Description
A rigorous, standards-based program for internal auditors, risk managers, and compliance professionals who need to plan, execute, and report audit engagements to a defensible professional standard.
Who This Course Is For
Built for professionals who deliver, oversee, or rely on the internal audit function:
- Internal Audit Professionals & Managers
- Risk Managers & Risk Officers
- Compliance Officers & MLROs
- Finance & Control professionals moving into audit
- Audit Committee support staff
- Candidates preparing for the CIA certification
Course Outline
Domain 1 — Internal Audit Fundamentals
Module 1 — Role of Internal Audit & The Three Lines Model
- Mandate and value proposition of internal audit
- Positioning internal audit within the Three Lines Model
Domain 1 — Internal Audit Fundamentals
Module 2 — Independence, Organizational Positioning & Objectivity
- Functional vs. administrative reporting lines
- Threats to objectivity and safeguards
Domain 1 — Internal Audit Fundamentals
Module 3 — Governance, Risk, and Control Concepts
- How governance, risk management, and control interrelate
- The internal auditor’s assurance role across all three
Domain 1 — Internal Audit Fundamentals
Module 4 — Engagement Planning Basics
- Building an engagement plan and scope
- Overview of the CIA certification structure
- Case discussion: "Is this internal audit or internal control?"
Domain 2 — IIA Standards & Ethics
Module 5 — Core Principles & Code of Ethics
- The IIA’s Core Principles for the Professional Practice of Internal Auditing
- Applying the Code of Ethics in practice
Domain 2 — IIA Standards & Ethics
Module 6 — Audit Charter
- Purpose and required content of an audit charter
- Approval and periodic review process
Domain 2 — IIA Standards & Ethics
Module 7 — Quality Assurance & Improvement Program (QAIP)
- Internal and external quality assessments
- Building continuous improvement into the audit function
Domain 3 — Risk-Based Auditing
Module 8 — Risk Assessment Methodology
- Building the annual audit plan on a risk-based methodology
- Linking the audit universe to organizational risk
Domain 3 — Risk-Based Auditing
Module 9 — Risk vs. Control & Control Types
- Preventive, detective, and corrective controls
- Distinguishing inherent risk from residual risk
Domain 3 — Risk-Based Auditing
Module 10 — Risk & Control Matrix (RCM)
- Structuring an RCM: objectives, risks, controls, and testing procedures
- Using the RCM as the backbone of fieldwork
Domain 3 — Risk-Based Auditing
Module 11 — Sampling Basics
- Statistical vs. judgmental sampling
- Determining sample size and selection method
Domain 3 — Risk-Based Auditing
Workshop — Build a Mini-RCM: Procurement Cycle
- Hands-on construction of a Risk & Control Matrix for a real business cycle
Domain 4 — Internal Audit Report Writing
Module 12 — Attributes of Observations & Recommendations (5C Model)
- Condition, Criteria, Cause, Consequence, Corrective Action
- Writing observations that withstand management pushback
Domain 4 — Internal Audit Report Writing
Module 13 — Risk-Based Rating Methodology
- Rating findings and overall engagement results consistently
- Aligning ratings with the organization’s risk appetite
Domain 4 — Internal Audit Report Writing
Module 14 — Quality of Communications (Perf. Standard 2420)
- Accurate, objective, clear, concise, constructive, complete, and timely reporting
- Communicating findings to management and the Audit Committee
Domain 5 — Fieldwork Execution & Quality Assurance
Module 15 — Testing Techniques & Evidence Gathering
- Inquiry, observation, inspection, and re-performance
- Gathering sufficient, reliable, and relevant audit evidence
Domain 5 — Fieldwork Execution & Quality Assurance
Module 16 — Working Papers & Documentation Standards
- Documentation requirements that support conclusions
- Review and sign-off protocols
Domain 5 — Fieldwork Execution & Quality Assurance
Module 17 — Follow-Up & Closing Assessment
- Tracking management action plans to closure
- Closing assessment and certificate requirements
Learning Outcomes
- Plan and execute a risk-based internal audit engagement end to end
- Build a Risk & Control Matrix and apply appropriate testing and sampling techniques
- Write audit observations using the 5C Model and a defensible risk-based rating
- Apply IIA Standards, the Code of Ethics, and QAIP principles in practice
- Earn a joint BB Academy × The British University in Egypt certificate of completion
