
Lecture 1: Course Overview & Learning Objectives
In this introductory lecture, you’ll get a clear overview of the course structure, topics, and key learning outcomes. We’ll walk through what risk-based auditing is, why it matters in today’s dynamic business environment, and how this course will help you build practical skills to apply risk-based approaches in real audit engagements.
You’ll also gain insight into how each module is designed to guide you step by step—from understanding foundational concepts to executing risk-focused audits and communicating results effectively.
By the end of this lecture, you will be able to:
Understand the overall structure and purpose of the course.
Identify the core topics and skills you will gain throughout the program.
Recognize the value of risk-based auditing in improving audit efficiency and effectiveness.
This lecture sets the stage for your learning journey and prepares you to dive deeper into the principles and practices of risk-based internal auditing.
Lecture 2: Introduction to Risk-Based Auditing
In this lecture, you’ll be introduced to the core concept of risk-based auditing and how it differs from traditional audit approaches. We’ll define what risk-based auditing is and explain its strategic focus on identifying and prioritizing areas of highest risk within an organization.
You’ll learn about the fundamental shift from checklist-based auditing to a more dynamic, risk-focused method that aligns audit efforts with organizational objectives. We’ll also explore the key benefits of this approach, including improved resource allocation, enhanced audit effectiveness, and greater value delivery to stakeholders.
By the end of this lecture, you will be able to:
Define risk-based auditing and understand its principles.
Distinguish between traditional and risk-based audit methodologies.
Explain the advantages of adopting a risk-based audit approach.
This lecture lays the foundation for applying risk-based techniques throughout the audit process and understanding their value in modern internal auditing.
Lecture 3: Defining Risk and Risk Management
In this lecture, you’ll gain a clear understanding of what risk and risk management mean in the context of internal auditing. We’ll cover key definitions and explain how auditors use these concepts to assess and prioritize areas of concern within an organization.
You’ll also learn about two critical types of risk: inherent risk and residual risk. Understanding the difference between them is essential for evaluating the effectiveness of internal controls and determining where audit attention should be focused.
By the end of this lecture, you will be able to:
Define risk and risk management in an audit context.
Explain the concepts of inherent and residual risk.
Recognize how these risk types influence audit planning and scope.
This foundational knowledge is essential for building an effective risk-based audit approach and making informed decisions throughout the audit process.
Lecture 4: Major Control and Risk Frameworks
In this lecture, you’ll be introduced to the most widely recognized control and risk management frameworks used in internal auditing and organizational governance. We’ll explore key frameworks such as COSO, ISO 31000, COBIT, NIST, and others, highlighting their purposes, structures, and areas of application.
You’ll learn how these frameworks support effective risk identification, assessment, and control evaluation. Understanding their differences and practical uses will help you select the right framework for your audit objectives and align your work with industry standards.
By the end of this lecture, you will be able to:
Identify and describe major control and risk frameworks.
Understand the core principles of COSO, ISO 31000, COBIT, and NIST.
Recognize how these frameworks guide risk-based audit planning and execution.
This knowledge will strengthen your ability to conduct audits in line with professional standards and support your organization's overall risk management strategy.
Lecture 5: Risk Management Assessment Criteria
In this lecture, you’ll explore the key elements used to assess the maturity and effectiveness of an organization’s risk management practices. We’ll discuss common criteria and models that help internal auditors evaluate how well risks are identified, assessed, mitigated, and monitored.
You’ll learn how to gauge an organization’s risk culture, governance structures, and integration of risk management into decision-making processes. This understanding is essential for determining audit priorities and providing valuable insights to leadership.
By the end of this lecture, you will be able to:
Identify the key components of a risk management assessment.
Evaluate an organization’s risk management maturity using common criteria.
Understand how assessment results influence audit planning and recommendations.
This lecture equips you with practical tools to assess risk management systems and support continuous improvement in risk oversight.
Lecture 6: Corporate Governance Overview & Standards
In this lecture, you’ll gain a foundational understanding of corporate governance and its critical role in ensuring accountability, transparency, and ethical conduct within organizations. We’ll define corporate governance and review key regulatory requirements that shape governance practices across various industries and jurisdictions.
