APPLYING RISK BASED AUDIT TECHNIQUE TO OPERATIONAL AUDIT ASSIGNMENTS (3 DAYS INTERACTIVE AUDIT WORKSHOP) Course Outline Role of Internal Auditing Identify the Value of Internal Auditing. Define Internal Auditing. What is Risk Based Auditing? Broad overview of Risk Based Auditing Describe the Internal Audit Standards Related to Risk-Based Auditing. Control (and Risk) Frameworks Identify the Elements of COSO Control and ERM Frameworks. Identify the Internal Control Environment Factors, Risk Management Factors, Control Activity Factors, Information and Communication Factors and Monitoring Factors. Identify the Limitations of Internal Control and Factors which Override Control Activities. Identify Roles and Responsibilities in Internal Control. Entity-Wi Wide Risk Assessment Identify Assurance Performance Standard 2130.A1. Identify the Process for Performing an Entity-Wide Risk Assessment. Define Business Process. Identify the Process of Developing an Audit Plan. Risk-Based Audit Engagement Identify the Process of Performing a Risk-Based Engagement. Identify the Attributes of a Business Process Definition or Objective. Identify the Risk-to-Business Processes and Risk Events. 1
Identify the Four Common Ways to Manage Risk. Identify the Definition of Controls, the Type of Controls and Evaluation Methods for Controls. Identify the Guidelines for Reporting the Results of a Risk-Based Audit Engagement Discussion / Case Studies / Illustration will be using examples from some of the following business processes commonly found in the manufacturing, services and trading industry: Procurement Production Planning IT Sales and Marketing Finance and Accounting Inventory Management Logistic / Distribution Human Resource Course Outline Operational Auditing Overview Define auditing, internal auditing, and operational auditing Distinguish between operational auditing and consulting Identify types of audits and audit approaches. Role of Management Recognise how objectives tie to the organisation s mission, vision, and values. Practice writing a mission, vision, and value statement and setting objectives. 2
Practice using tools and methodologies management uses to achieve objectives. Discuss how to communicate audits role and benefits with Management. Management Methodologies Use the COSO framework to evaluate an operational area. Understand the various methodologies organisations use to achieve objectives such as: - ISO, Balanced Scorecards, and Six Sigma. Operational Auditing Methodologies Identify some objectives of Performance Audits and steps used. Identify the steps required using the Value Cost Improvement (VCI) tool and practice using these methodologies in an Operational Audit. Use the risk-based approach to operational auditing. Identify the steps used in Business Process Analysis. Entity-Level Controls Begin performing an operational audit by applying a control framework at the entity level. Performing the Operational Audit Recognise how objectives and scope are created for an operational audit. Recognise the importance of having knowledge of IT controls and the frameworks associated with them. Reporting operational audit results Identify ways auditors can add value to management and the organisation 3
TRAINER S PROFILE STEVEN YEE CMIIA, CPA Steven Yee is a professional member of the IIA Malaysia and MICPA (Malaysian Institute of Certified Public Accountants). He obtained his professional training in the Assurance and Business Advisory unit of Price Waterhouse, known as PricewaterhouseCoopers now. At present, he is the founder and Managing Director in Centegy Governance Consulting Group. He has over 17 years of experience in the field of Risk Management and Internal Audit consulting and Statutory Auditing. Specifically, his domain knowledge and expertise revolve primarily in the fields of Internal Audit transformation (People, Methodology and Technology), Board Corporate Governance advisory and Enterprise Risk Management implementation. He has extensive experience in undertaking internal audit advisory engagement, training and ERM implementation across a variety of industries including both the private and public sectors. Steven is a recognised panel trainer and facilitator for a range of technical and soft-skill topics for IIA Malaysia and other professional bodies. His focus on training for Internal Auditors includes: Applying COSO Auditing Technique Risk-Based Auditing Effective Audit Report Writing Operational Risk Management Consulting Activities, Skills and Techniques Related Party Transaction Audit Changing Needs for Compliance Auditing Some of the corporations served over the years by Steven include: Petronas, Telekom Malaysia, PLUS Highway, MISC, POS Malaysia, Prokhas, Lembaga Hasil Dalam Negeri, Maybank, Jabatan Akauntan Negara, Chemical Company Malaysia, Sime Darby, Proton, UMW Group and Astra Group (Indonesia). Steven is also a corporate trainer for PLC Directors training programmes in Malaysia. In 2011, he was appointed by the Companies Commission of Malaysia (Suruhanjaya Syarikat Malaysia) to provide public and in-house training / seminar to company s directors on topics relating to Corporate Governance, Risk Management and Internal Controls. 4
TRAINER S PROFILE STEVEN YEE CMIIA, CPA At present, in addition to providing training services, he is actively involved in managing Business Processes Outsourcing (BPO) engagements for corporations in Malaysia and Singapore. He heads a team of 15 consulting and finance professionals in undertaking projects such as: Operational finance and shared services delivery Project development and implementation as part of a global system transformation & automation (Travel and Entertainment system & Advertising and Promotion system) IPO Project Management including preparation of forecast and accounts Accounting system migration Review for compliance and disclosure of key financial and operational data Operational and financial Due Diligence Standard Operating Procedures (SOP) development 5