
Plan internal audit engagements aligned with the annual plan, secure resources, and execute an audit program from risk assessment through fieldwork, including design and operating effectiveness tests.
Learn how engagement objectives and scope frame internal audits under the new IIA standards. Identify risk-based planning, materiality, and tests that cover governance, risk, and internal controls.
Assess how the scope of engagements and coverage of significant risks shape engagement reports. Exercise due professional care by reporting material findings within the defined scope and objectives.
Explore the workflow of an engagement from the annual internal audit plan through planning, preparation, field work, and report drafting, covering risk assessment, data collection, and controls design.
The lecture explains how internal auditors identify and cover significant risks through detailed risk assessments, risk inventories, and control evaluations, guided by due professional care and the code of ethics.
Learn IT general controls across IT strategy, operations, security, and change management, including separation of duties and Cobit 5 alignment of IT with business risk.
Explain how to perform a walk through to identify root causes of control failures, assess training gaps, consider deliberate omissions, and propose improvements such as training, escalation, or control redesign.
Determine the operating effectiveness of internal controls by applying tests of controls, focusing on safeguarding assets, and evaluating background tests and inventory controls.
Explore interview approaches for internal audit, including structured, behavioral, and situational interviews, and master skills like active listening, note-taking, open questions, and handling nonverbal behaviors.
Explore process maps and benchmarking to compare current, ideal, and actual workflows, identify risks and inefficiencies, and apply internal, competitive, industrial, and best in class benchmarks for auditing.
Explore risk control matrices as a focused audit program that links objectives to risks, assesses controls and operating effectiveness, and documents risk-based thinking for team accountability.
Identify objectives before risks and build a risk control matrix using the Kozo framework; assess inherent risks, design controls, test operating effectiveness, and report findings.
Use generalized audit software to read the total loan file, age by last payment, and stratify samples by current or non current to test collateralization and aging.
Explore statistical process control concepts, including upper and lower control limits and natural variation, and apply trend analysis to uncover unreasonable relationships in cost data.
Discover how persuasiveness hinges on sufficient, reliable, and relevant information that is factual, replicable, and credible, supporting audit observations and objectives.
Explain direct evidence and its certainty, compare primary and secondary evidence, and show how corroborative, analytical, and testimonial evidence support audit findings.
Evaluate audit evidence types and identify the most persuasive sources, from real estate deeds to vendor invoices, and explain the forensic information systems auditor as an expert witness.
Define ratios as a division, interpret kpis, and assess operational and liquidity performance using inventory turnover, days of sales outstanding, current ratio, and quick ratio.
Identify supervision points from engagement planning, audit engagement letters, risk assessment, to final audit report, ensuring standards and scope are met.
Explore the main types of internal audit engagements, including assurance, consulting, control self assessments, and fraud examinations, with emphasis on independence, audit committee approvals, and planning.
Explore due diligence in merger and acquisition engagements, identifying the least valid reason for a merger, such as stock prices rising, and examine diversification, cost reduction, and cross-border acquisition dynamics.
Audit external business relationships by evaluating formal and informal contracts, unilateral and bilateral clauses, express or implied agreements, and risks like non-compliance, intellectual property threats, conflicts of interest, and disruptions.
Explore contract basics, including mutual agreement, consideration, competent parties, and power of attorney, plus remedies and proper subject matter for lawful objectives.
Explore the costs of quality, detailing prevention, appraisal, internal and external failure costs. Emphasizes early prevention and higher quality inputs to avoid defects, transportation damage, returns, and reputational damage.
Define due diligence in mergers and acquisitions, detailing pre acquisition and post acquisition stages, buyer and seller perspectives, price assessment, and how internal auditors adjust offers or cancel deals.
Explore how security audits protect assets and information integrity by assessing data storage risks, backups, labeling, and access controls, including ISO 27001 classifications and disaster-ready replication.
Audit data protection policies across GDPR, the Australia Privacy Act, and Japan PIPA. Assess consent, collection, use, retention, access, disclosure, security, and data quality.
Explore the internal control environment and its base role, examining board and management attitude and actions, code of ethics, risk assessment, and hiring practices to strengthen monitoring and control activities.
Explore how assignment of authority and responsibility, human resource policies and practices, commitment to competence, and organizational structure shape the internal control environment and risk monitoring.
Explore compliance audit checks in a medical supplies company by reviewing safety training logs, anti-money laundering training verification, forklift driver certifications, and the appropriateness of testing debit accounts against receipts.
Assess environmental compliance through internal audits that cover health and safety, carbon reporting, waste reduction, environmental management systems, and due diligence on land and hazardous substances.
Plan internal audit engagements by defining objectives, scope, and criteria, outlining risk-based procedures and working papers, and considering staffing under standards 2210.
