Training courses 2014 - Chartered Institute of Internal Auditors

Transcription

www.iia.org.uk/courses
Training courses 2014
IIA Certificate in Internal Audit and Business Risk | Professional development and practice
Strategy and leadership | Risk and audit | Auditing specialist topics | IT audit
Welcome
At the IIA we’re committed to helping our
members fulfil their career potential and within
these pages you will find courses designed
to suit all levels of ability from new entrants
to heads of internal audit. Our continually
expanding portfolio has been designed with
the aim of helping individuals and organisations
stay at the leading edge.
We’ve recently introduced some exciting
new courses to help you with some of the
practical elements of audit work – using Visio
and PowerPoint, for example. You’ll also find
courses on auditing areas of the business we
know members find challenging, including
organisational culture, human resources, IT
governance, networked systems, outsourced
contracts and procurement.
We look forward to welcoming you to one of
our courses soon.
Why choose IIA
training courses?
1. A reputation for excellence
As the professional body for internal auditors in UK
and Ireland, nobody understands the challenges you
face like we do. We know it’s a complex and fast
evolving field and we also know what good internal
audit looks like.
2. Industry standards
All our courses are mapped to the IIA’s competency
framework and based on the latest standards and best
practice. That means you’ll get the relevant skills and
knowledge you and your organisation need.
3. Expert tutors
Our trainers are all specialists in their field. They combine
academic expertise with hands-on experience in a range
of sectors. They can also engage and translate theory
and ideas into meaningful examples.
4. Practical and relevant
Our courses focus on effective implementation, not
just theory, so you’ll take away methodology and ideas
you can apply to your own organisation. We constantly
update our course content to reflect current thinking
and best practice.
Ann Cantillon
Training and
Development Director
5. Tailored and bespoke solutions
If you’re looking for a more tailored approach to training
we can work with you to customise a course for your
whole team and deliver it in-house, saving you time and
money (see p5).
How to book
Visit www.iia.org.uk/courses
Questions? Call our training team on 020 7498 0101
Page 2 | Training courses for internal auditors 2014
Contents
IIA competency framework
4
In-house training
5
Group savings
5
Meet the tutors
6
Risk and audit
Risk based internal auditing – a practitioner’s course
Assurance mapping – a practitioner’s workshop
Risk based internal auditing – an audit management course
Auditing enterprise-wide risk management (ERM)
30
30
31
32
IIA Certificate in Internal Audit and Business Risk
Certificate overview IIA Award in compliance audit and assurance
8
9
10
11
12
13
14
15
IIA/CIPFA Award in audit and assurance in a changing
environment (public sector)
16
IIA Award in corporate governance and risk management
IIA/CIPFA Award in governance and risk management (public sector)
IIA Award in the internal audit planning and assurance framework
IIA Award in the effective delivery of audit and assurance
IIA Award in interpersonal skills for audit and assurance
IIA Award in information systems audit and assurance
Auditing specialist topics
Lean auditing – delivering added value from audit
in an efficient way
Auditing fraud risk – a practitioner’s action plan
Value for money (VFM) / performance auditing
Auditing projects, project management and project risk
Auditing contracts, outsourcing and procurement
Data security risks for internal audit
Auditing the treasury function – a practitioner’s guide
Auditing of culture
Auditing the HR function
33
33
34
35
36
37
38
39
39
Strategy and leadership
Heads of internal audit – induction master class
Successful strategies for heads of internal audit – a master class
Successful strategies for audit managers – a master class
Leading the audit team
The internal auditor’s guide to strategic thinking
18
19
19
20
21
IT audit
Introduction to information systems auditing
Auditing networked systems
Advanced information systems auditing
40
41
42
Professional development and practice
An introduction to internal auditing
Audit report writing
Ultimate persuasion techniques
Techniques for effective testing
A practical guide to evaluating risks and controls
Keeping up with technology – better governance and control
Using Visio to create process maps
Process thinking for internal auditors
Putting Office to better use – CAATs
PowerPoint for meetings and reports
22
23
23
24
25
26
26
27
28
29
Training courses for internal auditors 2014 | Page 3
Develop your professional competencies
In the complex and fast-evolving field of internal
audit it’s vital that practitioners regularly refresh their
knowledge and skills to keep up to date. Continuing
professional development (CPD) helps IIA members
aspire to the highest standards of professional practice.
competency areas for effective internal auditors. There
are four strands to the framework:
•
•
•
•
All the training courses in this brochure are mapped
to the IIA competency framework, which outlines the
International Professional Practices Framework (IPPF)
Knowledge areas
Tools and techniques
Interpersonal skills
IIA competency framework
Co
mm
uni
cat
ion
Int
e
r
pe
rs
he
ot
kills
al s
on
rs
Mana
ging
chang
e
Personal effectiveness
ging
Mana mance
perfor
inv Rese
es ar
tig ch
at &
ion
rol
ont
c
&
ing
ag
an
M
Tools and techn
iqu
es
IPPF
s
ea
ar
ng
lvi
so
y
alit
Qu
Risk & control
es &
ess ent
c
o
pr gem
ess ana
n
i
s
m
Bu ject
pro
Find out more at www.iia.org.uk/cpd
ation
Informology
techn
lem
ob
Pr
Da
ta c
o
& a llecti
nal on
ysis
Intern
al env
ironm
ent
Ex
te
rn
al
en
vir
on
m
en
t
Kno
wl
ed
ge
You’ll see references to
this framework throughout
the brochure to show you
which competency areas are
addressed by each course.
In-house training
Groups save money
If several members of your internal audit team need
training on the same subject, or you want to arrange
a course tailored specifically to your organisation, then
in-house training is the answer. This is a highly effective
training method and has a lasting impact on individual
and team performance.
Booking more than one place? Save with our
group discount.
We can deliver all the courses in this brochure on an
in-house basis. We’ll work with you to understand your
business and your people, and the learning outcomes
you want to achieve. Then we’ll tailor the course
content to meet your needs.
No. of delegates Save
2
£50
3
£150
£400
Benefits of in-house training
Visit www.iia.org.uk/courses/groups
If your organisation books more than one place on the
same training course at the same time, we’ll discount
the total cost.
4 or more 1.The course can address specific issues within
your organisation
2.The whole team can feel comfortable sharing
sensitive information and discussing real examples
3. It’s more convenient – you can pick a date that
suits you
4.Running the course at your premises reduces staff
travel time and expenses
5.We charge a standard daily rate so the cost per
delegate is very cost effective
Contact us
Why not give us a call to talk through your requirements?
Once we understand your objectives we’ll work with the
tutor to put together a programme and a competitive quote.
Call our training team on 020 7498 0101
Email training@iia.org.uk
Visit www.iia.org.uk/courses/inhouse
Meet the tutors
John Chesshire
Stan Dormer
John has over 15 years’ experience
in delivering internal audit assurance
and consulting related services to a
range of organisations, particularly
across the public sector. Prior to
joining the States of Guernsey as
head of internal audit in 2010, he
was a freelance consultant
specialising in the delivery of
internal audit, governance and risk
management activity.
Stan is a recognised expert in the
field of governance, auditing,
business and project risk and IT. He
is highly regarded for innovation
within his subject. Stan is the author
of numerous articles and publications
and was the author of the distance
learning materials and revision
schools supporting IIA qualifications.
CFIIA CISA
CFIIA
Judy Fuggle
Judy has been a full-time trainer
since the mid-1980s. She has worked
extensively within a large publishing
corporation, the arts, the media,
large and small financial organisations
and a wide range of groups within
the public and private sectors.
Her areas of expertise include training
course design, presentation of all
aspects of management training,
interpersonal skills development
programmes, facilitation, mentoring
and a wide menu of management
consultancy services.
Rosamond Goodall
CMIIA
Rosamond has been a facilitator for
IIA qualifications and training since
2003. She has a career that spans 30
years within the financial services and
healthcare industries and is currently
an audit manager within the NHS.
In addition to her internal audit
experience she has managed a project
office for a global financial services
organisation. She has a supportive
approach to training and facilitation
to ensure delegates develop the
knowledge and skills required to be
successful in their careers.
John particularly focuses on the
provision of training and CPD, on
a national and international basis,
including delivery in fragile states.
Stan has run master classes, keynote
sessions and workshops at numerous
conferences and training events
around the world and was the
designer of the first practical resident
continuous audit monitoring.
Ian Middleton
James Paterson
Martin Robinson
Liz Sandwith
Ian is a Chartered Accountant who
came to have an appreciation of the
value of internal audit while working
as an external auditor. He discovered
the IIA in 1987 when he took up his
first director post in Edinburgh.
Previously a finance professional,
James was a head of internal audit
for AstraZeneca plc for seven years.
James has been training, consulting
and coaching HIAs and their teams
for four years and runs a number of
key courses for the IIA.
Martin is the training development
advisor for the IIA. He develops,
presents and facilitates a wide
range of events, seminars and
conferences. His considerable
experience includes subjects such
as risk management, governance,
change management, ethics and
culture, bribery and corruption, IT
audit and audit reporting.
A past IIA president, Liz has always
adopted a hands-on approach
undertaking the more complex
internal audits, supporting and
guiding members of her team, as
well as facilitating IIA training.
MA CA FCIIA
He became a member of the IIA
Scotland, ultimately being elected
chairman. Ian has held a number of
non-executive positions and uses his
considerable experience.
PIIA
James was a member of the IIA
council and is an active participant
at risk and audit conferences and
workshops in the UK and overseas.
James has had numerous articles
published and is currently working
on an auditing book project for
John Wiley & sons.
CFIIA FCIS AFA
Martin chairs the Fraud Advisory
Panel’s fraud prevention and
detection working group. He
worked for 25 years in the audit
and risk department of Lloyds TSB
Group as head of business audit.
CFIIA
An expert on corporate governance,
risk management, assurance,
compliance and internal control Liz is
currently Head of Assurance, Risk and
Compliance for a major health care
provider. Liz has previously worked
for a major TV broadcaster where she
provided the full range of internal
audit services for 13 years.
Dr Stephen Hill
Gary Ingamells
Stephen Maycock
Stephen specialises in e-crime, online
intelligence and data security and
has over 14 years’ experience in
cyber fraud, data protection and IT
governance. He is a Trustee Director
of the Fraud Advisory Panel and chairs
the Cybercrime Working Group. A
published author, he has written for
several well-known publications and
a book, Corporate Fraud: Prevention
& Detection. Stephen has trained UK
police forces’ private-sector fraud
units, not-for-profit organisations,
world banks and major retailers.
Gary is currently an audit manager
at the Department for Work and
Pensions with responsibility for
providing assurance over Information
Management and Security. He has
a degree in Business Management
and also a Post Graduate Certificate
in Education.
Stephen is a professional trainer, writer
and consultant. His broad international
experience, as practitioner and
consultant, spans a number of sectors,
and this has provided him with some
fascinating case studies which he uses
to bring his training to life.
MLPI CIIP
CMIIA
Gary achieved the Advanced Diploma
in 2002 and has been a tutor for the
Internal Audit Practices module ever
since. He also facilitates at the Internal
Audit Practices revision workshops
and the IIA Award in the internal audit
planning and assurance framework.
CFIIA CRMA CIRM
Stephen contributes to the
development of internal audit though
serving as an IIA elected director,
participating in professional committees
and contributing to international
qualification development. He has also
helped foreign governments with the
development of internal auditing and
risk management.
I enjoyed the IIA course because of the way the trainers
successfully mixed the theory of internal auditing
with audit practice, enabling me to gain a greater
understanding of the profession as a whole.
Pauline Douglas
Senior Internal Auditor, Department for International Development
Marian Silltow
CFIIA
Marian has developed and delivered
a range of education and training
programmes for the IIA as well as
authoring several study texts. She
currently delivers workshops for the
certificate, diploma and advanced
diploma qualifications including
advanced internal auditing and
strategic management.
Her teaching style is interactive, friendly
and inclusive. Her principal focus when
delivering revision workshops is to
ensure that delegates achieve their
individual objectives and that they attain
success in the IIA assessment process by
being as well prepared as possible.
John Silltow
John has over 30 years’ experience
of information systems within the
government, private and not for profit
sectors. He has specific expertise in