You’ll also explore the roles and responsibilities of boards of directors and audit committees, focusing on how they provide oversight, support risk management, and ensure the effectiveness of internal controls and audit functions.
By the end of this lecture, you will be able to:
Define corporate governance and understand its regulatory framework.
Explain the governance roles of boards and audit committees.
Recognize how strong governance supports effective auditing and risk management.
This lecture provides essential context for understanding the broader environment in which internal audit operates and the expectations placed on governance bodies.
Lecture 7: Relationship Between Governance, Risk & Control
In this lecture, you’ll explore the critical relationship between governance, risk, and control—often referred to as the GRC triad. We’ll examine how effective governance supports proactive risk management and how well-designed controls are essential for mitigating those risks.
You’ll also gain insights into how control frameworks align with governance and risk strategies, and discover best practices for integrating GRC components to strengthen organizational oversight and performance.
By the end of this lecture, you will be able to:
Explain the interconnection between governance, risk, and control.
Understand how governance influences risk management and control effectiveness.
Apply control framework principles to support organizational objectives.
This lecture helps you see the bigger picture of how internal audit fits into the broader system of organizational integrity and performance.
Lecture 8: Governance Breakdowns & Case Studies
In this lecture, you’ll examine real-world examples of governance failures and uncover the lessons they offer for auditors, leaders, and organizations. We’ll explore common causes of governance breakdowns, such as weak oversight, poor risk management, lack of accountability, and ineffective controls.
Through case studies of high-profile corporate scandals and governance lapses, you’ll gain insight into how these failures occurred, what warning signs were missed, and how stronger governance practices could have prevented them.
By the end of this lecture, you will be able to:
Identify common causes of governance breakdowns.
Analyze real-world case studies to understand the impact of weak governance.
Recognize how internal audit can help prevent similar failures.
This lecture highlights the importance of strong governance and the critical role internal auditors play in supporting ethical, transparent, and accountable organizations.
Lecture 9: COSO Framework and Corporate Governance Principles
In this lecture, you’ll explore how the COSO framework supports effective corporate governance by promoting strong internal controls, risk management, and ethical oversight. We’ll break down the five components of the COSO framework and discuss how they align with key governance principles such as accountability, transparency, and integrity.
You’ll also learn how organizations can apply COSO to strengthen governance structures, enhance decision-making, and ensure compliance with regulatory expectations.
By the end of this lecture, you will be able to:
Understand the role of the COSO framework in supporting corporate governance.
Apply COSO principles to evaluate and improve governance practices.
Identify key governance principles that align with COSO’s components.
This lecture equips you with a practical understanding of how to integrate COSO into governance assessments and support stronger organizational oversight.
Lecture 10: Internal Audit’s Role in Governance Auditing
In this lecture, you’ll learn about the vital role internal audit plays in evaluating and strengthening corporate governance. We’ll explore the key activities and approaches internal auditors use to assess governance processes, including reviewing board oversight, risk management, and control effectiveness.
You’ll gain insight into how internal audit supports transparency, accountability, and ethical conduct by providing independent assurance and recommendations for improvement.
By the end of this lecture, you will be able to:
Understand the scope of internal audit’s role in governance auditing.
Identify common audit activities and methodologies used to assess governance.
Recognize how internal audit adds value by enhancing governance effectiveness.
This lecture prepares you to apply internal audit best practices in governance reviews and contribute meaningfully to organizational integrity and performance.
Lecture 11: Understanding Strategic Risk
In this lecture, you’ll explore the concept of strategic risk and its critical impact on organizational success and sustainability. We’ll define strategic risk and break down its key elements, including how it arises from high-level decisions, market changes, and competitive pressures.
You’ll learn why managing strategic risk is essential for long-term planning and how failures in this area can lead to significant financial, reputational, and operational consequences.
By the end of this lecture, you will be able to:
Define strategic risk and identify its main components.
