World Class Internal Audit

Why you should attend

• The Internal audit function is increasingly regarded as a business partner, a catalyst for change and a Governance advisor.
• You therefore need your internal audit function to adopt world class techniques.
• The event represents a superb opportunity to benchmark your activities against worldwide best practice and develop new approaches to the difficult challenges facing Internal Audit today
• A wide range of key topics will be discussed – and tips and proven techniques will be shared to enable the process to be challenged and the service optimised – so that senior management’s expectations are exceeded

After completing this course you will be able to

• ABENCHMARK your IA function against worldwide best practice
• MAKE the transition from a good function to a great one
• BUILD a world-class team
• MANAGE the audit process more efficiently
• ENGAGE more positively with senior management
• ENSURE the IA in risk management is fully understood
• TACKLE the more complex audit topics with confidence

Who should attend

• Heads of Internal Audit
• Audit Managers and those about to be appointed to that role
• Lead Auditors
• Senior auditors
• Other assurance professionals that need a greater understanding of ESG assessment techniques

Course Level

• This is an intermediate to advanced level course and delegates should be Audit Supervisor level or above
• Delegates should have a good educational standard and/or a professional qualification
• No advance preparation is required
• Delivery method – Group-live (with exercises and case studies to provide practical application of the tools and techniques)

CPE credits

Participants will earn 9 CPE credits ( 6 in the Auditing field of study and 3 in the Management Advisory Services field of study)

Day 1 The Changing role of Internal Audit

Responding to the significant changes in the IA role

• How the IA profession has changed in the last 10 years
• New IIA paper on models of effective IA will be shared
• The transition from a systems based approach to Risk based Auditing
• Key messages from the IIA Body of Knowledge survey
• Deciding the strategic direction for your function
• Pulse of the profession survey results
• E & Y and Protiviti survey results
• IIA becoming more effective guidance will be shared
• ECIIA research paper – making the most of the IA function
• Ensuring effective communication lines between the CAE and the board
• Gaining assurance regarding the quality of the function’s work.
• Overseeing the relationship between the IA function and the organisation’s centralised risk monitoring function.
• Monitoring management follow-up of IA recommendations
• Exercise 1 – The challenges facing IA

Ensuring IA is seen as an agent for positive change

• Ensure that your staff know that risk management is not a fad
• or the latest initiative – it is a business process
• Ensure you define risk as the need to get things right – not what
• can go wrong
• ‘Ring fencing’ risk exposure – never allow one part of the
• business to impact the whole organisation
• Determining and communicating your attitude to risk and your
• required risk culture to managers and stakeholders
• Recognise that reputation is both your biggest asset and the
• biggest risk you face – and one you cannot insure
• Do not wait until you are required to provide evidence of
• effective risk management by regulators or legislation – this will
• usually be too late
• Market the audit process internally and to stakeholdersRecognise that your employees will only be interested in
• managing risks if there is a benefit for them in doing so
• Realise that if managers want to get a proposal through, they
• will tend to understate the risk (if you let them)
• Promote risk as the pulse of the organization and make sure
• that you have personnel to regularly take this pulse
• Exercise 2 – The steps IA take to promote themselves

Focusing the authority of the IA function

• Independence & Objectivity
• Reporting lines – the need for independence
• Should you report to the Chief Executive or the Audit
• Committee?
• Audit Committee relationships
• Key requirements of the role and the implications
• Objective assurance
• Consulting
• Adding value
• Improving the organisation’s operations
• Assisting the business to achieve its objectives
• Systematic and disciplined approach
• Evaluate and improve risk management, control and governance processes
• Dealing with the misconceptions of the role
• It is not internal audit’s responsibility to :-
  • detect fraud
  • introduce more and more control
  • find management out
  • Assess the ability of management and staff
  • Train staff
  • Tell management what to do
• Exercise 3 – Redefining the authority of IA

Ensuring top management commitment

• Meet with all key decision makers :-
  • Audit Committee Chairman
  • CEO
  • Chairman
  • CFO
  • COO
  • Other Board members
  • Chief risk Officer (if there is one)
  • Business Unit Heads
• How to deal with resistance
• The need to sell the role to key stakeholders
• A presentation to sell the role will be shared
• The benefits of building strong relationships with key decision makers
• Clarify and record expectations
• Dealing with issues raised
• Exercise 4 – How to gain high level commitment for IA

Day 2 Fully engaging stakeholders

Understanding and hopefully exceeding stakeholder expectations

• Who are the stakeholders?
• Are stakeholders’ expectations known?
• Arranging meetings with all stakeholders
• Workshops with key stakeholders?
• Are the expectations clear?
• How can you meet the widely differing expectations?
• Are there any areas where expectations could be exceeded?
• Are there any quick wins?
• What reports should IA provide to stakeholders?
• A new paper on working with stakeholders will be shared
• New advice on auditing strategy
• What every Director should know about IA – new guidance
• Exercise 5 Meeting the ever expanding requirements of stakeholders – what should the IA role be?