computer audit, computer security,
business continuity and software
management. He is the author of the
P4 study text and runs courses for the
IIA Certificate programme.
John has authored several texts on
information security and auditing
both at technical as well as student
level. He is also author of Auditing
Business Continuity Management
Plans published by the British
Standards Institution.
Graham Westwood
FIIA
Graham specialises in internal audit
covering principles and organisational
features as well as essential practices
and techniques. Before this, he
gained wide experience of both
performing and managing internal
audit activity in the public sector. Part
of this experience was that of audit
manager with Yorkshire Water. He
was initially a qualified accountant
but now concentrates solely on
internal audit matters.
Graham has been involved with IIA
training, education and examinations
programmes, for which he received
a fellowship.
The IIA Certificate is an accredited modular course
combining theory and practical skills. If you’re new
to internal audit or working in a related role, it will
give you a thorough grounding in the practice and
principles of audit, governance, risk and assurance.
Studying for the IIA Certificate
This programme is ideally suited to those who have
been seconded into internal audit as it will help you
make the most of your time in the role. You can
comfortably complete the IIA Certificate in a year and
there are no exams to sit.
Core IIA Awards
The IIA Certificate is made up of eight individual
awards, each covering a key area of internal audit.
Each award can also be studied individually.
IIA Award in corporate governance
and risk management OR
9
IIA/CIPFA Award in governance
and risk management (public sector) 10
• earn the IACert designation
IIA Award in the internal audit planning
and assurance framework 11
• learn about the framework and processes for
providing assurance on business risks
Optional IIA Awards
• b
uild your skills and knowledge in all aspects
of internal audit
IIA Award in the effective delivery
of audit and assurance 12
• study case studies and practical examples.
IIA Award in interpersonal skills
for audit and assurance
13
IIA Award in information systems
audit and assurance 14
IIA Award in compliance audit and assurance 15
IIA/CIPFA Award in audit and assurance
in a changing environment (public sector) 16
By studying the IIA Certificate you will:
Each award comprises a 30 hour learning programme
which includes a two-day training course and self-study.
You will need to do some reading and set objectives
before attending each course and submit a personal
development log for each award.
Fee
£3460 +VAT plus IIA affiliate membership
(see p29 about joining the IIA)
You have to hold membership to study
the IIA Certificate.
Find out more and register at
www.iia.org.uk/certificate
IIA Award in corporate governance and risk management
Learn about the essential characteristics of corporate
governance and risk management, and the contribution
they make to organisational effectiveness. This award
will help you recognise the importance of assurance
and its role in internal control. The key principles of risk
management, internal control and risk identification and
analysis will be examined closely. You’ll also learn about
embedded monitoring and independent assurance.
Pre-course work
Who should attend?
Two days
• n
ew entrants to internal audit who do not necessarily anticipate
remaining in internal audit as their chosen career path
• internal auditors and internal audit managers
• r isk managers
• a udit committee members
• t hose who join or are seconded to the internal audit team to assist
with a specific project because of their expertise in another area.
Fees
What will I learn?
Upon completion you will be able to:
• u
nderstand the reasons behind the current state of play within the
corporate governance arena
• a ppreciate and consider current and potential future corporate
governance initiatives both in the UK and overseas
• a ssess the extent to which your organisation demonstrates
characteristics of good and effective corporate governance
• u
nderstand basic principles and practices of risk management
including many practical examples drawn from top UK and
overseas organisations
• a ppreciate the contribution that internal control makes to effective
risk management and governance
• u
nderstand the role that internal audit might play within an
organisation’s risk management and governance efforts
• a ppreciate some practical tips on embedding risk management into
the culture of your organisation
• h
ave an overview of risk-based internal auditing.
You will need to read the study text that accompanies
this course and identify your personal objectives.
Presented by
Stephen Maycock CFIIA CRMA CIRM
Graham Westwood FIIA
Duration Earn the
IACert designation
IIA member £895 +VAT
Non-member £1095 +VAT
Study four awards and
gain the IIA Certificate
for £3460 +VAT.
See p8 for details.
Dates
12–13 February, London
16–17 April, York
23–24 July, London
3–4 September, London
27–28 November, Cardiff
IIA CPD competency areas covered
International professional practices framework
Risk & control
Course programme
The following topics will be covered:
• introduction to the course and participants expectations
• introduction to corporate governance
• characteristics of good corporate governance
• introduction to risk management
• risk management practices and principles
• introduction to internal control
• control models and frameworks
• embedding risk management
• internal audit and risk management
• risk-based internal auditing.
Book YOUR PLACE at
www.iia.org.uk/courses/cgrm
IIA/CIPFA Award in governance and risk management
(public sector)
Learn about the requirements for internal audit in
the public sector. This programme addresses the specific
context of providing assurance to central government
departments, local authorities and other organisations to
enable you to contribute to organisational effectiveness.
The current regulatory and legal requirements for
accountability, reporting and financial control will be
closely examined. You’ll also learn about management
structures and governance frameworks in which internal
audit operates.
Who should attend?
• n
ew entrants to internal audit in the public sector
• practitioners who are seconded to the internal audit team in the
public sector
• governance and risk specialists.
What will I learn?
• understand the legal and regulatory environment underpinning the
public sector and the requirements for internal audit in the public
services sector
• demonstrate knowledge of recent ethical developments in the public
sector, their underlying causes and impact on internal audit
• clarify what governance means in the public sector and knowledge
of the roles and responsibilities of those contributing towards
governance including that of internal audit
• identify the key stakeholders in the public sector and understand
how internal audit relates and interacts with them
• evaluate the effectiveness of the risk management framework in
identifying and assessing key risks and the role of internal audit in
this framework
• understand the processes in place to provide assurance that public
assets are being used wisely and appropriately.
Course programme
• introduction to the course, participants expectations and the miniaction plan
• insight into the range of legislation that can affect internal audit; the
professional standards that govern internal auditors and their work
• t he Seven Principles of Public Life; the role ethics plays in the
profession of internal auditing; dealing with ethical situations in your
role as an internal auditor
• c orporate governance framework; differences and similarities between
public and private sector governance arrangements; internal audit’s
role in corporate governance
• s takeholder analysis, influence and management; working with
internal audit stakeholders
• c oncepts of risk management; the risk management process; the role
of internal audit in risk management
• a ssurance framework and assurance mapping; internal audit’s role
in coordinated assurance.
Pre-course work
Presented by
Marian Silltow CFIIA
Duration Earn the
IACert designation
Two days
Fees
Dates
for £3460 +VAT.
See p8 for details.
8–9 April, London
18–19 November, York
Risk & control
Book YOUR PLACE at
www.iia.org.uk/courses/grm
IIA Award in the internal audit planning and
assurance framework
Understand the framework within which internal controls
and assurance are set. This award will examine the nature
of internal control and the need for assurance. You’ll
learn how internal control contributes to the success of
an organisation by focusing on the risks, the suitability
of the controls in place, the reliability of reporting and
the level of compliance. It will help you contribute to
the overall effectiveness of corporate governance and
risk management.
Who should attend?
• n
• t hose seeking an initial taster of the work of internal audit
• t hose who join or are seconded to the internal audit team from
another business area.
What will I learn?
• a ppreciate the work of the internal audit function so you can begin
to operate at an initial level of understanding
• communicate with the internal audit team and clients, using
language and technical terms, as appropriate, to the situation
and requirements
• contribute to the effective delivery of an audit assignment
through appreciation of the planning, delivery and follow through
of assignments
• demonstrate an understanding of the value internal audit can
add to business.
Pre-course work
Presented by
Liz Sandwith CFIIA
Gary Ingamells CMIIA
Duration Earn the
IACert designation
Two days
Fees
for £3460 +VAT.
See p8 for details.
Dates
23–24 April, York
29–30 July, York
12–13 November, Cardiff
Business processes & project management
Course programme
• purpose and role of internal audit
• professional framework for internal audit
• risk based audit planning
• planning an audit engagement
• documenting information
• audit testing
• audit evidence
• audit documentation
• reporting
• follow up.
Book YOUR PLACE at
www.iia.org.uk/courses/paf
IIA Award in the effective delivery of audit and assurance
Learn how to contribute to the effective delivery of
audit objectives and the improvement of the audit
function. This includes effective scheduling of audit
resources, working to key performance indicators,
providing assurance to clients and adding value to the
organisation. This award will help you to establish strong
relationships with audit clients as well as provide a better
understanding of your role in actively supporting and
implementing change.
Who should attend?
• n
• those seeking an initial taster of the work of internal audit
• those who join or are seconded to the internal audit team to assist
with a specific project because of their expertise in another area.
What will I learn?
• determine which audit services are appropriate for your clients
• manage audit assignments and resources through the use of
planning tools and techniques
• develop an effective audit monitoring programme
• use marketing techniques to promote the audit function
• work to key performance indicators that enable audit performance
to be measured and evaluated
• u
nderstand how assurance is provided to key audit clients
• o
perate effectively within a team
• m
aximise the value delivered to audit clients.
Course programme
Audit services
• authority for internal audit to act
• assurance and consultancy engagements
• challenges involved in changing from one type of audit approach
to another.
Managing audit resources
• calculating resources for the plan
• communicating your plan
• c omputer assisted audit tools and techniques (CAATTs) and how
to use them.
Effective monitoring
• m
anaging the performance of the internal audit function.
Marketing the audit function
• m
arketing internal audit services
• m
easuring marketing success.
Key performance indicators
• performance
measurements
• using
the balanced scorecard for key performance indicators
• criteria
for key performance indicators.
Assurance
• internal audit assurance on control
• providing the assurance - planning and engagements
• providing the assurance - the annual assurance statement.
Team working
• building
an effective team
• characteristics of effective teams.
Delivering maximum value
• stakeholder views on internal audit and how it adds value
• internal and external stakeholders
• internal audit and value creation
• evaluate audit engagements.
Pre-course work
Presented by
Duration
Two days
Fees
Earn the
IACert designation
for £3460 +VAT.
See p8 for details.
Dates
11–12 March, York
3–4 June, London
16–17 September, York
21–22 October, London
2–3 December, London
Managing performance
Book YOUR PLACE at
www.iia.org.uk/courses/edaa
IIA Award in interpersonal skills for audit and assurance
Most internal audit work involves dealing with other
people so interpersonal skills are essential. This involves
communicating with others, using the powers of
persuasion to influence them, or being assertive as
necessary to make a point. Negotiation and influencing
skills are crucial to achieving desired goals and building
strong relationships.
This award will show you a range of tools, techniques
and exercises to improve your interpersonal skills. It will
also help you identify the areas you need to improve.
Who should attend?
• n
• those seeking an initial taster of the work of internal audit
• t hose who join or are seconded to the internal audit team from
another business area.
What will I learn?
• u
nderstand the importance of developing and sustaining effective
business relationships
• implement the principles for effective communication, including
non-verbal communication
• develop and apply effective listening skills
• apply effective questioning strategies for dealing with challenging
situations
• develop and apply influencing skills
• apply negotiation skills to achieve positive outcomes
• manage conflict and resolve discrepancies
• develop and deliver powerful presentations.
Negotiating skills
• structure
of negotiations
• preparing
for negotiations
• win-win
and other outcomes
• golden
rules of effective negotiation
• developing
