Risk Based Internal Auditing.

Documenting Working Papers
& Reporting of Risk Based Audit.

06 - 10 May 2024,
Johannesburg - South Africa

Register Now! Limited Seats Available!

R17, 999.00 Per Delegate

Public R14, 999.00

Online R10, 999.00


Faced with growing challenges in the management of organisations, the field of auditing has changed over time. Risks characterize the conduct of business today, and some of these threaten business survival. Organisations have to respond to the many challenges on a timely basis. Managers are expected to re-affirm their organization’s financial commitment, dedication to growth, success and focus to meet their objectives. They need to be constantly assessing the risks associated with changes taking place in business arena and mitigate against them. A strong internal control system (ICS) becomes a necessity and not a choice. Auditors need to audit what matters in the organization. The starting point is carrying out risk based audit supported by a functioning audit function.

You will learn how to plan, perform, and report on the results of risk-based audits. Also, how this approach differs from controls-based, raise awareness, and better articulates the benefits of this approach as a means to add value. 

  • How we will work together over the next three days to ensure that the objectives are achieved.
  • Why risk based internal auditing?
  • Overview and Objectives.
  • The role and purpose of internal audit.
  • The added value role of internal audit.
  • The different approached to internal audit.
  • The way the three key internal audit approaches fit together and/or conflict.
  • A risk based audit plan.
  • Risk based internal auditing – how to guide.
  • Consider the different methodologies for documenting a system including narrative, flowcharts, and risk matrices.
  • How to deliver a risk-based audit report.
  • What does an organization seek from its internal auditors Risk Management – general concept.

Who Should Attend:

  • Finance Managers.
  • Internal Auditors.
  • Internal Audit Department.
  • Accountants.
  • Risk Managers .
  • Officers interested in hands on skills in risk based auditing.

Course Outline:


Steps for conducting a risk-based internal audit

Step 1: Assessing risk maturity

An overview is obtained regarding the assessment, management and risk monitoring. This shows the reliability of the risk for audit planning purposes.

Step 2: Periodic audit planning

An audit is planned for a specific period where all areas requiring objective assurance are identified and prioritized. The risk management processes, the management of key risks and the recording and reporting of risks are included.

Step 3: Individual audit assignments

Individual risk-based assignments are executed that provide assurance on part of the risk management framework. For example, on the mitigation of individual or groups of risks.

Risk management within the business

  • Identifying the risks facing the business.
  • Assessing the risk impact.
  • Rating /prioritizing risks.
  • The risk continuum.
  • Exercise.
  • Create a corporate risk register for an organization.

Corporate Governance

  • Why corporate governance.
  • Fitting the pieces of the jigsaw together.
  • What does ‘good’ corporate governance look like.
  • Is it one size fits all?
  • Exercise.
  • What does corporate governance mean to your business and what does it look like.

Summary of the day

  • The annual lifecycle of internal audit.

A risk based audit plan

  • Reliance on the organisations risk registers.
  • Nature and purpose of internal audit plans.
  • Risk based planning.
  • Key influences.
  • Control environment.
  • Exercise.
  • Case study create a risk based internal audit plan (including consideration of risks, resources, timescales and the level of assurance required).

Risk based internal auditing – how to guide

  • Terms of reference for the audit.
  • Exercise.
  • Create a terms of reference for an audit considering approach, scope, risks, controls and added value.
  • Audit Documentation.
  • Exercise.
  • Consider the different methodologies for documenting a system including narrative, flowcharts, and risk matrices.
  • Internal audit testing.
  • Purpose.
  • Methodology.
  • Approach.
  • Test samples.
  • Exercise.
  • Consider the elements of and create a test programme for a predetermined internal audit.
  • Evidence.
  • Exercise.
  • Consider why evidence is important and what are the challenges facing internal audit with regard to evidence.
  • Emerging findings.
  • Exercise.
  • Draw together the issues that have arisen during the audit and explore the methods available for reporting them.


  • Individual internal audit reports.
  • Internal audit reports to the Audit Committee.
  • Internal Audit annual assurance statement.
  • Statement on internal control.
  • Exercise.
  • Consider the content of the annual internal audit assurance statement and the link to the organisations statement on internal control.

How to deliver a risk-based audit report

  • What does your client want from an audit report?
  • Written or verbal reporting.
  • Frequency of reporting.
  • Exercise.
  • Consider the format and content of a risk based audit report.
  • The internal audit report then what?
  • Follow up.
  • Escalation.

Is your organisation ready for risk based internal auditing?

  • Profile of internal audit.
  • Skill set of the internal audits.
  • The maturity of risk management within the organisation.
  • The level of assurance required from internal audit by the organisation.
  • Exercise.
  • Consider whether to simply tick the box or really add value.

End of the workshop



While both In-House and Online training can present with cost-effectiveness and time-efficacy, there are some very specific differences between in-house courses and those based online.
The demand for additional courses by individuals or groups of people is increasing. Still, it depends entirely on the preferences of a person what type of training he or she wants to receive. Online courses and in-house training carry some similarities but they are considered to exhibit some very pivotal differences too. Despite that, both types of learning can be really beneficial for attendees.

For Registration and other Training arrangements,
contact us on the detail below.

SOUTH AFRICA : +27 11 057 6001
TANZANIA Cell: +255 769 688 544
WhatsApp +27 79 574 0389
info@bmktraining.co.za / www.bmktraining.com