Risk Based Internal Auditing - UK-OAR351


This course shows ways to maximize the quality and impact of internal audit by focusing on what matters most. Students learn how to develop a risk-based approach, and what tools, techniques and methodologies boost auditor effectiveness.  


Tuition cost


NASBA Certified CPE

24 Credits


Why you should attend

You should attend because modern internal auditing is risk-based and the auditors’ effectiveness hinges on their ability to identify, assess and report on the organization’s ability to manage these risks.

Who should attend

Internal and IT auditors with 0-3 years of experience looking for a comprehensive understanding of the process of internal audit. This foundational course can be used to onboard rotational internal auditors, and other experienced professionals starting th

What You'll learn

You will learn how to plan, perform, and report on the results of risk-based audits. Also, how this approach differs from controls-based, raise awareness, and better articulate the benefits of this approach as a means to add value.


  • A basic knowledge of Internal Auditing
  • How we will work together over the next three days to ensure that the objectives are achieved
  • Why risk based internal auditing?
  • Overview and Objectives
  • The role and purpose of internal audit
  • The added value role of internal audit
  • The different approached to internal audit
  • The way the three key internal audit approaches fit together and/or conflict
  • Exercise
  • What does an organization seek from its internal auditors Risk Management – general concept

Risk management within the business

  • Identifying the risks facing the business
  • Assessing the risk impact
  • Rating /prioritizing risks
  • The risk continuum
  • Exercise
  • Create a corporate risk register for an organization

Corporate Governance

  • Why corporate governance
  • Fitting the pieces of the jigsaw together
  • What does ‘good’ corporate governance look like
  • Is it one size fits all?
  • Exercise
  • What does corporate governance mean to your business and what does it look like

Summary of the day

  • The annual lifecycle of internal audit
  • Tomorrow
  • Any questions

A risk based audit plan

  • Reliance on the organisations risk registers
  • Nature and purpose of internal audit plans
  • Risk based planning
  • Key influences
  • Control environment
  • Exercise
  • Case study create a risk based internal audit plan (including consideration of risks, resources, timescales and the level of assurance required)

Risk based internal auditing – how to guide

  • Terms of reference for the audit
  • Exercise
  • Create a terms of reference for an audit considering approach, scope, risks, controls and added value
  • Audit Documentation
  • Exercise
  • Consider the different methodologies for documenting a system including narrative, flowcharts, and risk matrices
  • Internal audit testing
  • Purpose
  • Methodology
  • Approach
  • Test samples
  • Exercise
  • Consider the elements of and create a test programme for a predetermined internal audit
  • Evidence
  • Exercise
  • Consider why evidence is important and what are the challenges facing internal audit with regard to evidence
  • Emerging findings
  • Exercise
  • Draw together the issues that have arisen during the audit and explore the methods available for reporting them

Summary of the day

  • How the pieces of the jigsaw are fitting together
  • Tomorrow
  • Any questions


  • Individual internal audit reports
  • Internal audit reports to the Audit Committee
  • Internal Audit annual assurance statement
  • Statement on internal control
  • Exercise
  • Consider the content of the annual internal audit assurance statement and the link to the organisations statement on internal control

How to deliver a risk-based audit report

  • What does your client want from an audit report?
  • Written or verbal reporting
  • Frequency of reporting
  • Exercise
  • Consider the format and content of a risk based audit report
  • The internal audit report then what?
  • Follow up
  • Escalation

Is your organisation ready for risk based internal auditing?

  • Profile of internal audit
  • Skill set of the internal audits
  • The maturity of risk management within the organisation
  • The level of assurance required from internal audit by the organisation
  • Exercise
  • Consider whether to simply tick the box or really add value

Closure of the course

  • Has the course achieved its objectives
  • What happens now back at work?
  • How to engage with your organisation
  • Questions

Schedule your course

Use the table below to select the time and location that works best for you.

We don't currently have any dates scheduled for this course.


ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.