the win-win approach to negotiations.
Presentation skills
• preparing for oral presentations
• making a presentation and handling questions
• golden rules of effective presentations
• developing your presentation skills.
Pre-course work
Presented by
Rosamond Goodall CMIIA
Duration Earn the
IACert designation
Two days
Fees
for £3460 +VAT.
See p8 for details.
Dates
13–14 March, York
5–6 June, London
Course programme
There is a combination of role play and training activities aimed at
developing your communication skills in an enjoyable and relaxed
environment. The course will cover the following topics:
Effective communication
• c ommunication purposes, media, styles, results and process.
Communication
Business relationships
• effective and ineffective business relationships
• expectations of internal auditors.
Effective monitoring
• m
anaging the performance of the internal audit function.
Meeting and interviewing skills
• t ypes of meetings and interviews
• s tructure of interviews
• t ypes of questions
• c ommon problems when meeting or interviewing clients
• e
ffective questioning strategies for dealing with challenging situations
• g
olden rules of effective meetings and interviews.
Book YOUR PLACE at
www.iia.org.uk/courses/ipaa
IIA Award in information systems audit and assurance
Learn about the principal risks inherent in information
systems (IS) and the approaches used to audit them.
This award also includes an introduction to using IT as
an audit tool – computer assisted auditing tools and
techniques (CAATTs). This award will provide a good
understanding of the role played by IS in organisations
and how these systems can be managed in a way that
safeguards data security and integrity.
Pre-course work
Who should attend?
Fees
• n
ew entrants to internal audit who are aiming to develop an IT audit
skill set
• as a refresher or update for the experienced auditor or an auditor
who has returned to internal audit following time in the operational
side of the business
• specialists who join or are seconded to internal audit who need to get
up to speed quickly with contemporary IT audit practice or who wish
to move into IT auditing
• internal auditors who wish to extend the role of their audit function
to cover IS and IT systems.
What will I learn?
• extend your understanding of the principal IS and IT systems
• explain the key concepts relating to architecture and connectivity,
information systems security, disaster recovery, asset management
(including hardware software and information)
• understand the use of and impact of social engineering techniques
for an organisation
• appreciate the value to be gained from computer forensics
• understand the practical implications of the above for the IT auditor.
Presented by
John Silltow
Duration Two days
Earn the
IACert designation
Dates
for £3460 +VAT.
See p8 for details.
17–18 June, York
Information technology
Course programme
• governance
• IT strategy and direction
• management – IT job roles and key relationships
• policies and monitoring
• change control and patch management
• architecture and connectivity
• capacity planning
• asset management including hardware, software and information
• security – logical and physical, social engineering and forensics
• back-up and recovery.
Book YOUR PLACE at
www.iia.org.uk/courses/isaa
IIA Award in compliance audit and assurance
Understand the purpose of compliance auditing and
carry out such audits for a client. The award will show
you how to examine and evaluate defined activities in
order to measure their compliance with legal, regulatory
or contractual standards.
This award focuses in some detail on the methods used
for testing, gathering evidence and evaluating findings
and assurance. You’ll also learn about the importance of
client relationships as part of the process of planning and
delivering compliance audits.
Who should attend?
• n
ew entrants to a compliance role with little or no experience of
internal audit
• those who join or are seconded to a compliance role who need to get
up to speed quickly with the tools and techniques used
• t hose who work in a compliance role in their own organisation or
those who undertake compliance reviews in third party organisations,
for example, audits of third party compliance with outsourced contracts
• internal auditors with a remit to provide oversight or review a
compliance function.
What will I learn?
• u
nderstand the compliance role in relation to the three lines of
defence and in particular the differences between a compliance role
and an internal audit role
• e
xplain the broad areas of work that a compliance role can
encompass
• d
escribe a typical governance framework for the compliance role and
explain how this can work effectively for different stakeholders
• a pply appropriate techniques to the development of an annual plan
of work
• a ssess the most appropriate approaches for the monitoring of
compliance risk
• u
nderstand the tools and techniques used for assessing compliance
with laws, regulations, policies and procedures at the operational level
• d
escribe the structure and competencies required for the board
and internal and external audit to be able to place reliance on the
assurance provided by those in a compliance role.
• g
overnance structures and how they can effectively promote a
positive compliance culture including the identification, assessment
and monitoring of compliance risk, the effect of risk appetite, and risk
maturity on the way in which compliance risk is managed
• w
orking with individual stakeholders including the relationship with
regulatory bodies
• d
eveloping an annual plan of work using a risk based approach
• m
onitoring compliance activities – approaches to planning a
compliance review and the role of continuous monitoring
• t ools and techniques for testing the level of compliance to include:
– t ype of testing procedures: documentation, observation, meetings/
enquiries, reconciliation/calculation, analytics
– types of test: walk-through, compliance and substantive
– type of controls: preventive, detective and directive
• t esting programmes: writing effective audit tests using examples from
a range of compliance test programmes
• factors to consider when assessing the quality of evidence: sample
sizes and confidence levels
• writing up findings from the compliance review
• c riteria by which the quality of the assurance provided by the
compliance role is assessed.
Pre-course work
Presented by
Duration Earn the
IACert designation
Two days
Fees
for £3460 +VAT.
See p8 for details.
Dates
19–20 June, York
Course programme
• t he compliance role and responsibilities in relation to the three lines
of defence to include management (first line of defence) and internal
and external audit and regulatory bodies (third line of defence)
• t he broad areas of work encompassed by a compliance role including
designing controls for the first line of defence, working with project
teams, providing ad-hoc advice on compliance issues, monitoring
and assessing compliance with international standards, laws,
regulations, policies and procedures
Book YOUR PLACE at
www.iia.org.uk/courses/caa
IIA/CIPFA Award in audit and assurance in a changing
environment (public sector)
Learn about the issues and the strategic implications for
internal audit resulting from the significant cultural and
delivery changes occurring in the public sector. This
award will address the practical issues around auditing
third party contracts, bidding for audit and assurance
contracts, and the difficulties of working with multiple
governance frameworks within transnational operations.
Who should attend?
• n
ew entrants to internal audit in the public sector
• those with a private sector background who have joined or been
seconded to the internal audit team in the public sector
• experienced internal auditors who wish to gain an insight into the
changing environment within the public sector and its impact on
internal audit.
What will I learn?
• describe the strategic and operational changes driving the public
sector agenda
• identify the ways in which the public sector can effectively manage
its financial resources
• d
escribe the different delivery mechanisms available to the public
sector and identify the most appropriate option in a given set
of circumstances
• u
nderstand what is meant by performance management and value
for money
• d
emonstrate an awareness of what is meant by counter-fraud
and identify the types of fraud that are most likely to occur in the
public sector
• identify and make a professional response to the changes in the
public sector and address the practical audit issues arising
• identify areas of improvement for internal audit in the public sector
and describe how internal audit can effectively respond to an
improvement agenda
• p
rovide appropriate support to the process for bidding for internal
audit contracts against competitors.
• w
hat is effective performance management; criteria that need to be in
place to ensure an effective performance information system; different
types of performance measure; difference between performance
measures and targets; value for money within a performance
management system
• w
ays of managing the risk of fraud; types of anti-fraud initiatives
being implemented in the public sector; areas in the public sector
that are most vulnerable to fraud
• h
ow change initiatives affect internal audit; anti-fraud audit; contract
audit; the audit role in value for money; how internal audit can
manage the implications of multi-governance environments
• t ransformation of internal audit; how internal audit can improve;
bidding for outsource contracts.
Pre-course work
Presented by
Duration
Two days
Fees
Earn the
IACert designation
for £3460 +VAT.
See p8 for details.
Dates
10–11 April, London
Managing change
Course programme
• introduction to the course, participants expectations and the miniaction plan
• drivers for strategic change in the public sector such as innovation
and cultural change/cost reduction/use of information technology/
internal audit transformation
• different ways in which the public sector can minimise expenditure
and maximise income without damaging the primary objective of
delivering public services
• business models available in the public sector for delivering services;
advantages and disadvantages of the various options; managing
outsourced contracts; in-sourcing; commissioning services and
outcome based commissioning
Book YOUR PLACE at
www.iia.org.uk/courses/aace
Take your training further
with an IIA qualification
If you’re serious about a career in internal audit, our
qualifications will give you the skills, knowledge and
career prospects you need to achieve your goals. IIA
qualifications are seen as a mark of quality by employers
and they are stimulating, rigorous and rewarding –
just like internal audit!
IIA Diploma
Develop the comprehensive skills you need for
effective internal audit delivery
IIA Advanced Diploma
Achieve Chartered Internal Auditor status
The IIA Diploma is a stimulating postgraduate
programme that leads to the PIIA designation. It’s
the benchmark for the profession and is highly
valued by employers. This qualification will give you
a comprehensive and practical understanding of
internal audit, risk management and control, and
corporate governance. You will also learn about the
current and emerging issues facing internal audit.
If you’re already qualified in internal audit,
why not maximise your potential and raise
your profile by becoming a Chartered Internal
Auditor? Study the IIA Advanced Diploma
and you’ll master the strategic and technical
skills required to be an effective internal audit
manager. It leads to the CMIIA designation
and is the most advanced qualification for our
profession in the UK and Ireland.
How will you benefit?
As a qualified internal auditor, your career will
be enhanced by your professional status and the
recognition that comes with it. You will also be
more effective in your role and better equipped to
meet the challenges ahead as internal audit moves
into a more strategic position.
How will you benefit?
This qualification will extend and consolidate
your knowledge and skills in all aspects of internal
audit, corporate governance, risk management
and control. It will demonstrate your commitment
and expertise and help you to reach and operate
at the highest level.
Find out more at
www.iia.org.uk/diploma
Find out more at
www.iia.org.uk/chartered
Heads of internal audit – induction master class
Being a head of internal audit is both rewarding and
challenging, but if you’re new in post, it can also be
daunting. This master class will show you what it takes
to be effective in the role and maximise your chances of
success. It will focus on the challenges and opportunities
new heads of internal audit face and show how you can
make a contribution at a strategic level to improve overall
business success.
Presented by
Who should attend?
New heads of internal audit and managers who are about to be
promoted into the role.
Dates
What will I learn?
• be confident knowing what it really takes to be an effective head
of audit
• understand how to make an effective and valuable contribution at
strategic level and towards overall business success
• be clear about how your internal audit function’s role is defined
and how it fits into the ‘assurance jigsaw’ thereby affecting your key
leadership priorities
• g
ain a clear understanding of practical ways to manage key
relationships with the audit committee, senior management and peers
• review progress to date and proposed plans to identify key priorities
for you and your department to help maximise your contribution to
your organisation
• share experiences, build networks and benchmark.
Course programme
• k ey priorities for heads of internal audit
• the key ways that new heads of audit can be derailed
• a benchmarking and best practice review of risk management
practices and how internal audit might best engage with this
• a review of internal audit best practices so you can benchmark
the performance of your function
• stakeholder management
• internal audit planning
• assignment quality and productivity
• reporting in impactful ways to line management and senior
stakeholders
• working with other assurance functions
• staff management practices – team capability, performance
management, development and coaching
• developing an internal audit strategy and influencing wider risk
and governance developments in your organisation
• tips and pitfalls in managing senior executives and the audit
committee
• developing a practical, prioritised action plan.
James Paterson PIIA
Director, Risk & Assurance Insights Ltd
Duration Two days
Fees
12–13 March, London
25–26 June, York
New
in post?
Connect with people who
understand the challenges you
face and keep up to date with
important issues in risk, governance
and control. Join our Heads of the
Internal Audit Service.
Join our
network
Find out more at
www.iia.org.uk/heads
Book your place at
www.iia.org.uk/courses/heads
Successful strategies for
heads of internal audit
– a master class
Heads of internal audit face the combined challenges of
delivering organisational performance and managing
costs, whilst at the same time improving risk management,
governance and compliance. You need to work closely
with business leaders and the board. This master class will
help you to build and manage these relationships.
Who should attend?
Heads of internal audit and senior
audit managers who deal with
leaders and board members.
What will I learn?
Upon completion you will be
able to:
• learn some of the key
hallmarks of top leaders and
the typical dynamics of top
leadership meetings
• consider how to maximise your
impact and contribution at the
senior leader and board level
• explain how internal audit
adds value to key stakeholders.
Tangible outcomes will include:
• understanding the relationship
triangle between the heads of
internal audit, audit committee
members and senior managers
• examining what is valued by
key stakeholders
• recognising the tension points
that result from differing roles
and viewpoints
• r ecognising the life cycle of
relationships; induction, smooth
sailing and choppy waters
• actions and next steps.
• u
nderstanding how internal
audit is perceived
• gaining insights around
your own leadership and
influencing style
• understanding key biases and
psychological pitfalls in one to
one interactions
• understanding the way group
dynamics operate
• use of action learning
techniques to apply insights
and learning
• influencing the audit
committee, board and senior
executives.
Presented by
James Paterson PIIA, Director
Risk & Assurance Insights Ltd
Duration
One day
Fees
Dates
16 May, London
13 November, London
Course programme
• t he special relationship between
internal audit, senior executives
and the audit committee
• key influencing models
• understanding what
stakeholders value using the
Kano model
IIA CPD competency
areas covered
Book your place at
www.iia.org.uk/courses/ssmc
Successful strategies
for audit managers
– a master class
Today’s internal audit managers need to work closely with
business leaders, their head of audit, peers and their audit
teams. Stakeholder management and influencing skills are
becoming as important as managing a team. This master
class will help you build and manage these relationships.
Who should attend?
Senior audit managers who deal
with business leaders and/or
manage members of the audit
team.
What will I learn?
able to:
• r ecognise your own strengths
and development needs in
relation to managing senior
leaders, peers and members
of staff
• b
e more confident dealing
with senior leaders
• u
nderstand the challenges of
influencing peers and techniques
to use to effect change
• e
xplain how internal audit
adds value to key stakeholders.
Tangible outcomes will include:
• h
aving a clearer sense of what
stakeholders really value
• a clear plan of the relationships
that need to be improved and
in what way
• t ools and techniques to
improve staff management,
whilst maintaining morale and
empowerment
• b
eing aware of your style and
impact and the areas you need
to improve
• k nowing when to use action
learning techniques ahead of
key ‘must win’ encounters.
• u
nderstanding the common
pitfall areas for auditors when
influencing
• g
aining insights around
your own leadership and
influencing style
• u
nderstanding key biases and
psychological pitfalls in one to
one interactions
• u
nderstanding the way group
dynamics operate
• a pplying insights and
learning to leading the audit
team, influencing peers and
influencing upwards
• u
sing this knowledge to
develop your career and add
value to the business.
Presented by
Duration
One day
Fees
Dates
11 March, London
24 June, London
IIA CPD competency
areas covered
Course programme
• k ey influencing models
• u
nderstanding what
stakeholders value using the
Kano model
Managing others
Book your place at
www.iia.org.uk/courses/ssam
Leading the audit team
Motivating and leading a team of people who are under
stress is an important skill for managers. There is often a
conflict between the need to get the job done and the
needs of the people in the team. This course is designed
to cover a range of skills required for getting the most
from your audit team.
Who should attend?
Internal audit managers, audit team supervisors and anyone responsible
for leading a team or setting up a new one.
What will I learn?
Coaching skills
You will be introduced to a coaching model and practise coaching one
another on a work issue.
• h
ow to prepare and structure a meeting about underperformance
• k ey principles of giving feedback
• g
roup discussion and practical exercises on managing performance.
Managing difficult people
• recognising trigger points in others
• managing our reactions to difficult people
• dealing assertively with conflict.
• recognise different strengths within the team and yourself and plan
how to use these effectively
• adapt your leadership style so that you achieve better results with
each individual
• motivate people through a variety of methods
• coach and set goals for people
• manage performance within the team more effectively
• recognise the symptoms of stress within people and plan
remedial action
• plan the audit with the team.
The audit context
Tips and hints on managing audit teams.
Course programme
The first part of the course focuses on feedback on Belbin team roles.
Pre-work questionnaires are issued and the information is collated into
a report so that you get a clear picture of what team roles are best
suited to you. The course is very participative with individual and group
exercises, case study, role play, tutor input and discussion throughout.
Putting together the audit team
• Belbin team role feedback for each delegate
• understanding where the strengths and weaknesses may lie within
your team
• what’s different about audit teams?
• leadership styles and how to use them effectively
• the situational leadership model
• you will complete a diagnostic and identify how to use the four
different leadership styles with other team members.
Presented by
Ian Middleton MA CA CFIIA together with a MAST International
specialist trainer
Duration Two days
Fees
Dates
13–14 May, London
Managing others
Motivation
• recognising different motivational patterns in yourself and others
• working with different motivational triggers to improve performance.
Case study
This is based on an audit assignment. You will select the appropriate
team and discuss the potential pitfalls of an audit.
Managing stress
Using HSE guidelines, you will work on the key factors which create
stress in the workplace and learn how to mitigate that stress. The
emphasis is on helping team members to support one another during
stressful work periods.
Book YOUR PLACE at
www.iia.org.uk/courses/lat
The internal auditor’s guide to strategic thinking
More and more organisations are teaching their key
people to think strategically. This makes for more
efficient planning, smoother transitions in the time of
change and fewer insoluble problems. This course will
show you the techniques and set you on the road to
efficient and clever strategic thinking.
Who should attend?
Heads of internal audit, senior internal audit managers and directors of
risk management.
What will I learn?
• understand the techniques required to think strategically
• think your way through to innovative solutions
• work with your own preferred mind pattern
• get out of your present thinking box
• find the way forward in even the trickiest situation
• apply the concept of strategic intent and evaluate its appropriateness
in your department
• prepare a competitive analysis of your department with
recommendations for strategic development
• evaluate your own organisation and your department in terms of its
core competencies
• build a strategic plan for your section or department.
Course programme
Downboard thinking. Life can be like a game of chess
• one move ahead is not enough
• e
nvision the future – how to be a futurist
• d
iscover opportunities behind obstacles – explore patterns
of behaviour.
Creative and critical thinking
• how to think outside the box
• techniques to reveal your creative mind.
Checklist for creating a strategy
• objectives
• SWOT
• scenarios, targets and allies
• tactics and timing.
Presented by
Judy Fuggle, Jane Allan & Associates
Duration
One day
Fees
Dates
16 April, London
We will tailor the course content to the sectors represented in the room.
Please bring some examples of situations with you to work through in
your group.
16 September, London
Understand yourself and your thought processes
• the upper level thinking skills
• y our personal thinking capacities
• establish your strategic perspective.
The five criteria for strategic thinking
• organisation
• observation
• views
• driving forces
• ideal position.
Join our heads
of internal
audit network
Book your place at
www.iia.org.uk/courses/gst
If you work at a senior level, why not consider joining our
Heads of Internal Audit Service? This is a knowledge-sharing
and networking group that will connect you with people
who understand the
Find out more at
challenges you face.
www.iia.org.uk/heads
An introduction to internal auditing
As a result of emerging corporate governance requirements
the profile of internal audit has reached an all-time high.
If you are about to become involved in internal audit you
need to be familiar with the fundamental requirements
of the role. This practical course will guide you through
the principles and techniques of internal auditing to help
you plan and perform audit work in line with the latest
standardsand best practice.
Interviewing techniques
• t ypes of interview and their essential features
• use of questions, body language and note taking.
Who should attend?
Computer audit (an overview)
• t he generalist and computer auditor
• o
rganisation of computer audit
• c omputer audit techniques.
New entrants to internal audit and those who have limited experience,
as well as anyone returning to the function and in need of a refresher.
What will I learn?
• u
nderstand the organisation, planning and control of internal auditing
• relate to the current philosophy and practice
• realise and manage the behavioural implications of internal auditing
• appreciate the essential techniques to be used.
Course programme
The challenging world of internal audit
• the purpose, potential and change
• principles of internal audit
• current International Standards for the Professional Practice
of Internal Auditing.
Internal audit relationships
• management expectations
• image of internal audit
• behavioural reactions
• building relationships
• external audit.
Fraud and the internal auditor
• what is fraud?
• why involve internal audit?
• police implications
• fraud investigations.
Planning internal audit work
• the audit charter and universe
• risk assessment and risk based internal audit
• strategic, annual and assignment plans.
Risk management, corporate governance and control evaluation
• definitions
• internal control and COSO
• systems, risk and control objectives
• types of controls
• evaluation techniques and documentation.
Testing, sampling and working papers
• problems for internal auditors
• effects on auditees
• a testing framework and gathering evidence
• a working paper strategy.
Internal audit reporting
• s tyle and structure
• m
arshalling information
• w
ord choices and grammar implications.
Quality assurance of internal audit
• qualitative aspects
• performance measures
• quality standards.
Presented by
Graham Westwood FCCA CPFA FIIA
Duration Three-day residential course
Fees
This includes course materials, two nights accommodation and meals
and refreshments throughout.
Dates:
4–6 March, Surrey
13–15 May, Dublin
17–19 June, Surrey
15–17 July, York
9–11 September, Surrey
7–9 October, York
4–6 November, Surrey
2–4 December, York
Risk & control
Book YOUR PLACE at
www.iia.org.uk/courses/iia
Audit report writing
Ultimate persuasion
techniques
Internal auditors have to create reports that are clear,
logical and convincing. Writing compelling content requires
correct presentation and sequencing of observations and
findings. This introduction to audit report writing will show
you how to produce reports that have an impact and add
value to your organisation.
The power of persuasion enables smooth transition to better
methods and risk-limiting outcomes. In short, internal auditors
cannot afford to lose the argument. This course will teach you
effective persuasion techniques; bring examples of situations
you face at work and you’ll take away solutions to tackle them.
Who should attend?
The course is suitable for everyone
– particularly those who work
with the stubborn, the unwilling
and the downright difficult.
The course is open to everyone but
is most suited to those with little or
no report writing experience.
What will I learn?
able to:
• write a report using
information that meets target
audiences’ requirements
• d
eploy a structure for writing up
observations that maximise
acceptance of the audit viewpoint
• apply strategies to maximise
conciseness and improve
readability.
The course is accompanied by an
indexed manual that includes full
course text, examples, and
strategies for use in audit report
writing on return to work. Please
note, the course does not teach
spelling or grammar – that
knowledge is assumed.
Course programme
Introduction
• good and bad reporting
• take care of what’s important!
