Auditing Governance, Strategy and Risk Management - UK-OAP341


This course focuses on strategy, governance, risk management and other boardroom processes that have been "no-go" areas for internal audit. It also covers how to make the case for involvement and ways to become a catalyst for improvement.


Tuition cost


NASBA Certified CPE

24 Credits


Why you should attend

You should attend because internal auditors are expected to audit strategic risks and initiatives, yet face challenges defining the methodology, and making the business case for these reviews.

Who should attend

Financial, operational, IT and external auditors; audit managers; corporate attorneys; information security professionals; risk management personnel and line managers who need to gain an understanding of how to successfully mitigate fraud risk in their or

What You'll learn

You will learn how to provide assurance on risks and controls to strategic objectives, which areas to audit and how, ways to build the case for audit involvement, and how to retain your independence and become a catalyst for change.


Fundamentals of Internal Auditing

 Session 1: Understanding the background

  • Internal audit’s focus: past, present and future
  • Key causes of corporate success and failure
  • Case study
  • Lessons from recent crises
  • Does internal audit have a legitimate role?
  • Implications of the latest IIA standards and guidance
  • The case for internal audit involvement

Session 2: Potential audit areas

  • Defining corporate governance
  • The core components of corporate governance
  • What should be audited?
  • Exercise

Session 3: Exploring the options and developing your approach

  • Leveraging internal audit’s dual roles: assurer and adviser
  • The impact of governance maturity on internal audit’s role
  • Understanding the context
  • Focusing on the ‘bigger picture’
  • Integrating into the annual planning process

Session 4: Assuring the governance framework

  • Understanding your organization’s governance arrangements
  • Clarifying roles and responsibilities
  • Board accountability and reserved powers
  • Board committee structures
  • Reviewing board effectiveness
  • Oversight, audit and assurance: the audit committee’s role
  • Recruitment, training and succession planning: the role of the nomination committee
  • Pay and incentives: remuneration committee responsibilities

Session 5: Auditing governance processes

  • Delegations to management
  • Performance management and the links to strategy
  • Stakeholder engagement and communication
  • Internal reporting and disclosure to stakeholders External reporting examples
  • Business continuity and crisis management arrangements
  • IT and project governance: some considerations
  • Internal audit: a catalyst for improvement
  • Internal audit’s focus: the 3Ps
  • Sample audit program

Session 6: Auditing strategy

  • Vision, mission and strategy: defining terms
  • Impact of the latest IIA standards and guidance
  • Auditing strategy: possible approaches
  • Exercise
  • Key stages in the strategic planning/implementation process
  • Internal audit’s potential role at each stage
  • Environmental scanning/development of strategic options: PESTLE and
  • SWOT analysis
  • Evaluation and selection of strategic options
  • Case study
  • Identifying and managing strategic risks: establishing
  • Key Risk Indicators (KRIs)
  • Exercise
  • Communication and gaining ‘buy in’ – internally and externally
  • Effective implementation: SMART target setting and operational alignment with strategic goals
  • Monitoring strategy execution: selecting the right KPIs and tracking KRIs
  • Reporting to stakeholders
  • Avoiding ‘tunnel vision’ and ‘group think’
  • Assuring and enhancing strategy processes

Session 7: Auditing risk management

  • Clarifying roles and responsibilities for risk management
  • Acceptable – and unacceptable – roles for internal audit
  • Case study
  • A review of IIA guidance: the three lines of defence
  • Understanding risk management maturity
  • Assessing the risk management maturity of your organisation
  • Exercise
  • The implications for risk-based internal auditing
  • Defining and auditing risk appetite
  • Exercise
  • Auditing the key components of the ERM framework (risk leadership, risk identification and assessment, risk response, risk monitoring and assurance, risk reporting)
  • Assurance mapping and integrated assurance
  • Things to watch out for: typical weaknesses
  • Internal audit’s role in stimulating improvement
  • Refining your approach as risk management matures
  • Sample audit programme

Gaining buy-in from the Board and Audit Committee

  • Making the business case
  • The 3Ps versus content
  • Dealing with objections
  • Role play: Managing risks to internal audit
  • The implications for independence and objectivity
  • Typical risks and how to manage them
  • Exercise
  • Learning to say no
  • Resource implications
  • Plugging resource gaps
  • Getting started
  • Identifying quick wins to build confidence
  • The role of pilot assignments
  • Communicating success
  • Dos and Don’ts
  • Conclusions and action planning

Schedule your course

Use the table below to select the time and location that works best for you.

Timezone: Asia/Dubai

December 2021

Dec 6th, 2021-Dec 8th, 2021

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: