Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorLearning and EventsBreadcrumb SeparatorCoursesBreadcrumb SeparatorRisk-based Auditing: A Value Add Proposition
Course Description Course Outline Bring Us On Site  

Risk-based Auditing: A Value Add Proposition

Course Description

Print-friendly Course Description and Outline

​Internal auditing is a profession that’s always evolving, always changing, especially in the area of risk-based audit approaches. Successful audit leaders know that it’s imperative that they continue to hone their skills in guiding their organizations’ risk-based auditing, while improving their current internal audit processes.

Through case studies, group discussions, round tables, and facilitator presentations, this course will help audit team leaders and other management level audit professionals align their organizations’ strategies, visions, and values with the internal audit process.

Furthermore, participants will come to understand the importance of corporate governance and enterprise risk management, while learning to identify risks, perform risk assessments, develop a risk-based assurance plan, understand entity-wide controls, and plan a risk-based engagement.

Course Duration: 2 day(s)
CPEs Available: 16
Knowledge Level: Intermediate
Field of Study: Auditing

Basic knowledge of common risk frameworks such as COSO ERM and at least two years’ experience in internal auditing or completion of Enterprise Risk Management: A Driver for Organizational Success course.

Advance Preparation: 


Delivery Method: On-site Training (Group-Live); Seminar (Group-Live)

​Role of Internal Auditing

  • Identify the value of internal auditing
  • Define internal auditing
  • Describe the internal audit Standards related to risk-based auditing
  • Discuss risk-based auditing in organizations

Corporate Governance

  • Define corporate governance
  • Identify Performance Standard 2110: Governance
  • Identify the various aspects of corporate governance
  • Identify Assurance Performance Standard 2110.A1 and the elements of a good ethics program
  • Identify the areas an internal audit must assess, evaluate, and report on to assure adequate corporate governance

Risk Management

  • Define enterprise risk management (ERM) and risk
  • Identify the difference between inherent and residual risk
  • Risk management assumptions
  • Identify the assumptions of risk management
  • Identify the benefits of risk management
  • Identify the categories of risk
  • Identify Performance Standard 2120: Risk Management

Control (and Risk) Frameworks

  • Define Performance Standard 2130: Control
  • Identify the elements of COSO control and ERM frameworks
  • Identify the internal control environment factors, risk management factors, control activity factors, information and communication factors, and monitoring factors
  • Identify the limitations of internal control and factors which override control activities
  • Identify roles and responsibilities in internal control

Entity-wide Risk Assessment

  • Identify Assurance Performance Standard 2130.A1
  • Identify the process for performing an entitywide risk assessment
  • Define business process
  • Identify the process of developing an audit plan

Risk-based Audit Engagement

  • Identify the process of performing a risk-based engagement
  • Identify the attributes of a business process definition or objective
  • Identify the risk-to-business processes and risk events
  • Identify the four common ways to manage risk
  • Identify the definition of controls, the type of controls, and evaluation methods for controls
  • Identify internal audit Standards 2210, 2210.A1, 2210.A2, 2210.A3, and 2240
  • Identify the guidelines for reporting the results of a risk-based audit engagement

​Most courses can be delivered through on-site training. You might be surprised that the organization leading the profession is just as committed to the delivery of affordable training.

Contact us by calling +1-407-937-1388 or send an e-mail to