Audience and framework:
empathy with your audience
• the target audience
• structure of audit reports
• style expectations
• amount of detail
• action plans
• process enhancements
• corrective action taken during
the audit
• integrating writing into the
audit process – synergy
• t he universal five Cs approach
for recording issues: condition,
criterion or comparator, cause,
consequence and conclusion
• co-operative conclusions
• prioritisation of recommendations
• layout of observations in reports
• q
uality check on detailed findings.
Executive summaries
• top level information
• audit and scope statements
• introductions in executive
summaries
• audit opinions.
Conciseness, preciseness
and readability
• phrasing, jargon, spelling
and structure.
Presented by
Stan Dormer CFIIA
MindGrove Ltd
Duration
One day
Fees
Dates
26 February, London
11 June, London
3 December, London
IIA CPD competency
areas covered
Communication
Book YOUR PLACE at
www.iia.org.uk/courses/arw
Who should attend?
What will I learn?
able to:
• influence all types of individual
• u
nderstand why some people
are more difficult than others to
persuade and still persuade them
• u
se your behaviour to help
others accept your ideas
• u
nderstand how to build very
high levels of rapport
• b
uild a permanent
commitment to any changes
you introduce.
Course programme
Influencing skills audit
• a ssertion, expertise, political
acumen through preparation
• e
ffective presentations, client
centred.
People
• u
nderstanding the human
psyche
• the hidden effect you can have
• behaviour breeds behaviour
• how to make sure you use your
own behaviour wisely and that
no one takes advantage of you.
Emotional intelligence
• u
nderstand the impact of your
emotional intelligence
• u
se it to influence colleagues,
customers and family alike
• h
ow do your filters work? Are
they helping or hindering?
The power of body talk
• u
sing your body talk to
influence
• choosing the words with care.
OK, influence me
• r ole plays to help you practise
your new skills.
Permanent commitment
• how to ensure lasting influence
• get real not token agreement
• see it past the new toy stage.
Before attending the workshop
you will be asked to complete a
questionnaire to help you think
about your approach to those
you seek to influence.
Presented by
Judy Fuggle, Jane Allen
Associates
Duration
One day
Fees
Dates
3 April, London
4 September, London
IIA CPD competency
areas covered
Communication
Book YOUR PLACE at
www.iia.org.uk/courses/upt
Techniques for effective testing
Testing can be a very time consuming part of the internal
audit process and it often becomes more complex than
first thought. This course will help you design testing
activities that are efficient, effective and appropriate to
each situation. You’ll learn to focus on clear objectives
throughout the testing process and use this to produce
sound conclusions that are more likely to be accepted
by management.
Who should attend?
Internal auditors responsible for the design or performance of internal
audit testing.
What will I learn?
• appreciate the role of testing within the context of the internal
audit process
• design tests focused on achieving test objectives and meeting
assurance requirements
• select and apply sampling techniques that will help to ensure test
objectives are achieved
• appreciate the different ways in which a range of Computer
Assisted Audit Tools and Techniques (CAATTs) can be used to
support testing activities
• conduct tests and document test results in a manner that will help
to ensure accuracy, efficiency, integrity and confidentiality
• interpret test results and develop conclusions that are supportable
with appropriate evidence
• present test results to management in a manner that will contribute
to obtaining agreement on any actions that may be required
• understand how to develop and preserve relationships whilst
maintaining high ethical standards.
Sampling
• s ampling methods and techniques
• deciding sample sizes.
Computer Assisted Audit Tools and Techniques (CAATTs)
• different types of CAATTs and their uses
• how to use CAATTs effectively.
Drawing conclusions
• extracting
meaningful information from test results
• understanding and using evidence
• presenting test results to management.
Human factors
• o
btaining agreement
• m
anaging relationships
• m
aintaining ethical standards.
Presented by
Duration Two days
Fees
Dates
10–11 June, Dublin
Course programme
This highly interactive course features lots of practical exercises. A series
of examples will demonstrate the practical application of the theoretical
aspects covered. The following topics will be explored:
Risk & control
Test objectives
• the role of testing within the context of the internal audit process
• defining test objectives
• levels and types of assurance.
Designing and conducting tests
• types of test - linked to assurance
• tools and techniques used in testing
• efficient documentation.
Book YOUR PLACE at
www.iia.org.uk/courses/tet
A practical guide to evaluating risks and controls
There are many theoretical models and frameworks
to guide the development and review of effective risk
management and internal control processes. The challenge
for internal auditors is how to put them to good use.
This course will help you apply theoretical knowledge to
practical situations. It will also make you more confident in
the definition of risks and controls and therefore improve
the effectiveness of your internal audit work.
Evaluating controls
• u
nderstanding the full range of controls
• u
sing control models to identify controls
• t he role of monitoring controls
• e
valuating controls within the context of control models.
Who should attend?
Analysing internal audit results
• interpreting
the results of internal audit work
• putting findings within a business context
• use of control models in the formulation of recommendations.
Internal auditors who want to improve their processes and learn
how theoretical models and frameworks can be applied to their
everyday work.
What will I learn?
• a pply risk and control frameworks to a range of internal audit processes
• work with management at all levels to identify and understand
key risks and controls
• define risks and controls in a manner that will help provide the
correct focus for the internal audit work
• u
se risk and control models to evaluate controls/other risk
mitigation strategies
• appreciate the role of monitoring within risk and control frameworks
• use risk and control models to design tests, interpret results, put
findings in a business context and formulate useful recommendations
• feel confident when discussing risks and controls with management
at all levels
• use appropriate terminology related to risks and controls.
Testing with a clear purpose
• t he use of risk and control models in test design
• t esting within the context of risks and controls.
Providing assurance
• g
etting the message across
• p
roviding assurance within the context of risk and control frameworks.
Managing relationships
• h
ow to work effectively with management at each stage of the
audit process.
Consulting engagements
• a pplying risk and control models in consulting assignments.
Presented by
Duration Two days
Course programme
Fees
This practical and interactive course guides delegates through
the application of theory to internal audit processes covering the
following topics:
Risk management
• key stages of risk management
• applying risk management frameworks to internal audit processes
• making effective use of the output from risk management systems.
Understanding risk
• identifying and clarifying risks
• the difference between risks and issues
• how to distinguish between business risks, process risks, and
control risks
• describing risks in an effective manner.
Dates
21–22 May, Dublin
Risk & control
Book YOUR PLACE at
www.iia.org.uk/courses/erc
NE
W
Keeping up with
technology – better
governance and control
High-profile technology issues always seem to be in the
news – a business being hacked, a company being fined over
data protection breaches, or somebody coming to harm
because of bad data. This course will help you understand IT
governance and the architecture of IT controls so that you can
review the technology practices in your organisation.
Who should attend?
This course is open to all.
What will I learn?
able to:
• review the six major principles
of IT governance within your
own organisation
• c heck whether your organisation
is working within the standards
• understand the difference
between ad-hoc control
structures and IT controls
designed for the purpose.
Course programme
What’s in the news?
The problems stemming from
security breaches, poor data
control and non-compliance.
Governance
• accountability of IT operations
and services
• in house/outsourced services
• strategic planning for IT
• acquisition of IT
• performance of IT
• what the law demands
• IT – success, failure and the
human factor.
Driven by standards
• standards for governance,
operations, development,
security and recovery.
Development of IT controls –
an architect’s approach
• plan controls to match
requirements
• mapping the objectives
to operational processes
• threat and risk analysis
• d
riving the analysis down
to detail
• w
hat control services are
needed to deal with threats?
• c hoosing the balance – how
effective must the control
service be – what are we
prepared to pay?
• c an we combine controls –
streamline – optimise?
• d
o we want to constrain the
user – inform management –
or both?
• o
rganisation and sequencing
of control elements for
maximum efficiency
• o
perational variance triggers
and continuous monitoring of
active controls.
Presented by
Stan Dormer CFIIA
MindGrove Ltd
Duration
One day
Fees
IIA member £475 + VAT
Non-member £675 + VAT
Dates
6 June, London
21 November, London
IIA CPD competency
areas covered
International professional
practices framework
Risk & control
Book YOUR PLACE at
www.iia.org.uk/courses/kut
Using Visio to create
process maps
NE
W
Internal auditors often struggle to produce useful process
maps with Visio. If you find the programme difficult to use –
or you’ve given up trying – then this course is for you. It will
show you tips and techniques to speed up Visio mapping
so you can make better use of the programme during the
planning phase of a review.
Who should attend?
What will I learn?
After completion you will be
able to:
• d
raw Visio process maps
quickly
• o
rganise your process map to
convey maximum information
• b
uild your own rapid shapes to
automate drawing processes
• capture your result in MS Word
to enhance an audit report.
The course is accompanied by a
manual that contains full course
text and useful guidance and a
CD/DVD of practice data. Each
delegate must bring a laptop to
the course with MS Office Visio
2007 (or later).
Course programme
Working with Visio
• c reate new (blank) drawing
• s et up page options as
required
• fl
oating palettes and other
useful features
• a uto-hide
• b
asic tools and operations
• s hapes and stencils
• c opy and paste – four ways
• s peeding up drawings auto
connect
• d
ynamic snapping
• s howing risk and controls on
plan – setting the standard
• t aming text
• legends and callouts
• m
ultipage and multilevel
drawings
• c reating primitives and editing
shape sets
• m
aking Visio calculate!
• c opy and paste whole drawing
– paste to and from other
applications
• s hort cut keys for Visio.
Presented by
Stan Dormer CFIIA
MindGrove Ltd
Duration
One day
Fees
Dates
2 April, London
1 October, London
IIA CPD competency
areas covered
Communication
Business processes & project
management
Book YOUR PLACE at
www.iia.org.uk/courses/vpm
Process thinking for internal auditors
This course uses analytical strategies and visualisation
techniques to help locate inefficiencies, unnecessary
complexity and risks within a process. It will develop
your process skills and help you improve the value and
business-relevance of your work. The course is led by the
creators of the technique.
Who should attend?
What will I learn?
Delegates will spend most of their time learning through practical
examples.
• appreciate how process thinking incorporated within the audit
process generates more business-like audit results
• understand the characteristics of process chains and see how these
generate value for organisations, for customers and clients and how
processes can generate or suppress risk
• deploy a range of new techniques to help improve the evaluation of
processes and controls
• perform low-impact process modelling to contribute quantitative and
qualitative value to audit observations and conclusions.
The course is accompanied by a manual that contains full course text
and examples. A demonstration version of a process modelling tool will
also be made available to delegates.
Course programme
The auditor and process thinking
• the process thinking auditor uses new ways to communicate and
embraces ideas for process improvement
• LEAN and Kaizen
• adding value – process thinking – appropriate roles and strategies.
Process thinking further strategies
• e
xploring risk from process models using a step by step approach
• m
ake sure you ask the right questions
• d
ocument service and risk attributes to help analyse hand-off risk
• m
ap elements of complex interview narrative notes
• u
se an architectural view to understand the strength of controls
• fi
nd points at risk and suggest controls
• s wim lanes
• s how roles and segregation
• u
se a model to define minimum segregation zones within processes
• s how the point at risk by using visual pointers
• improve the control chain
• p
ractice on something you understand to gain confidence
• low impact adoption into audit processes.
Presented by
Stan Dormer CFIIA, MindGrove Ltd
Duration Two days
Fees
Using Visio to
create process maps
(see opposite) would be
a useful precursor to
this course.
Dates
3–4 April, London
Beginning at the beginning
• process chains and value
• matters influencing perceived value
• damaging value by failing to control risk
• the five places that should be scrutinised for risk in process chains
• process optimisation - disintermediation
• create flow – data capture
• create flow – sequence
• create flow – adding extra value
• create flow – serial and parallel activities