Understand how strategic risks affect an organization’s objectives and performance.
Recognize the importance of incorporating strategic risk into the audit and risk management process.
This lecture equips you with the knowledge to assess and address strategic risks effectively within your audit engagements.
Lecture 12: Internal Audit’s Consideration of Strategic Risk
In this lecture, you’ll learn how internal auditors incorporate strategic risk into their audit planning and execution. We’ll cover techniques for identifying and prioritizing strategic risks, including the use of key risk indicators (KRIs) and understanding an organization’s risk appetite.
You’ll gain practical insights on how to align audit objectives with strategic priorities and evaluate how effectively an organization manages its strategic risks.
By the end of this lecture, you will be able to:
Integrate strategic risk considerations into internal audit planning.
Identify and use key risk indicators to monitor strategic risks.
Understand the role of risk appetite in shaping audit focus and recommendations.
This lecture prepares you to enhance your audit approach by addressing the critical area of strategic risk, ensuring audits add value at the highest organizational levels.
Lecture 13: Strategy-Related Audits
In this lecture, you’ll learn how to audit an organization’s strategic planning processes and evaluate risks related to its business model. We’ll explore methods for assessing the effectiveness, alignment, and risk management within strategic plans.
You’ll gain the skills to identify potential vulnerabilities in the business model that could impact long-term success and provide actionable recommendations to strengthen strategic resilience.
By the end of this lecture, you will be able to:
Assess the robustness of strategic planning processes.
Evaluate risks associated with different business models.
Conduct audits that support organizational strategy and risk mitigation.
This lecture equips you with the tools to perform audits that align closely with an organization’s strategic objectives, enhancing value through targeted risk evaluation.
Lecture 14: Strategy Process Audits
In this lecture, you’ll explore how to audit the strategic decision-making process and evaluate performance management systems within an organization. We’ll cover techniques for reviewing how strategic decisions are made, documented, and communicated, as well as how performance metrics are established and monitored to track progress.
You’ll learn how to identify gaps or weaknesses that may hinder effective strategy execution and provide recommendations to improve governance and accountability.
By the end of this lecture, you will be able to:
Audit the processes behind strategic decision-making.
Evaluate the effectiveness of performance management frameworks.
Identify opportunities to enhance strategic oversight and results measurement.
This lecture prepares you to assess how well organizations translate strategy into action and monitor outcomes effectively.
Lecture 15: Fraud Risk Assessment: Principles & Guidelines
In this lecture, you’ll gain a solid understanding of the principles and standards that guide effective fraud risk assessment. We’ll explore key concepts, frameworks, and best practices that help internal auditors identify, evaluate, and respond to fraud risks within an organization.
You’ll learn how to apply recognized standards to develop a structured approach for assessing fraud risks, enabling you to detect potential vulnerabilities and safeguard organizational assets.
By the end of this lecture, you will be able to:
Understand fundamental fraud risk assessment principles.
Apply industry standards and guidelines to evaluate fraud risks.
Develop an effective framework for fraud risk identification and management.
This lecture equips you with essential knowledge to strengthen your audit work by proactively addressing fraud risks.
Lecture 16: Anti-Fraud Programs & Internal Audit’s Role
In this lecture, you’ll learn about the essential elements that make up an effective anti-fraud program, including policies, controls, detection methods, and response plans. We’ll discuss how these components work together to prevent, detect, and respond to fraudulent activities within organizations.
You’ll also explore the critical role internal audit plays in supporting and evaluating anti-fraud programs, from risk assessments to control testing and promoting a culture of integrity.
By the end of this lecture, you will be able to:
Identify the key components of a robust anti-fraud program.
Understand internal audit’s responsibilities in fraud prevention and detection.
Support organizations in strengthening their defenses against fraud.
This lecture prepares you to contribute actively to anti-fraud efforts and enhance your organization’s overall risk management framework.
Lecture 17: The Fraud Triangle & Types of Fraud
In this lecture, you’ll explore the foundational concept of the Fraud Triangle, which explains the three key factors that often lead to fraudulent behavior: pressure, opportunity, and rationalization. Understanding this model helps auditors identify where fraud risks may arise.
