Risk School - OAR201


In this course, learners will be introduced to the basic concepts of risk, including different risks and risk management (ERM) frameworks, such as ISO 3000 and COSO ERM, and the IIA's professional guidance on risk management. There will also be a thorough discussion of how to conduct risk assessments, including reviewing several common types of functional risk assessments, such as a fraud risk assessment, an IT risk assessment, and a financial risk assessment. Learners will also learn about Enterprise Risk Management (ERM) fundamentals, including best practices. They will walk through examples of practical tools, templates, and reports commonly used in the risk management process. This discussion will explain the concept of Risk Appetite, measuring the Impact/Likelihood or risks, and Black Swans.  

Once the learner understands risk assessment and enterprise risk management, we will switch gears and discuss the concept of Risk-Based Auditing, including how to apply the risk-based auditing approach toward developing the annual audit plan and planning at the engagement and audit program levels. In addition, this section will include a discussion about root cause analysis, risk mitigation strategies, and data analysis; it will also cover continuous monitoring tools to ensure there is an effective method for addressing risk.  

To better partner with key business stakeholders and add value to your organization, it is necessary to understand some key business risks. Therefore, the course will spend a significant time discussing several key business risks, including Operational, Strategic, People, Regulatory and Financial, Cybersecurity, and Culture, and will also discuss some emerging risks. All along this journey, there will be exercises, informative articles, case studies, actual examples of tools and templates, and graphical depictions to help the student apply concepts and theories to practical use in their organization.  

The course will conclude with a discussion of top risks according to a recent global survey of CEOs and how the audit function can translate these risks into potential audits for the next audit plan update. There will also be a discussion about how the IA function can better prepare for transitioning to a fully Risk-Based Audit methodology by adopting an "agile mindset" and applying agile principles to the audit process. The course will also cover implementing talent management strategies for a risk-based approach. Final thoughts will provide learners with discussion points for presenting a business case to the Audit Committee and executives for implementing Risk-Based Auditing, including the benefits, challenges, and success factors. 


Tuition cost


NASBA Certified CPE

32 Credits


Why you should attend

You should attend because risk dynamics are more complex than ever, and our organizations need our expert support to better identify, assess and manage current and future risks more effectively.

Who should attend

Internal and External Auditors; Risk Management Specialists; and those charged with corporate governance responsibilities

What You'll learn

You will learn the key concepts of risk-based internal auditing, risk assessment and management. Also, how to apply the concepts learned to help your key stakeholders on essential risk concepts and techniques.


  • None

Course Objectives 

  • Know the fundamentals of the concept of risk, different types of risk, some key regulatory frameworks, professional guidance available on the topic of risk, and assessing and managing risks. 
  • Understand the steps of a risk assessment process through risk identification and risk measurement at both the enterprise level and the functional level, including the concept of risk appetite and examples of several different functional risk assessments (Fraud, IT, Financial). 
  • Understand the risk management process (ERM) through recurring risk identification, measurement, and mitigation, including the standard tools, templates, and reporting used in the ERM process through real examples and case studies. 
  • Understand the methodology and process for conducting Risk-Based Auditing at the annual audit planning level, the engagement planning level, and the audit program level. 
  • Know how to prepare the IA function for a Risk-Based Auditing approach, including adopting an agile mindset, hiring/developing audit talent, and communicating with key stakeholders about the benefits/value of Risk-Based Auditing and how to address certain challenges. 

Course Topics  

  1. Risk Basics 
  2. Enterprise Risk 
  3. Enterprise Risk Management (ERM) 
  4. Risk-Based Auditing 
  5. Risk-Based Tools 
  6. Key Business Risks 
  7. Executive Perspectives on Top Risks 
  8. Preparing IA Departments for Risk-based Auditing 
  9. Marketing Risk-Based Auditing 

Schedule your course

Use the table below to select the time and location that works best for you.

Timezone: America/Los_Angeles

August 2021

Aug 16th, 2021-Aug 20th, 2021

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.