• create flow – time cycle.
Process thinking strategies
• use process maps to document risk and control
• use process maps to reduce having to write and store so much text
• visualisation: draw a map of organisational objectives
• activity cost resourcing – process quantification
• use activity cost comparisons to determine optimum flow
• calculate the cost of control.
Book YOUR PLACE at
www.iia.org.uk/courses/pt
Putting Office to better use – CAATs
Internal auditors often use only a fraction of the
capability of the software that sits on their PC. This
course will show you how to get the most out of Excel,
Word and Access. You’ll learn tips and tricks that will
speed up your audit work, particularly in the fieldwork
and testing phase of a review.
Who should attend?
What will I learn?
• check up to 100% of the data available to you electronically
• put the most vital components of Office to use in the most
efficient manner
• interoperate between different Office applications
• polish your results in Word to create a great looking report.
The course is accompanied by a manual that contains full course text
and a CD/DVD of practice data. Each delegate must bring a laptop to
the course with MS Office 2007 (or later).
Course programme
Working with Access
• a new database
• choose
data to import
• exporting
the data, or any access table
• how
to run queries to produce audit reports
• produce
the report
• calculated
fields and testing
• using
expression builder.
Working with Word
• s etting up options – once and for all
• adding special symbols
• styles
• take control of pasting
• alter formatting quickly
• indexing – references – citations
• foot notes and end notes
• white space and paragraphs
• tables
• images and picture positioning
• using the clipboard and the spike.
Control effectiveness and testing
• interrogation tools, query languages and free standing
audit packages
• substantive testing
• compliance testing.
Presented by
Working with Excel
• checking data integrity in spread sheets
• trace cells and show and watch calculations
• re-performance and virtual calculations
• excel statistics
• filtering and stratification
• pivot tables and slicers
• sortation
• using colour, icons and thematic schemes
• data integrity and validity checking
• find unique and duplicated records
• pivot tables
• data import from usual and unusual sources
• creating charts for export.
Fees
Using queries
• connecting with external data
• creating a query
• tables and fields
• criteria and limitations
• sorting results
• save query for re-use
• exporting / importing and polishing results.
Duration Two days
Dates
6–7 November, London
Data collection & analysis
Book YOUR PLACE at
www.iia.org.uk/courses/off
NE
W
PowerPoint for
meetings and reports
NE
W
Internal audit teams often use PowerPoint to produce
their audit reports and most people use it to create
presentations. However you use it, the chances are,
you’re not realising the potential of this powerful tool.
This course will show you all the useful functionality you
need to create effective reports and present your findings
after a review.
Who should attend?
What will I learn?
able to:
• design PowerPoint
presentations that
communicate, are aesthetically
pleasing and convey
professionalism
• organise your slides to convey
maximum information
• build your own rapid themes
to help automate the slide
building process
• use features to enhance your
audit reporting.
The course is accompanied by a
manual that contains full course
text and a CD/DVD of practice
data. Each delegate must bring a
laptop to the course with MS
Office 2007 (or later).
Course programme
• w
hy use PowerPoint for an
audit report?
• using colour, text and thematic
schemes that semi-automate
slide production
• creating an aesthetically
pleasing composition
• emphasising a key issue –
the judicious use of images
• controlling data displayed –
using optional slide pathways
to deal with different audience
reactions
• hiding slides
• r evealing data through mouseover and action buttons –
controlling disclosure
• bringing in comparator data –
importing tables and data from
other sources
• where silence is not enough –
moving images or sound
• interacting with your slides –
creating a natural direction for
your presentation
• support your presentation –
hand-outs and slide notes
• being careful with meta-data –
what you don’t want published.
Presented by
Stan Dormer CFIIA,
MindGrove Ltd
Duration
One day
Fees
Dates
5 June, London
20 November, London
IIA CPD competency
areas covered
Communication
Join the IIA
As a member you’ll save money
on our courses.
That’s one good reason to join,
and here are five other ways you’ll
benefit from membership:
1.Access exclusive technical resources
– detailed guidance, help sheets and
checklists that will help you perform
your role.
2.Contact the technical team direct to get
personalised advice: no problem too
small, no challenge too big!
3.Receive Audit & Risk magazine six times
a year: read about the knowledge,
trends and people
shaping our profession.
4.
Take part in our free
member-only webinars
and save money on
events, seminars and
conferences.
5.Help shape the profession
– we represent members’
views with policy-makers,
regulators, business leaders
and the media.
Find out more at
Book YOUR PLACE at
www.iia.org.uk/courses/ppt
www.iia.org.uk/join
RISK AND AUDIT
RISK AND AUDIT
Risk based internal auditing
– a practitioner’s course
Risk based internal auditing (RBIA) is a methodology
that enables internal audit to assess the adequacy of
the assurance framework and the reliability of assurance
sources. This course will give you the ability to apply RBIA
to audit assignments and assurance reporting.
Who should attend?
All internal auditors who provide
assurance on control and
management of business risk.
What will I learn?
able to:
• link the organisation’s risk
management framework to
each stage of RBIA
• r ecognise the elements that
contribute towards the risk
maturity of an organisation
• u
nderstand how internal audit
fits into the wider assurance
framework
• p
lan, deliver and report on
audit assignments using RBIA
• c onsider the skills and
competencies required to
deliver RBIA.
Risk based internal audit
assignments
• assignment planning
• developing the internal
audit scope
• linking objectives, risks
and controls.
Delivering assurance
• t he role of management
• t esting and evidence – how far
do you go?
• t he concept of risk appetite
and agreed action
• b
ehaviours and competency.
Presented by
Stephen Maycock CFIIA CRMA
CIRM
Duration
One day
Course programme
Fees
What is RBIA and what does
it mean in practice?
• o
verview of principles and
guidance
• t hree stages of RBIA
• d
riving forces for change.
IIA member £475 + VAT
Non-member £675 + VAT
Providing assurance on
risk management
• s ources of assurance to
the board
• what does good risk
management look and
feel like?
• the risk maturity continuum
and its impact on the internal
audit approach.
Dates
7 May, York
25 November, London
IIA CPD competency
areas covered
practices framework
Risk & control
Book YOUR PLACE at
www.iia.org.uk/courses/rbpc
Assurance mapping – a
practitioner’s workshop
An assurance map (AMAP) is a tool to ensure key risks
are assured across your organisation – driving out gaps
and overlaps in the assurance jigsaw. The idea seems
straightforward but there are many stories of lengthy,
complex and incomplete assurance mapping efforts. This
workshop will give you a thorough understanding of the
principles and practical application of AMAPs.
Who should attend?
Head of internal audit and internal
audit managers.
What will I learn?
able to:
• d
eliver AMAPs in a timely and
cost effective way, with clear
benefits for key stakeholders
• s ave time and effort in terms of
delivering AMAPs with internal
resources, or managing the
efforts of others
• r ecognise the key components
of an effective assurance map
• a ssess your current efforts and
plans to deliver an assurance
map so that you can avoid
the common pitfalls and
difficulties, including important
lessons concerning the scope
of an assurance map and key
stakeholders to engage
• b
uild a realistic business
case for an assurance map,
including likely ‘quick wins’
• p
rioritise your current efforts
and understand future
opportunities, including
assurance scorecards and
synergy opportunities.
• c ase studies – financial
controls, compliance, projects,
streamlined board reporting
• frameworks for improving the
co-ordination between audit
and assurance providers
• h
ow assurance mapping can
support synergy reviews
• implications of an assurance
approach for audit planning
and assignments
• r eview of progress / plans in
your organisation and insights
on key areas to prioritise.
Presented by
Duration
One day
Fees
Dates
13 February, London
13 May, York
14 November, London
Course programme
• IIA and other definitions of an
assurance map
• t he different assurance maps
and their benefits
• a framework for progressing
with assurance maps
• t he common pitfalls
IIA CPD competency
areas covered
practices framework
Quality & control
Book YOUR PLACE at
www.iia.org.uk/courses/ampw
RISK AND AUDIT
Risk based internal auditing – an audit management course
Risk based internal auditing (RBIA) is a methodology that
enables internal audit to assess the adequacy of the
assurance framework and the reliability of assurance
sources. It requires internal audit to be strategically and
operationally linked to the business risk and assurance
frameworks. New skills are required to implement RBIA
effectively and this course will provide comprehensive
training on applying the methodology.
Who should attend?
Heads of internal audit and senior internal auditors involved in planning
and providing assurance on control and management of business risk.
What will I learn?
• apply the key concepts of RBIA to your organisation
• link the organisation’s risk management framework to each stage
of RBIA
• determine risk maturity and apply the relevant approach
• understand how internal audit fits into your organisation’s assurance
framework and undertake an assurance mapping exercise
• produce a RBIA plan
• apply a risk based methodology to internal audit assignments
• provide meaningful assurance statements to your audit committee
and board.
Course programme
This course will provide you with practical examples and case studies
on the application of RBIA. The following topics will be covered:
Environment
• driving forces for a risk based approach
• overview of current guidance – RBIA stages
• meeting board/audit committee requirements.
Assurance framework
• sources of assurance to the board
• mapping assurance sources
• reviewing the adequacy of assurance
• linking the internal audit plan into the assurance framework.
Risk based internal audit planning
• internal audit planning case study
• mapping risks, processes, business units and assurance
• p
rioritising the focus of assurance (or what to audit with
limited resources)
• understanding the concept of risk appetite
• the involvement of management in the internal audit plan.
Risk based assignment planning and reporting
• d
etermining the assignment scope
• m
onitoring controls - the management role
• r eporting conclusions and agreeing action - a new approach.
Reporting on risk and control
• assurance statements from internal audit
• making assurance statements meaningful and useful.
Challenges to successful implementation
• p
ractical problem solving to provide solutions to your barriers.
Presented by
Duration Two days
Fees
Dates
14–15 October, York
Risk & control
Risk management and maturity
• what does good risk management look and feel like?
• forming risk maturity opinions – where does your organisation sit
on the risk maturity continuum?
Book YOUR PLACE at
www.iia.org.uk/courses/rbam
RISK AND AUDIT
Auditing enterprise-wide risk management (ERM)
Many organisations have been developing and
implementing enterprise-wide risk management (ERM)
processes, often in response to more demanding
governance requirements. This usually results in a major
shift in the focus of the assurance requirements of the
board. Internal auditors must be able to respond by
providing holistic assurance over the effectiveness of the
whole ERM framework. This course will help you audit
ERM processes to meet the board’s requirements.
Conducting an audit of ERM
• r eviewing the design and operation of each component of
the ERM framework
• obtaining the perceptions of management
• using ERM outputs to inform the evaluation.
Who should attend?
Presented by
• h
eads of internal audit and senior auditors who have responsibility for
providing assurance over developing or established ERM processes
• internal auditors who may need to review the operation of risk
management processes within individual functions, departments
or units
• this course will also be of interest to risk managers and others seeking
guidance on how to review and conclude on the effectiveness of
ERM processes.
What will I learn?
Dates
• describe the essential components of ERM
• recognise the key characteristics that contribute towards
effective ERM
• draw upon a range of techniques for reviewing ERM
• evaluate the effectiveness of the design and operation of the different
components of an ERM framework
• consider the methods for assessing the operation of ERM at different
levels of the organisation
• assess the overall effectiveness of ERM
• advise management on ways to enhance the effectiveness of
the design and operation of the organisation’s ERM framework
and processes
• present the results of an ERM review in a meaningful way to help
drive improvements within the organisation.
Concluding on the effectiveness of ERM
• drawing
conclusions on each element of the ERM framework
• providing
assurance – presenting results in a clear manner
• agreeing
the way forward – a catalyst for continuous improvement.
Duration Two days
Fees
Risk & control
Course programme
The entire process of auditing an ERM system will be covered:
The essentials of ERM
• key components of ERM
• good practice models
• characteristics of effective ERM.
Planning an audit of ERM
• identifying useful inputs for planning
• drawing on good practice models
• using a range of approaches for reviewing ERM.