You’ll also learn about common types of fraud that organizations face, such as asset misappropriation, financial statement fraud, and corruption. Recognizing these fraud types is essential for effective risk assessment and control evaluation.
By the end of this lecture, you will be able to:
Explain the components of the Fraud Triangle and their significance.
Identify various common types of fraud in organizational settings.
Use this knowledge to enhance fraud risk detection and prevention efforts.
This lecture provides critical insights to help you better assess fraud risks and protect your organization from potential losses.
Lecture 18: Fraud Risk Auditing: Internal Audit Approach
In this lecture, you’ll learn how internal auditors systematically assess fraud risks within an organization. We’ll explore the methodologies and frameworks auditors use to identify, evaluate, and prioritize fraud risk areas during audit planning and execution.
You’ll also discover practical tools and techniques for detecting fraud, including data analytics, interviews, observation, and control testing, which help uncover potential red flags and suspicious activities.
By the end of this lecture, you will be able to:
Understand the internal audit approach to assessing fraud risks.
Apply various tools and techniques for effective fraud detection.
Integrate fraud risk considerations into your audit procedures.
This lecture equips you with actionable strategies to enhance your fraud risk audits and contribute to safeguarding your organization’s assets and reputation.
Lecture 19: Understanding the IT Risk Landscape
In this lecture, you’ll gain an overview of the key IT risks and emerging threats that organizations face in today’s digital environment. We’ll explore risks such as cybersecurity breaches, data privacy issues, system failures, and evolving technological vulnerabilities.
You’ll learn how these IT risks can impact business operations, financial reporting, and regulatory compliance, highlighting the critical need for effective risk management in IT.
By the end of this lecture, you will be able to:
Identify major IT risks and emerging threats affecting organizations.
Understand the potential impact of IT risks on overall business objectives.
Recognize the importance of incorporating IT risk considerations into audit planning.
This lecture prepares you to approach IT risk with greater awareness and integrate it effectively into your internal audit activities.
Lecture 20: IT Risk Assessment Frameworks
In this lecture, you’ll explore key frameworks used to assess and manage IT risks, including NIST, ISO 27001, and COBIT. We’ll review the core principles and structures of each framework, highlighting how they guide organizations in identifying, evaluating, and mitigating IT-related risks.
You’ll learn how to apply these frameworks to strengthen IT governance, ensure compliance, and support effective risk management practices within your audit work.
By the end of this lecture, you will be able to:
Understand the main components of NIST, ISO 27001, and COBIT frameworks.
Apply these frameworks to assess IT risks in an organizational context.
Enhance your audit approach by integrating established IT risk management standards.
This lecture equips you with practical knowledge to navigate IT risk assessment and support your organization’s cybersecurity and compliance objectives.
Lecture 21: Internal Audit’s Consideration for IT Risks
In this lecture, you’ll learn about the important role internal audit plays in identifying, assessing, and managing IT risks within an organization. We’ll explore how auditors evaluate IT controls, cybersecurity measures, and risk mitigation strategies to ensure IT-related risks are effectively addressed.
You’ll gain insight into how internal audit collaborates with IT teams and uses specialized knowledge to support the organization’s overall risk management framework.
By the end of this lecture, you will be able to:
Understand internal audit’s responsibilities in IT risk management.
Evaluate IT risk controls and identify potential vulnerabilities.
Support continuous improvement of IT governance and security through audit activities.
This lecture prepares you to integrate IT risk considerations into your audit approach and help safeguard your organization’s technology assets.
Lecture 22: Cybersecurity & Information Security Risks
In this lecture, you’ll dive into the critical area of cybersecurity and information security risks facing organizations today. We’ll discuss common threats such as data breaches, ransomware, and phishing attacks, and how they impact business continuity and reputation.
You’ll also learn about industry best practices and frameworks—like NIST Cybersecurity Framework and ISO 27001—that help organizations build strong defenses and manage information security effectively.
By the end of this lecture, you will be able to:
Identify key cybersecurity and information security risks.
