Risk-Based Internal Audit

Why Attend

Internal auditing is defined by the Institute of Internal Auditors as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”

Changes in the regulatory and corporate governance environment have significantly increased the expectations that many stakeholders place on the internal audit function. This course guides internal auditors through the required standards for performing the internal audit. It covers up-to-date tips and tools to accomplish the audit in an efficient, flexible, and results-based manner in order to support the organization’s strategic objectives, improve its sustainability and leverage its ability to face future challenges.

Course Methodology

The course uses a mix of interactive techniques, such as brief presentations by the consultant, case studies, live demonstrations of sampling methodologies and group exercises to apply the knowledge acquired throughout the course.

Course Objectives

By the end of the course, participants will be able to:

  • Define the scope and function of internal audit within the company
  • Distinguish the types of internal audit assignments related to operational, compliance, quality, safety or financial internal audit
  • Describe the internal audit planning guidelines and develop a risk-based audit plan
  • Apply techniques for risk identification, controls identification and controls testing
  • Identify the best sampling techniques in an internal audit assignment considering sample size or sample selection
  • Select the appropriate internal audit test tools and list the advantages and disadvantages of each

Target Audience

Delegates with some experience in auditing as well as junior auditors or professionals from finance or other departments looking to develop a focused and best practices approach to the internal audit function. This course is also suitable for supervisors and managers who are interested in updating, upgrading and refreshing their knowledge of the internal audit function.

Target Competencies

  • Risk-based audit planning
  • Evaluating risk management frameworks
  • Evaluating internal audit functions
  • Identifying risk
  • Identifying and designing controls
  • Sampling
  • Completing the fieldwork audit


South Africa

Training Dates:

Each course starts every Monday of each week. Please book your training on a date that is a Monday.

Course Duration:

Unit Standard:

NQF Level:

Number of Credits:

Course Fees

Note: Please fill in the online application form on the left or bottom if this page to receive a quotation with detailed pricing from AATICD.

How to Apply:

To Apply Simply Fill in the Online Enquiries / Applications form on the Right Sidebar or Bottom of this website https://www.aaticd.co.za


When filling the online application form; please take note of your desired Training Month, Duration in Weeks and Training Session. This will give us the exact dates you will be attending your classes.

Also note that Tuition Fees must be paid upfront on or before training start date. This is to ensure that all resources are made availabe for you before you start. You will not be allowed into training if fees are not paid and verified.

Also note that Tuition Fees Cancellations must be made 14 business working days before the starting date of training. This will allow us to do a 50% refund of the total amount paid. If cancellations are made thereafter note that no refund will be made to delegates.

Tuition Fees include teas and lunch as well as either a laptop or tablet which a delegate will take home free of charge.

Tuition Fee DOES NOT include Accommodation, Dinners and other Extra Curricular Activities or Incidentals. Delegates are expected to fund this on their own. AATICD will not be held accountable for any incidents to delegates.

In-House Trainings are also available for 3 or more delegates for any duration. Please consult with our Administration for such In-House training bookings.

Course Outline

  • Risk and internal audit overview
    • Definition of risk
    • Types of risk in an organization
      • Strategic, reporting, compliance, operational, financial and physical
    • Scope of corporate governance
      • Building blocks of corporate governance
      • Internal audit as a function of corporate governance
    • Scope of internal auditing
      • Reasons to have an internal audit function
      • Distinguishing internal from external auditing
      • The internal audit charter
    • The role of an audit committee
    • Risk management process
      • Five steps to accomplish an effective Enterprise Risk Management (ERM) framework
      • COSO enterprise risk management framework
      • Determining the risk appetite
    • The role of internal audit activity in risk management
  • Types of internal auditing
    • Assurance services: the third line of defense
    • Performance auditing
    • Operational auditing
      • Contracts auditing
    • Financial auditing: accounting cycles audited by the internal audit function
    • Security and privacy auditing
    • Quality auditing
    • Compliance auditing
  • Risk-based internal audit: planning the fieldwork
    • Reasons for risk-based audit planning
    • Three stages for implementing risk-based internal audit
      • Stage 1: risk maturity assessment
        • Actions of internal audit to assess risk maturity
        • Overall audit strategy based on risk maturity
        • Conclusion on the risk management framework
      • Stage 2: Production of the audit plan
        • Assurance requirements from board and management
        • Actions to achieve production of an audit plan
          • Identify processes and responses on which assurance is required
          • Categorize and prioritize the risks
          • Scoring and weighing risks
          • Link risks to audit assignments
        • Using assurance maps to determine assurance requirements
      • Stage 3: conducting audit engagements
  • Risk-based internal audit: conducting audit engagements
    • Internal audit role in performing the audit
    • Assessing risks: inherent, control, detection and audit risks
      • How management and internal audit can minimize risk
    • Engagement planning
      • Engagement objectives, scope, and criteria
      • Engagement work program
      • Role of internal audit staff
    • Defining management assertions
    • Uncover risks during audit engagement
      • Example of internal audit risk assessment scale
    • Testing management controls
      • Insights on flow-charting for understanding cycles and controls
      • Assess the design of internal controls
      • Test operating effectiveness of internal controls
    • 10 steps to complete the audit stage
    • Summarizing audit conclusions for the audit committee
  • Technical tools for internal auditors
    • Tips and tools for audit sampling
    • Information gathered by internal auditors
      • 4 qualities of information
      • Sources and nature of information
      • Assessing the degree of persuasiveness
    • Types of engagement procedures
      • 15 internal audit test tools
      • Observation
      • Interviewing: a disliked technique
        • Interviewing skills: how to run a successful interview
        • Roleplay: internal auditor in action
      • Examining records
        • Verification and confirmations
        • ​Vouching and tracing
        • Re-performing
    • Internal audit working papers
      • Best practices for managing working papers
      • Retention policies
    • Communicating fieldwork results and recommendations
      • Legal considerations for communicating results
      • 4 attributes of an observation or recommendation
      • Disseminating results and exit meetings