Book YOUR PLACE at
www.iia.org.uk/courses/aerm
Lean auditing – delivering
added value
Auditing fraud risk – a
practitioner’s action plan
Lean auditing refers to the use of ‘lean’ principles to
streamline internal audit activities. Lean provides tools
and techniques to eliminate waste, maximise impact
and add value – a key objective for many internal audit
functions. This course will show you how to apply
lean methodology.
Internal auditors are expected to provide assurance over
their organisation’s fraud risk management and control
infrastructure. They must also be able to react to the
rapidly changing business environment and emerging
risks. This course will help you address fraud risk
management and provide assurance in this key area.
Who should attend?
Who should attend?
Heads of internal audit, internal
audit managers and experienced
audit staff.
What will I learn?
able to:
• apply lean tools and
techniques to make your
internal audit efforts more
streamlined and joined up
• develop greater insights into
the key stakeholders of audit,
what they need to add value
and practical, proven,
techniques that drive efficiency
• have a clearer sense of how
lean your audit function is
compared to others
• develop a practical, step-bystep route map of the key
areas to focus on to add value
and improve efficiency.
Course programme
• t he background to lean and
why it is such a powerful
methodology for driving value
add and efficiency
• developing a value added
approach to the audit planning
process
• developing practical insights
into what does and does not
add value to the key
stakeholders of audit and
practical ways to manage
different views
• how to create assignment
plans that focus on value add
• d
riving audit assignments in
a lean way, including ways
to streamline testing and
reporting, how to leverage
existing business, compliance
assurance processes and
activities
• p
ractical advice concerning
audit and data analytic tools
• k ey performance indicators for
internal audit that properly
capture value add and avoid
unnecessary work
• o
ther working practices in the
audit team that can maximise
its productivity and impact.
Presented by
Duration
One day
Fees
Internal auditors, risk managers
and anyone who needs to
understand auditing fraud risk.
What will I learn?
able to:
• u
nderstand the warning signs
of fraud
• identify potential fraud
vulnerabilities and exposures
• d
evelop an effective fraud
audit programme
• p
rovide informative audit
reports to management on
fraud risk.
Martin Robinson CFIIA FCIS AFA
Education and training consultant
at Fraud Advisory Panel
One day
IIA CPD competency
areas covered
www.iia.org.uk/courses/ladv
Presented by
Duration
Understanding the human
dimension
• r ecruitment policies, training
and awareness.
Book YOUR PLACE at
Developing a robust audit
programme and checklist
• a uditing fraud at strategic and
operational levels.
Fraud and the role of the
internal auditor
• t he current fraud and
cybercrime landscape
• identifying and auditing key
fraud risks.
7 March, London
1 July, York
6 November, London
Business processes & project
management
Cyber, IT and data
• identifying your intellectual
property and sensitive data.
Course programme
Hallmarks of an effective antifraud strategy
• fraud prevention and detection
policies, tools and techniques
• r esponse planning and
investigations.
Dates
Procurement and outsourcing
• fraud, bribery and corruption
risks in the procurement
lifecycle.
Fees
Dates
26 February, London
26 June, London
28 October, London
IIA CPD competency
areas covered
Quality & control
Finance, payroll and expense
management
• d
iscovering fraud and
manipulation in your financial
systems.
Book YOUR PLACE at
www.iia.org.uk/courses/afr
Value for money (VFM) / performance auditing
Organisations are increasingly facing performance
challenges driven by the need for greater economy and
efficiency. VFM auditing can review performance in this
area but few internal auditors have in-depth experience
of the methodology. This practical course will show you
how to apply VFM techniques to your business.
Who should attend?
What will I learn?
• explain the nature and purpose of VFM / performance auditing
• plan and conduct a VFM / performance audit
• form an opinion on the economy, efficiency and effectiveness
of a system
• produce compelling VFM / performance audit reports.
This course will be accompanied by a training manual containing full
course text, examples and practical advice.
Course programme
The audit paradigm
• what is VFM and performance auditing?
• the VFM and performance auditor
• a detailed insight into processes
• organisational drivers and objectives – the notion of a cascading
framework of defined objectives
• the specific challenges of VFM.
Economy, efficiency and effectiveness
• economy and efficiency – and intertwining the two
• effectiveness – measuring before and after
• goal and outcome achievement – side effects
• relating VFM results to other prescribed forms of metrics.
Executing the VFM / performance audit
• s etting and assigning audit metrics
• c onducting the audit
• issues that must be considered in the fieldwork phase
• c ommunication during the audit and quality assurance of the results.
Reporting on the VFM / performance audit
• h
ow to gain maximum attention and impact
• d
raft reports
• r eport structure
• d
istribution of the report
• follow up to the audit.
Presented by
Duration Two days
Fees
Dates
15–16 May, London
Risk & control
Initiating and planning the VFM / performance audit
• audit charter and audit mandate
• evidence and repeatability
• key steps in the auditing cycle
• a risk based approach: a model framework
• special planning considerations
• VFM and performance audit proposals
• performance audit scope
• integration of audits.
Book YOUR PLACE at
www.iia.org.uk/courses/vmpa
Auditing projects, project management and project risk
Success or failure of a project can have a significant
impact on an organisation’s reputation, business
performance and the confidence of its stakeholders.
Failure to deliver a project on time, within budget and
to specification poses a major threat to an organisation’s
strategic direction and financial viability. This course
provides an introduction to the subject of projects and
project risk.
Hidden dependencies
• controlling additional costs and time penalties
• plan reassessment
• auditing mid-stage projects.
Who should attend?
Testing, acceptance and rollout
• late project corrections
• testing and acceptance
• rollout.
What will I learn?
• identify the critical differences between programmes and projects
• review the roles and services that support programmes and projects
• evaluate the interplay between risk, cost and time in projects
• understand the world of project decision making
• plan for project and programme audits using realistic engagement
strategies
• execute a variety of project audits at the beginning, middle and
end stages of project and programmes.
The course is accompanied by an extensive indexed manual that
contains full course text, examples and a customisable project risk
check list.
Course programme
• key players and roles
• project management methods
• project diversity – different project types.
Managing successful projects and programmes
• how projects and programmes put organisations at risk
• the auditor’s involvement in projects – a practical working framework.
First steps
• how projects are initiated
• how to assess initial project risk
• factoring in complexity.
Planning
• good and bad business cases: the tangible and intangible;
costs and benefits
• project plans: the good and the bad
• key performance targets, critical success factors and indicators
• auditing project plans.
Documentation, change and quality
• change management
• quality management
• auditing late-stage projects.
Benefits and outcomes
• checking on benefits and outcomes
• deciding on project contributions
• measuring success and failure
• post project reviews and lessons extraction
• post implementation audits.
Presented by
Duration Two days
Fees
Dates
12–13 June, London
Teams, metrics and money
• people and risk factors associated with pace and stress
• communication and quality issues
• auditing project teams.
Book YOUR PLACE at
www.iia.org.uk/courses/appr
Auditing contracts, outsourcing and procurement
In the news you’ll often see organisations being criticised
for their inept handling of high profile contracts. Not
surprisingly, when a business decides to outsource an
operation, the uncertainties over cost and quality are a
major worry. This course navigates you through the key
risks that result from your organisation engaging in
contracts, procurement or outsourcing.
Who should attend?
What will I learn?
After completion you will be able to:
• be able to audit a contract or an outsourcing contract
• be able to evaluate procurement tendering
• appreciate how creating the right contract avoids many of the pitfalls
associated with contracting.
The course is accompanied by a manual that contains full course
text and useful work programmes for contract, outsourcing and
procurement audits.
Course programme
Creating the right contract and the audit of contracts generally
• reviewing a contract
• due diligence
• term, duration and penalties for early termination
• invalidity of terms and conditions
• survivorship – matters that continue after the contract terminates
• assets
• main contractors and sub-contractors
• warranties and performance bonds
• fees and costs, price limitations, ceilings and movements
• invoicing and payment, overpayments, underpayments
• contractor payments and performance
• cost control
• change management.
Auditing outsourcing contracts about to be let
• the outsourcing procurement life cycle
• the additional issues to be included in an outsourcing contract
• are staff competencies established?
• is the framework for relationship management in place?
• is the business case transparent?
• are performance indicators sufficient, reasonable and consistent?
• are risk registers aligned and complete?
NE
W
Auditing mid-maturity outsourcing contracts
• is relationship management working?
• is the right business outcome being delivered?
• a re service credit, remedies, penalties and other incentive driving
options working?
• d
oes the contract measure up to expectations?
• c an more be obtained from the contract?
Auditing end-of-life outsourcing contracts
• was the business case delivered?
• was the contract good value-for-money?
• what was learnt from the contract?
• should the contract be extended, in-sourced or re-tendered?
Auditing procurement processes – the approach
• management and the procurement process
• controls over procurement
• tendering processes
• on-going due diligence
• evaluation of value delivered.
Presented by
Duration Two days
Fees
Dates
Risk & control
Book YOUR PLACE at
www.iia.org.uk/courses/acop
Data security risks for
internal audit
The rapid pace of technological change has transformed
how personal data is collected and used. Social networks,
cloud computing and portable devices pose new
challenges as people leave digital traces everywhere. This
course will enable you to review your organisation’s data
security safeguards and show you some simple measures
to help protect against data loss.
Who should attend?
Presented by
The course is open to all.
Dr Stephen Hill, Director,
Snowdrop Consulting Ltd
What will I learn?
able to:
• r ecognise your organisation’s
current data exposures
• identify the safeguards
required to protect your data
• u
nderstand the risks of cloud
computing and social media
• implement current data
protection legislation
• u
nderstand the EU revisions of
the Data Protection Act.
Duration
Course programme
IIA CPD competency
areas covered
The course will focus on the
proposed EU reforms to the DPA
and the risks of social media and
cloud computing.
• h
ow is the digital environment
challenging data protection?
• d
ata security risks and
emerging threats including
social media
• d
ata protection responsibilities
for an internal auditor
• IT governance as a best
practice approach
• E U data protection reforms –
what is the Commission
proposing?
• w
hat will be the key changes
and how will they affect me?
• d
ata security and compliance
including ISO27001 & BS10012
• data loss prevention methods –
IT and people controls
• practical tips to protect data.
One day
Fees
Dates
8 April, London
16 October, London
Quality & control
Our average
customer satisfaction
rating for
training courses is
99.5%
Yes,
honestly!
(And we’re working
on the other
half a percent)
Book YOUR PLACE at
www.iia.org.uk/courses/dsr
Auditing the treasury function
Many internal audit departments admit that the treasury
function is not an area that they review on an annual
basis. The technical aspects – and risks – associated with
foreign exchange, hedging and investments can make it
a tricky area to audit. This course will show you how to
add value to treasury activity by optimising its efficiency
and effectiveness.
Who should attend?
Internal auditors and those who work in the treasury function.
What will I learn?
• plan risk based treasury audits that add value as well as provide
assurance
• understand the key issues of control failure concerning strategy
and operations
• identify early warning signals of potential problems
• effectively promote best practice and communicate lessons learned.
Course programme
Overview of treasury fundamentals and the link to value
• treasury remit for alignment with overall business strategy
• design of treasury strategy and policies
• risk implications of analysis and performance reporting
• robustness of service objectives
• risk management activities with appropriate benchmarks
• a ppropriateness of current treasury services to stated needs.
Treasury organisation and structure
• advisory/in-house bank
• cost centre/value added cost centre/profit centre
• centralised/decentralised
• advanced/intermediate/ elementary
• segregation of duties
• structure of a typical corporate and bank treasury
• front, middle and back office structures
• beyond the dealing room.
Treasury risks (includes risks in the dealing operation)
• human
• operational
• market and credit risks
• risk mapping