Understand best practices to protect organizational data and systems.
Apply recognized security frameworks to support risk mitigation efforts.
This lecture equips you with essential knowledge to evaluate and improve cybersecurity controls as part of your internal audit responsibilities.
Lecture 23: Governance in IT Risk Management
In this lecture, you’ll explore the vital role of IT governance frameworks in managing technology risks and aligning IT with business objectives. We’ll examine how frameworks like COBIT and ISO/IEC 38500 guide organizations in establishing effective oversight, accountability, and strategic direction for IT risk management.
You’ll learn how strong IT governance supports risk identification, control implementation, and regulatory compliance, enhancing overall organizational resilience.
By the end of this lecture, you will be able to:
Understand the purpose and benefits of IT governance frameworks.
Explain how IT governance integrates with risk management processes.
Apply governance principles to strengthen IT risk oversight.
This lecture prepares you to assess IT governance practices and contribute to improved IT risk management within your audit work.
Lecture 24: Internal Audit Considerations for ERM Audits
In this lecture, you’ll learn about the essential considerations internal auditors must keep in mind when conducting Enterprise Risk Management (ERM) audits. We’ll highlight the key areas to assess, including risk identification, risk appetite, risk response strategies, and monitoring processes.
You’ll gain insight into how to evaluate the effectiveness of an organization’s ERM framework and its integration with strategic objectives and operational activities.
By the end of this lecture, you will be able to:
Identify critical focus areas in ERM audits.
Assess the maturity and effectiveness of ERM processes.
Provide valuable recommendations to enhance enterprise-wide risk management.
This lecture equips you with the knowledge to perform comprehensive ERM audits that support stronger organizational risk governance.
Lecture 25: Assessing Enterprise Risk Management Programs
In this lecture, you’ll learn how to evaluate the maturity of Enterprise Risk Management (ERM) programs within organizations. We’ll discuss key criteria and indicators that help determine how well-developed and effective an ERM program is, from initial risk awareness to advanced, integrated risk management practices.
You’ll gain practical skills to assess ERM maturity levels and identify areas for improvement, enabling you to provide actionable insights that enhance the organization’s overall risk management capability.
By the end of this lecture, you will be able to:
Understand the stages of ERM program maturity.
Use assessment criteria to evaluate ERM effectiveness.
Recommend improvements to advance ERM development.
This lecture prepares you to conduct thorough evaluations of ERM programs that contribute to stronger, more resilient organizations.
Lecture 26: Maturity Assessment & Comprehensive Risk Assessment
In this lecture, you’ll explore how to use maturity models to assess the effectiveness of Enterprise Risk Management (ERM) programs. We’ll cover different maturity frameworks that help measure an organization’s risk management capabilities, identify gaps, and prioritize improvements.
You’ll also learn how to conduct comprehensive risk assessments that consider all levels of risk exposure, supporting a holistic approach to risk management.
By the end of this lecture, you will be able to:
Apply maturity models to evaluate ERM program effectiveness.
Conduct thorough and comprehensive risk assessments.
Use assessment results to guide risk management enhancements.
This lecture equips you with tools and techniques to drive continuous improvement in ERM and strengthen organizational resilience.
Lecture 27: Defining the Audit Universe & General Attributes
In this lecture, you’ll learn about the concept of the audit universe—an essential foundation for effective internal audit planning. We’ll explain what an audit universe is, why it matters, and how it helps auditors identify all areas, processes, and risks within an organization that may require auditing.
You’ll also explore the general attributes of an audit universe, including scope, complexity, and risk factors that influence audit prioritization.
By the end of this lecture, you will be able to:
Define the audit universe and understand its purpose.
Recognize the key attributes that shape the audit universe.
Use the audit universe as a tool for comprehensive and risk-based audit planning.
This lecture prepares you to build and maintain an effective audit universe that supports strategic and efficient audit coverage.
Lecture 28: Risk Assessment of the Audit Universe
In this lecture, you’ll learn how to perform risk assessments within the audit universe to prioritize audit activities effectively. We’ll cover how to identify and evaluate key risk factors that impact various areas and processes in the organization.
