Assessing Business Risk

Seminar duration 1 day

Introduction
Field of Study Auditing
CPE hours available 7.5
This unit introduces the instructor(s)/participants,
Course levels III, IV
provides an overview of the seminar, and creates the
Knowledge levels C, D
environment needed for a positive/rewarding
seminar experience In this unit, we will:

ƒ Meet the instructor(s) and participants

ƒ Discuss your expectations and the seminar
objectives/topics
ƒ Create the environment needed to deliver an
effective seminar

Business Risk Fundamentals

Create the foundation needed to deliver the seminar.

In this unit, we will:

ƒ Confirm our collective understanding of

several basic business risk assessment terms
and concepts
ƒ Examine the internal audit/risk assessment
process and identify potential opportunities
and disconnects

Enterprise Risk Assessment

Enhance our collective understanding of the model

for risk assessment at the enterprise level. Provide
participants with an opportunity to
ƒ Benchmark their risk assessment tools and
practices.
ƒ Sharpen their risk identification and evaluation
skills.

In this unit, we will:

ƒ Learn how to develop an inventory of
auditable activities
ƒ Examine risk factors, weights for risk factors
and various scales assigned to risk factors.
ƒ Know different methodologies for performing
risk assessment

© The Institute of Internal Auditors, Inc.

 Assessing Business Risk

ƒ Learn various sources for obtaining information about each activity

ƒ Understand how to evaluate and use the risk assessment results

Engagement Planning Considerations

Introduce the model for risk assessment at the internal audit engagement level. Provide
participants with an opportunity to
ƒ Benchmark their engagement planning practices.
ƒ Improve your understanding of business processes/objectives and risks.

In this unit, we will:

ƒ Understand how risk relates to business objectives
ƒ Examine internal audit planning considerations and success factors
ƒ Review several business processes and practice identifying significant objectives
and potential risks
ƒ Explore approaches/techniques that can be used to “understand the business”

Engagement Risk/Control Assessment

This unit focuses on prioritizing risks and evaluating control design. In this unit,
participants with an opportunity to:
ƒ Benchmark their risk assessment tools and practices
ƒ Sharpen their risk identification and control evaluation skills

In this unit, we will:

ƒ Discuss tools/practices that can be used to create a “seamless” enterprise and
engagement level risk assessment process
ƒ Examine several techniques that can be used to prioritize risks
ƒ Open up the “control identification” and “control design evaluation” toolboxes and
practice using these tools on the WMSS Personnel internal audit engagement

Engagement Objectives/Programs
Complete our review of the engagement level risk assessment model. Provide
participants with an opportunity to:
ƒ Benchmark their engagement objective setting and program development
practices
ƒ Improve their ability to develop value added internal audit objectives and
strategies

In this unit, we will:

ƒ Discuss how to develop value added audit objectives and work programs
ƒ Apply these ideas on the WMSS internal audit engagement

© The Institute of Internal Auditors, Inc.

 Assessing Business Risk

Value-added Applications

Demonstrate how risk assessment tools and techniques can be used to add value on
internal audit assurance and consulting service projects.

In this unit, we will discuss risk assessment impact on:

ƒ Enterprise Risk Management
ƒ Internal Audit Consulting Services

Putting it All Together

Wrap up the seminar by recapping several key points and give the participants a final
opportunity to benchmark their risk assessment practices/plans and ask questions.

In this unit, we will:

ƒ Revisit the course objectives/your expectations for the course
ƒ Revisit the risk assessment process overviews
ƒ Discuss additional risk assessment resources
ƒ Have a final benchmarking discussion

© The Institute of Internal Auditors, Inc.