Risk Management and Risk Assessment
  • The IIA Standards
  • Relationship of risks and root cause

Risk Assessment - Essential Tools

  • Basic and advanced risk terminology
  • The Swiss Cheese model for understanding risk identification
  • The impact of randomness on risk assessment
  • Inherent and Residual Risk definitions, examples and uses
  • The Risk Matrix and Risk Register
  • Normal Accidents and cognitive biases impacting risk assessment

Control and Risk Management Frameworks

  • The needs and requirements for Frameworks
  • COSO 2013 and ERM
  • COBIT for IT controls
  • ISO 31000
  • The COSO Map
  • An organizational Control Policy
  • Case Studies in using COSO 2013 to assess the design adequacy of controls (including risk identification)

Audit Universe Risk Assessment (Macro-level Risk Based Auditing)

  • The IIA Standards – 2000 and 2100
  • Overview of methods for creating audit universes
  • Differing ways to perform Macro-level Risk Based Auditing
  • Coordination with management, the board and other groups
  • Macro-level fraud risk assessment
  • Reporting to management and the board about the status of audits
  • Examples of audit universe risk assessment methodologies

Engagement Risk Assessment (Micro-level Risk Based Auditing)

  • The IIA Standards – 2200 to 2400
  • The role of Governance, Risk and Control Frameworks
  • Major, different types of audits – “know what you’re auditing”
  • The objectives of the engagement risk assessment
  • Risk assessment tools and approaches
  • Identifying key controls and key risks
  • Micro-level fraud risk assessment
  • Examples of engagement risk assessment methodologies
  • Reporting audit results and audit opinions

A Closer Look at Fraud Risk Assessments

  • Auditors responsibilities in preventing and detecting fraud
  • The objectives of fraud risk assessments
  • Evaluating the organization’s fraud risk management activities
  • An organizational fraud policy

Risk Appetite

  • Risk appetite definition and examples
  • Contrast various risk appetite and risk tolerance viewpoints
  • Cautions regarding risk appetite discussions

Workshop-based Risk Assessment Methodologies

  • Facilitated Self-Assessment Overview
  • ERM workshops
  • Risk surveys

Contemporary Risk Assessment Trends and Challenges

  • Legislation and regulatory activities related to risk management
  • Risk and Control-centric management maturity models
  • Recent failures of risk management
  • Other current events impacting internal auditors and risk managers

Most courses can be delivered through on-site training. You might be surprised that the organization leading the profession is just as committed to the delivery of affordable training.

Contact us by calling +1-407-937-1388 or send an e-mail to