You’ll gain skills to analyze risk likelihood and impact, enabling you to focus audit resources on the highest-risk areas for maximum value and assurance.
By the end of this lecture, you will be able to:
Identify critical risk factors within the audit universe.
Assess and prioritize risks to guide audit planning.
Enhance your audit strategy through a risk-based approach.
This lecture equips you to apply risk assessment techniques that improve the effectiveness and efficiency of your internal audit program.
Lecture 29: Risk Identification & Measurement Techniques
In this lecture, you’ll explore various techniques for identifying and measuring risks, including both qualitative and quantitative methods. We’ll discuss how to gather risk data, analyze risk factors, and use different approaches to assess risk severity and likelihood.
You’ll learn how to select the appropriate method based on the audit context, ensuring a thorough and accurate risk evaluation.
By the end of this lecture, you will be able to:
Differentiate between qualitative and quantitative risk assessment techniques.
Apply suitable methods for identifying and measuring risks.
Enhance your risk analysis skills to support informed audit decisions.
This lecture prepares you to conduct comprehensive risk assessments that underpin effective and focused internal audit planning.
Lecture 30: Risk Prioritization & Audit Planning
In this lecture, you’ll learn how to prioritize risks effectively to develop a focused and impactful audit plan. We’ll cover criteria and methodologies for ranking risks based on their likelihood and potential impact, helping you allocate audit resources strategically.
You’ll also explore practical examples and case studies that demonstrate risk prioritization in real-world audit planning scenarios.
By the end of this lecture, you will be able to:
Apply risk prioritization techniques to guide audit planning.
Use case studies to understand practical risk assessment applications.
Develop audit plans that target the most significant risks.
This lecture equips you with essential skills to enhance your audit planning process and maximize the value of your internal audit activities.
Advanced Risk-Based Auditing: Aligning Audit with Strategic Risks
Master the techniques and tools of modern risk-based auditing to add real value to your organization.
Go beyond compliance checklists and become a strategic audit advisor.
What You’ll Learn
Understand key risk management principles, control frameworks, and audit methodologies
Assess corporate governance risks and conduct effective governance audits
Identify and evaluate strategic risks aligned with business objectives
Conduct fraud risk assessments and design anti-fraud audit programs
Audit IT and cybersecurity risks using proven frameworks and internal audit focus areas
Evaluate the effectiveness of Enterprise Risk Management (ERM) systems
Develop a fully risk-based internal audit plan using practical assessment techniques
Apply a maturity-based approach to risk prioritization and audit resource planning
Downloadable Materials:
Lecture 15 : EBook - Fraud Risk Checklist for Auditors
Lecture 27: EBook - Risk Based Audit Plan Template
This Advanced Risk-Based Auditing course equips you with the knowledge and tools to evaluate risk from multiple dimensions—governance, fraud, strategic, IT, and enterprise-wide. You’ll explore globally recognized frameworks (like COSO, ISO 31000, and COBIT), examine real-world audit planning practices, and learn how to deliver impactful audit recommendations that support organizational success.
Whether you're auditing corporate governance, assessing ERM maturity, or building a risk-based audit universe, this course gives you the framework and confidence to lead.
Who Is This Course For?
This course is ideal for:
Internal auditors and audit managers
Risk and compliance professionals
IT auditors and cybersecurity professionals
Governance and fraud examiners
Audit team leads preparing for strategic audit roles
Professionals seeking to elevate their audit planning and risk assessment skills
If you're ready to shift from routine audits to high-impact, risk-driven engagements—this course is for you.
Requirements
Basic knowledge of internal audit principles and control processes
Familiarity with risk management and governance concepts
Some professional experience in auditing or compliance
A computer with internet access for accessing course materials
(Optional) Awareness of frameworks like COSO, ISO 31000, or COBIT
Course Content Includes:
Video Lectures & Expert Commentary
Downloadable Resources & Checklists
Lifetime Access & Certificate of Completion