Distinguish extent from nature in internal audit engagements. Explore how materiality, geographic and department limits, and planning shape tests of controls, substantive procedures, and analytical methods in engagements.
Define engagement work programs as the tests, risks, and objectives guiding internal audit engagements, and learn how they support planning, assurance, and resource allocation for the audit.
Define your internal audit manual by detailing organisation, planning procedures, risk assessment methods, sampling, engagement procedures, and supervision. Emphasize quality assurance, self-assessment, KPIs, and clear sign-off processes to evaluate performance.
Make internal audit add value by fulfilling the charter, adhering to standards and ethics, and applying a risk-based approach to governance, risk management, and internal controls.
Translate a strategic risk assessment into a three-year, risk-based internal audit plan by prioritizing processes, incorporating management and audit committee feedback, and aligning resources for annual engagement planning.
Align the annual internal audit plan with the organization's strategic plan by ensuring audit objectives support business objectives and comprehensive risk coverage.
Create a risk-based internal audit plan from a documented annual risk assessment and an audit universe, with management and board consultation and consulting engagements added and approved.
Explore how audit approaches evolve with risk management maturity, shifting from control-based and process-based methods to risk-based auditing aligned to organizational maturity.
Coordinate with assurance providers to minimize duplication and improve coverage by sharing plans, data, and findings with external auditors. Clarify reporting lines and independence to ensure board oversight of assurance.
Map and evaluate assurance across organizational risks by plotting risks against departments and risk owners, rating inherent and residual risk with color scales, and integrating internal and external audit coverage.
Communicate significant risk exposures and residual risks to the board and senior management, evaluate internal controls and risk management, and report internal audit plans and KPIs with governance insights.
Explore how the balanced scorecard structures internal audit KPIs across financial, customer, processes, and learning and growth, covering budget, cost savings, independence, and ethics.
Define what would make internal audit effective, identify stakeholders, and develop KPIs on effectiveness and efficiency to communicate results to senior management and the board.
Learn to communicate engagement results, acceptance of risk, and monitor implementation status of audit recommendations via a confirmation process emphasizing preliminary and quality communication, interim reporting, and final audit report.
Learn to craft accurate, objective, clear, and concise audit communications, avoiding acronyms, incorporating mitigating circumstances, and delivering complete, timely, constructive reports.
Communicate interim progress during the audit, flagging scope changes and high-impact issues that require immediate attention, and include closed-during-audit items with date updates in the final report.
Describe the risk and implications of audit findings, identify root causes, and propose remedies that address underlying issues. Recommend realistic action plans with owners and monitoring to mitigate risk.
Explore internal audit opinions, including engagement and overall opinions, and discuss maturity matrices for risk management and internal controls, highlighting the difference between positive, negative, and qualified assurances.
Learn how internal audit opinions rely on documenting observations and seeking management agreement on operating performance criteria, with recommendations that enable engagement and practical corrective actions.
Understand the acceptance of risk in internal audit, including escalation from middle to senior management and to the board. Learn how the board sets risk appetite and approves mitigation actions.
Learn to monitor progress, assess engagement outcomes, and establish a robust follow-up on the implementation status of internal audit recommendations, including evidence, management reporting, and audit committee oversight.
We are glad to bring you a preparation course for the Part 2 of the Institute of Internal Auditor’s (IIA) Certified Internal Auditor (CIA) certification.
This teaches the new syllabus of the CIA and includes a 402 page slide deck given to download in the course.
You can start with any part of the CIA, and starting with the CIA Part 2 will give you the knowledge and tools necessary to perform, supervise and eventually manage internal audits.
This course aims to decrease the time you need to prepare for the exam. It includes instructor support for your questions.
It will review the key notions necessary for the exam and includes practice questions in each section and tips on exam strategy.
The course will help you learn how to perform internal audit, starting from how to plan them, to how to perform and report on engagement results.
You will learn tricky concepts such as how to perform risk-assessments and how to evaluate information.
Most importantly, it aims to help you ‘think’ like an internal auditor, which I find is essential for scoring highly on the exam as well as being a great internal auditor.
The course covers:
CIA Part 2 Introduction and Exam Strategy
Introduction to the CIA certification, overview of the content of CIA Part 2.
A. Engagement Planning
Understand how to properly plan engagements by determining their objectives, criteria and scope. Create working papers which conform with the Standards and learn about different ways an internal audit
B. Information Gathering, Analysis, and Evaluation
Learn how to collect engagement information and then analyze and evaluate it. Learn how to supervise engagements.
C. Engagement Supervision and Communication
Know how to apply supervision in an engagement and how to communicate with stakeholders.
Extra Resources: Help on Particular Types of Engagements
An extra resource to help you on different types of engagements you might encounter as an internal auditor.
Reinforcement learning on key points of the CIA.