• system management.
Dealing disasters and lessons to be learnt
• Barings, Societe Generale, UBS – recurring problems highlighted.
Auditing treasury
• audit universe
• treasury jargon
• methodology
• risk based assurance plans
This course is being held by the ACT
and endorsed by the IIA.
• terms
of reference – quality of internal audit coverage.
• evaluating
findings and assessing their significance
• value
adding audit report (style, structure, information,
clarity, language)
• actively
reassess audit plan and adapt the audit process.
Tackling audit challenges
• staff
interviews at all levels of management and operations
• c ritical review of strategy, policy, objectives, procedures and guidelines
• review of treasury organisation
• warning signals and what to look for.
Governance
• explore the duties of the board and management
• the Companies Act 2006 and UK Corporate Governance Code
• treasury risk committees/role of ALCO in banks
• treasury performance and how it is measured and reported.
Derivatives (overview and purpose)
• forwards
and futures
• FRAs, options and swaps
• documentation (eg ISDAs and CSAs).
Treasury management systems
• security violations (including cyber fraud)
• audit trail
• capacity and capability
• key interfaces
• disaster recovery and business continuity.
Presented by
Raj Gandhi FCT FCCA
Duration Two days
Fees
IIA or ACT member £1250 +VAT
Dates
10–11 November, London
Book YOUR PLACE at
www.iia.org.uk/courses/atf
Auditing culture
NE
W
Auditing the human
resources function
NE
W
Risk and control issues are increasingly attributed to
cultural weaknesses – especially in the financial services
sector. In addition, internal auditors are now being asked
to comment on the culture of the departments and
organisations they audit. This course will examine what
we mean by culture and how to approach a cultural audit.
It may be a cliché but people are regularly described as
an organisation’s greatest asset. Considerable energy
and resources are invested in developing HR strategies,
processes and services. This course will show you how to
provide effective, professional insight and internal audit
assurance over this important area.
Who should attend?
Who should attend?
Heads of internal audit and audit
managers.
What will I learn?
able to:
• understand the key elements
of culture and the different
methodology use to assess this
• understand the difficulties in
any assessment methodology
including issues around subcultures and behaviours
• consider the way culture
interacts with other
governance, risk, assurance
and compliance processes
• understand the different ways
to approach a cultural audit
• understand robust ways to
think about culture when
auditing other matters
• understand latest guidance
from the FCA on this topic.
Course programme
• d
efinitions and models of
culture
• sub-cultures – country cultures
and behaviours
• differences between the
espoused and real culture –
understanding defensive
routines
• what can and cannot be
inferred from staff surveys
• the psychology of decision
making and how this may
be influencing culture
• g
roup dynamics and politics
• models of organisational
effectiveness that can be used
as a way of approaching
cultural issues
• recognising the limits of
internal audit in this area
• practical ways to begin
auditing culture.
Presented by
Duration
One day
Fees
Dates
27 March, London
IIA CPD competency
areas covered
Risk & control
Internal environment
Book YOUR PLACE at
www.iia.org.uk/courses/ac
The course is open to all.
What will I learn?
able to:
• u
nderstand the role and
importance of a modern HR
function and how it should
support the achievement of
organisational objectives and
strategy
• r ecognise the objectives of HR
and its key activities
• identify and assess risk and
appropriate mitigation
associated with the HR
function from an internal audit
perspective
• d
eliver professional insight and
internal audit assurance over
HR and its service delivery
• k now where to obtain
additional resources to help
you audit HR in your
organisation more effectively.
Course programme
• b
ackground to HR
management
• importance of effective HR
to all organisations, irrespective
of sector
• objectives of organisational
HR activity
• range of services delivered by
modern HR functions
• alternate HR strategies
available to organisations
• r isks associated with the HR
function and HR service delivery
and options for risk mitigation
• t opical HR issues and
developments facing
organisations and the
HR profession
• common problems and
practical issues faced when
auditing HR.
Presented by
John Chesshire CFIIA CISA
Duration
One day
Fees
Date
19 November, London
IIA CPD competency
areas covered
practices framework
Risk & control
Internal environment
Book YOUR PLACE at
www.iia.org.uk/courses/ahr
IT audit
Introduction to information systems auditing
If you haven’t conducted an IT audit before, or you’ve
only been involved in a few IT audits, then this course
is the ideal starting point for you. It aligns to the latest
standards and best practice approaches and is updated
each year to keep pace with emerging technology. The
course will enable you to confidently perform a review of
the impact of technology on your organisation.
Who should attend?
What will I learn?
• understand relevant best practices
• identify laws, risks and controls that impact an organisation’s
information processing
• perform reviews of live application systems
• perform reviews of systems under development
• review information security policies and physical security within
the organisation
• review contingency and business resumption plans
• review logical security
• perform elementary network reviews.
Physical security
• review
the key issues.
Logical security
• logical access control – concepts
• identification, authentication, authorisation and logging
• passwords – the downside
• permissions
• event logging – journals – trails
• access reviews.
Contingency and disaster avoidance
• determining the range of services and their priority
• third party options
• maintaining the plan.
Networks
• network terminology – short and long haul
• network diagrams – contextual, logical, physical
• LAN – local area networks
• WAN – wide area networks
• key network risks
• network management
• monitoring and control – the auditor’s perspective.
Course programme
Presented by
Working to best practices
• backdrop to IT auditing and audit roles
• governance: ISO/IEC 38500:2008 and COBIT
• Computer Misuse Act, Data Protection Act, Copyright and Patents
Act, Freedom of Information Act, Regulations of Investigatory Powers
Act, Electronic Communications Act 2000.
Risks associated with systems
• IT risks – confidentiality, availability, integrity and accountability
• auditing existing systems – risk based approach
• applications and key controls
• new controls made available through technology.
Auditing new systems and developments
• software procurement
• systems development life cycle (SDLC)
• rapid application development – RAD
• change control.
Duration Four days
Fees
Dates
Quality & control
Auditing the building blocks of IT control
• best practices and standards for service delivery
• ITIL v2, ITIL v3 and ISO/IEC 20000
• ISO/IEC 27001 and ISO/IEC 27002.
Information security and acceptable use policies
• top management commitment
• creating a security policy.
Book YOUR PLACE at
www.iia.org.uk/courses/iisa
NE
W
IT audit
Auditing networked systems
Networks are the lifeblood of modern businesses and an
assumption is often made that, because they are
complex, specialised IT auditors are required to review
them. This course will ease you through the terminology
and technology barriers and show you strategies you can
deploy to help your organisation reduce the risks posed
by corporate networks.
Who should attend?
What will I learn?
• demonstrate an understanding of the component parts of network
based systems
• describe risks and controls associated with common networking
strategies
• audit data flowing over networks and evaluate the risks to do
with networking
• understand better how to deal with emerging network technologies.
Course programme
Network terminology and hardware
• load balancing devices – issues and risks
• web servers with caching – issues and risks
• routing – issues and risks
• network admission control
• firewalls and firewall – issues and risks
• unwired networks – issues and risks
• auditing infrastructures – a data path approach.
Network issues and auditing
• simple security reviews using test tools
• checking your website – simple vulnerability mapping
• understanding infrastructure maps, diagrams and models
• mapping risks by examining interactions between devices
• one-way data flow – issues and risks
• two-way data flow – issues and risks
• three-way data flow – issues and risks
• auditing networks services using a risk based approach.
Network control
• a uthentication strategies for screening parties – unilateral
and bilateral approaches
• c ookie strategies
• s afe delivery and control of sensitive or private data
• d
ata loss prevention software
• integrity preservation controls
• p
ublic key cryptography and digital certificates
• S
SL to protect bilateral remote exchange
• a uditing network controls – a mapped approach
• S
ANS top twenty controls.
Presented by
Duration Two days
Fees
Dates
23–24 June, London
Risk & control
Data collection & analysis
Book YOUR PLACE at
www.iia.org.uk/courses/ans
IT audit
Advanced information systems auditing
IT knowledge expires quickly and so developing your
expertise in IT audit can be challenging. This course will
lift your understanding of IT audit approaches, tools and
strategies. It will enable you to perform effective audits
of complex working environments and tackle other
complex issues such as how your infrastructure should be
hardened and controlled.
System objects and their interaction
• security
reference monitor – the moderator between objects.
ITSEC policy
• registration,
identification, authentication, authorisation and logging
• permissions
and least rights rules
• role-based
access control.
Internal auditors with at least six months experience in IT auditing.
Data control – detective processes
• event auditing
• effective capture, viewing and retention.
What will I learn?
Presented by
• understand the process of hardening systems and be able to
evaluate vulnerability, patch and fix regimes
• d
eploy analytical software products and techniques to locate
or evaluate system weaknesses
• analyse and evaluate critical preventative and directive control
processes within systems
• analyse and evaluate control trails and event logs.
Course programme
Dates
Can systems be secure?
• formal mandated security in systems.
Who should attend?
Hardening systems – preventing and detective measures
• hardening of key software – the process
• configuring applications/services
• configuring server side applets/scripts
• configuring the user community
• patching and fixing systems as part of IT support.
Duration Three days
Fees
Quality & control
Risk & control
Tools and strategies for auditors
• validation of security in systems – the process
• verification of build
• inventory, software base and licensing
• is your organisation configuring best practice security?
• locating weaknesses in applications – tools and technique
• automated exploit testing – tools and technique
• penetration testing and penetration testing contracts.
Data control – preventative and directive processes
• the big three – confidentiality, integrity and accountability
• identifying data domains – domain based planning
• deliver assurance between domains – the approach
• identifying and defining data assets and ownership
• reviewing the inter-domain interfaces for hazards and risks
• d
etermine inter-domain data asset protection requirements –
define protection attributes
• documentation of control architecture.
Book YOUR PLACE at
www.iia.org.uk/courses/aisa
HOW TO BOOK
All our training courses can be booked online. Our
website has full details including dates, venue details
and tutor profiles.
Visit www.iia.org.uk/courses
Contact us
If you have any questions about the suitability of a course
please give us a call. We’d also be delighted to discuss
your in-house training requirements.
Call the training team on 020 7498 0101
Email training@iia.org.uk
Course details are correct at the time of going to press. We reserve the right to cancel or modify the programme at any time. Please check our website for current details at www.iia.org.uk/courses.
For terms and conditions visit www.iia.org.uk/terms.
About the Chartered Institute
of Internal Auditors
First established in 1948, we obtained our Royal Charter
in 2010. We are the only professional body dedicated
exclusively to training, supporting and representing
internal auditors in the UK and Ireland.
We have approximately 8,000 members in all sectors of
the economy including private companies, government
departments, utilities, voluntary sector organisations,
local authorities and public service organisations such as
the National Health Service.
Members of the Chartered Institute of Internal Auditors
are part of a global network of 180,000 members in
190 countries. All members across the globe work to the
same International Standards and Code of Ethics. Over
2,000 members of the institute are Chartered Internal
Auditors and have earned the designation CMIIA. 800 of
our members hold the position of head of internal audit
and most FTSE 100 companies are represented amongst
the institute’s membership.
Chartered Institute
of Internal Auditors
13 Abbeville Mews
88 Clapham Park Road
London SW4 7BX
tel 020 7498 0101
email info@iia.org.uk
Find us at www.iia.org.uk and also here:
@CharteredIIA
CharteredIIA
© December 2013
Chartered Institute of Internal Auditors

Training courses 2014 - Chartered Institute of Internal Auditors

Transcription

Similar documents

Presentation

Trans-tasman regulatory findings

maryland division of financial regulation

Food Safety

Untitled - Caja Rural Granada

2016 Audit Engagement Letter – Erdahl Redpath

Z1000 LEAD AUDITOR 5 Days

Dianne Huffman CHAIR, AUDIT COMMITTEE

August - Chapters Site - The Institute of Internal Auditors

Developing a Coding Strategy for ABF (Jacqui Curley)