Product RoadmapsITPro RoadmapAuditPro RoadmapPractice Labs Roadmap
When given a project to audit, the task may seem daunting and impossible. Many will not know where to start. Through this course, students will understand the importance of auditing capital projects and will learn tips and tricks to determine the project's risks and risk mitigation techniques. The course will be a general overview and will enable an auditor to develop an audit workflow, prioritize tasks, and understand how all the pieces of the projects fit into one another. Students will be able to have a more intelligent conversation with the project management staff, as some common terms will be defined in the course. Students will also be able to develop effective audit strategies. There are many complexities in understanding the payment process that may affect the findings discovered during the audit. Students will be walked through the chaos to better understand issues and document the correct findings amount. This course will also review some of the most common myths and misconceptions about having a contract and auditing it. Being able to understand contracts and contract risks will be discussed so that students can more effectively understand what the wording means and how a simple word can change the entire intention. Consequently, students will learn what the correct word choice should be and why the contract may not be as strong as they first imagined. Lastly, students will understand what is typically found during an audit and why the audit is important. They can bring this knowledge back to the audit committee or senior management to become a champion that will encourage further audits and to better protect the organization.
This course provides internal auditors with a foundation for approaching an audit of company culture. Learners will be exposed to key drivers and frameworks that can help establish guidelines and parameters around the somewhat nebulous topic of culture. This course will prepare internal auditors for performing an audit of culture by first exposing them to ways in which an organization can be assessed.
We will review how attitudes towards risk, organizational strategies and values, structure, communication styles, and decision-making processes all factor into assessing organizational stances of culture. We will also explore considerations that auditors should be aware of when preparing to perform an audit of culture. Learners will leave this course with a better understanding of how to factor these considerations into their audit work and execute their audit engagement. Finally, this course will illustrate how to best perform an audit of culture and share the audit report with key stakeholders to yield improved outcomes for employees and organizational leaders.
This course will start with an overview of the Enterprise Risk Management process and all the underlying elements of Enterprise Risk Management, including a discussion on risk appetite, governance, and roles & responsibilities. The course will provide more details into the attributes that make an Enterprise Risk Management process effective, such as addressing black swans, using risk-driven metrics, and linking Enterprise Risk Management with the organization’s strategy. Most of the course will involve methods for auditing the Enterprise Risk Management process by assessing the Enterprise Risk Management process according to the COSO framework, comprising five components and twenty principles.
The five components include: 1) Governance & Culture, 2) Strategy & Objective Setting, 3) Performance, and 4) Review & Revision. The objective of the assessment procedures is to determine if the organization’s ERM process exhibits these twenty principles.
There will also be a discussion to address another risk management framework, ISO 31000. A summary of key highlights of ISO 31000 will be covered; we will also compare the commonalities and differences between the ISO risk management framework and the COSO risk management framework.
The course will end with a discussion on Enterprise Risk Management reporting to various stakeholders.
The course will be delivered with practical application of concepts using actual examples, case studies, and exercises.
|More and more today, companies are deciding to undertake the journey to employ Development Security Operations (DevSecOps) as an evolutionary extension of the Agile principles. Change management processes are continuous and largely automated in a DevSecOps environment, which can be challenging for Internal Audit teams, as they must shift their mindsets about IT risks and the controls in place to mitigate them.|
DevSecOps is a software development and delivery approach that emphasizes communication and collaboration between development, security, and IT operations, building on Agile and Lean thinking to provide technology faster, with greater stability, quality, scalability, and security. DevSecOps encompasses many teams involved in the software development and delivery process. The “Dev” side incorporates developers, front-end designers, and quality assurance. The “Ops” area brings in system administrators and support teams responsible for the product after it’s been moved to production. The “Sec” area covers all the cybersecurity professionals responsible for system control, compliance, and secure applications.
In a DevSecOps centric organization, tools are used to automate historically manual tasks, such as code quality checks, execution of test scripts, and deployments. These factors raise some questions about the efficacy of traditional change management controls in the environment, especially Separation of Duties (SoD).
Automation does not have to mean that humans are left out of the process. Manual decisions still need to be made to tell the automated tools how to perform. These human-centric aspects of the process should also be considered in the risk-management approach.
All these challenges and more need to be identified, discussed, and put into perspective as organizations seek to make the transition towards a DevSecOps methodology. The benefits can be numerous, but the risks are plentiful, and the decisions your customers make are the difference between successful implementation and failure. In this course, we will delve into the DevSecOps methodology, assessing how and where auditors can find their footing. We will cover best practices that need to be on the forefront of business leaders’ minds as a DevSecOps culture is adopted, identifying key shifts in mindset that must occur for a seamless transition from manual transactions to automated process flows. Finally, with a forward-thinking approach, we will address how organizational teams can work together in a DevSecOps environment, prioritizing tools and resources that will facilitate meaningful collaboration.
There is a need for public companies to provide investors and consumers with information on organizational operations as it pertains to sustainability initiatives that companies use to drive financial performance. These sustainability initiatives are summarized around three key factors — environmental impact, social responsibility, and good corporate governance.
This course will provide business professionals with a historical background on how these Environmental, Social, and Governance (ESG) factors evolved and how they play an important part in a company's current financial reporting and corporate disclosures. We will look at the current landscape of recommended ESG reporting standards outlined by various organizations and how you can leverage them to create your own set of policies and controls for ESC reporting and disclosures. Finally, we will also look at ESG from an investor's and consumer's perspective and give an overview of how companies are positioning their ESG reporting in alignment with their investments, interests, and values.
An IT auditor with the skills, knowledge and competencies to help organizations navigate through the complex environment of IT risks has never been in higher demand. Every organization in every industry has become aware of the importance of proactively identifying then evaluating and monitoring IT risks. This course is designed to help reinforce and enhance the principles of assessing IT risks. The leaner will emerge with the ability to incorporate and implement the elements of risk assessment and audit planning; identify and apply pertinent audit and security resources; utilize tools of evaluating logical security; evaluate risks within database management systems; monitor risks within change management; test network perimeter security and cloud computing; evaluate threats within the internet of things; add value in the IT auditor’s organization regarding business continuity and disaster recovery planning and IT governance. The learner will also emerge with increased skills regarding effective communication and presentation of the results of the IT audit to various levels of leadership within the organization. The learner will be engaged through case studies of real-life examples and scenarios. The learner will emerge with a wealth of resources, templates and guides which can be adapted to and incorporated into any industry. The course is designed for an IT auditor who has perhaps been in the field for 1-2 years and is looking to increase his/her skills and competencies to move into a more seasoned position of leadership in IT auditing.
This course provides audit practitioners a comprehensive understanding of the types of fraud affecting organizations and shows proven techniques for preventing and detecting fraud.