Audit Committee relationships

• How to create the correct relationship with the Audit Committee (or the Board if you do not have an audit committee)
• The need for at least one Audit Committee meeting per year exclusively for Internal Audit?
• The need for one –to –one meetings with the Chairman of the Audit Committee
• The need for the Committee to aapprove (but not direct) internal audit strategy, plan and performance
• How should the Audit Committee assess IA performance
• The annual Report for the Audit Committee – best practice ideas
• Are effective relationships between IA and EA and other bodies reviewed by the Audit Committee?
• Is the effectiveness of the risk management environment and anti-fraud arrangements assessed – what information should be provided by IA?
• 2 new Audit Committee evaluation checklists will be provided
• Exercise 6 – The Audit committee Challenges

Auditing Third Party activities

• Overview of outsourced contract management
• Outsourcing objectives
• Transfer of risk
• Outsourcing delivery models
• Roles and responsibilities
• Different approaches to outsourcing
• The key risks
  • Picking the wrong contractor
  • Higher costs
  • Negative impact on service
  • Loss of control
  • Loss of knowledge or resources
  • Difficulty of bringing the activity back in-house
  • Loss of public focus
  • Conflicting objectives
  • Payment issues
  • Contract variations
• Assessing the contract
• New guidance re assessing data security in outsourced services
• How to assess continuing viability – performance management
• Right to audit clauses
• A new paper on auditing external business relationships
• Exercise 7 – Assessing third party risks

Ensure the IA role in ERM is crystal clear

• Board-level commitment to Enterprise Risk Management (ERM)
• ERM seen as a critical decision tool
• A dedicated risk executive in a senior level position to drive the process
• An ERM culture that encourages full engagement and accountability at all levels of the organization
• Engagement of stakeholders in challenging risk management strategy development and policy setting
• Transparency of risk communication
• Use of sophisticated quantification methods to understand risk and demonstrate added value
• Identification of new and emerging risks using internal data as well as information from external providers
• A move from focusing on risk avoidance and mitigation to leveraging risk and risk management options that extract value
• New paper on auditing the ERM process will be shared
• Exercise 8 – What can IA achieve in relation to ERM?

Building a world class team

• The recruitment dilemma – what if you cannot get the talent you need
• Determining a strategy for building the team
• Sources of talent – growing your own or recruiting from outside?
• New guidance on co-sourcing
• Should you try to recruit personnel with previous IA experience?
• Which is more important – knowledge of your sector or IA knowledge?
• Use of coaching
• Performance management – what are the most effective measures?
• What skills should you be looking for
• Checklist of issues to assess in a potential auditor
• New guidance on managing dispersed teams will be provided
• Succession planning
• Exercise 9 – The challenges of recruitment

Phil Griffiths, FCA

Phil Griffiths is founder and Managing Director of Business Risk Management Ltd.

A Chartered Accountant, he has over 30 years experience in risk management, Corporate Governance, internal audit and fraud prevention as practitioner, professional adviser, facilitator and trainer.

His areas of specialism are:

• Assisting Senior Management to identify, manage and then exploit the risks within their business via facilitated business risk management programmes
• Helping Internal Audit functions to implement world class standards.
• Developing fraud prevention, detection and investigation programmes
• Training both private and public sector organisations in all the above disciplines.

He has extensive experience of the European, Asian, Middle Eastern, and African markets having trained professionals from over 1000 organisations in these regions during the past 15 years

He has extensive experience of managing and auditing major International projects. He has also direct experience of negotiating major contracts (including the largest mobile telecommunications contract in the world at the time)

Phil has developed strategic alliances with professional bodies and world renowned training companies, to deliver training and consultancy services across Europe, Asia, the Middle East and Africa.

He has developed over 300 training courses on all aspects of internal audit, risk management and fraud and delivered them across the globe.

He has led risk management programmes for more than 120 private and public sector clients tailored specifically to include facilitated workshops, development of risk strategies and assistance with implementation

He is an accomplished author. His book ‘Risk Based Auditing’ is an international best seller and his new book ‘Enterprise Risk Management – the key to business success’ is receiving much acclaim

Phil has published research into many aspects of internal audit and risk management best practice, including “Strategic Risk management” “The Need to Co-ordinate Assurance Providers” and “The Expectations of Chief Executives towards Internal Audit and its future”

He is recognised as an accomplished and charismatic facilitator, trainer and lecturer and is in continual demand to speak at the most prestigious events on risk management, internal audit and fraud.

Course Fee and Timings

The fee for the 2-day course is GBP 450 (US$ 550) which includes comprehensive course materials. The course will consist of three 1.5 hour sessions each day.

The course will consist of three 1.5 hour sessions with the following UK timings

• 9.00 – 10.30 Session 1
• 10.30 – 10.45 Break
• 10.45 – 12.15 Session 2
• 12.15 – 13.00 Break
• 13.00 – 14.30 Session 3