Governance, Risk and Compliance

Course Schedule

Day 1 - Sunday 20 August, 2017
Opening Session

Presentation
Course details
Presentation of attendees
 

Session One

Understanding Governance, Risk, and Compliance
What is GRC?

  • There are two different defnitions of GRC. What are they and why are there differences?
  • Examining the only defnition that makes sense, from OCEG
  • Group discussion
     
Tea Break & Networking
Session Two

Digging into Governance

  • Is there a common, generally accepted defnition of governance?
  • What does it mean in practical terms?
  • Where do the more frequent governance failures arise?
  • Leadership by ownership or representatives of the owners: the more common issues
  • The role of a board; executive teamwork; shared objectives
  • Vision, strategy, and objectives
  • Measuring performance
  • Ethics, whistle-blower lines, and investigations
  • Oversight of the external auditor
  • The role of the legal function
  • Who is responsible for the culture of the organization?
  • Group discussion
     
Lunch Break & Networking
Session Three

Understanding risk management

  • Why do so many executives and board members see little value beyond compliance in risk management
  • The relationship between risk management and decisionmaking
  • How risk management enables success, not just avoiding failure
  • Why do we take risk?
  • How often is risk managed?
  • Who manages risk? What is the ideal role of the risk practitioner?
Tea Break & Networking
Session Four

Understanding risk management

  • The value of a periodic review of risks
  • Why heat maps fail to paint the right picture
  • Risk appetite, tolerance, and taking the right level of the right risks
  • Where does insurance ft?
  • Providing useful information about risk to the executives and the board
  • Group discussion
Day 2 - Monday 21 August, 2017
Session One

Compliance and audit fundamentals
The compliance function

  • An effective compliance function starts with knowing with what you have to comply
  • How can you ensure 100% compliance?
  • How much compliance risk should you take?
  • Policies, training, testing, and certifcation
  • Monitoring compliance risk
  • Fraud risk
  • Who is responsible for compliance?
  • Where does internal audit ft?
  • Reporting non-compliance
  • Group discussion
     
Tea Break & Networking
Session Two

Internal audit fundamentals

  • What is the role of internal audit? What is its purpose, its mission?
  • Examining the defnition and principles for effective internal auditing
  • Where should internal audit report?
  • Independence and objectivity
  • Group discussion
     
Lunch Break & Networking  
Session Three

Moving to auditing the risks that matter and helping the organization succeed

  • Is our job to help the organization succeed or to point out defciencies?
  • What are the risks that matter? Are they the risks that internal audit traditionally audits?
  • What is enterprise risk-based auditing? What are we trying to assess?
  • How do we know what matters? What are techniques for fnding out?
  • Can internal audit assess non-traditional areas of risk?
  • Case studies/Group discussion/Exercises

The dynamic internal audit plan

  • How often should the audit plan be updated? What is meant by an agile or dynamic audit plan?
  • The concept of a rolling audit plan
  • Explaining agile auditing to the audit committee or owners
  • Who is responsible for the audit plan?
  • Group discussion
Tea Break & Networking  
Session Four

Defning audit engagements that matter

  • Reliance on ERM
  • When to perform an assurance and when to perform a consulting/advisory engagement
  • When does should internal audit not perform an audit?
  • How many audits does it take to assess an area of risk?
  • Understanding the relationship of IT general controls to business risk
  • What if you don’t have the resources you need?
  • Case studies/Group discussion/Exercises
     
Day 3 - Tuesday 22 August, 2017
Session One

Internal audit and GRC
Communicating audit results

  • What is the purpose of an audit report?
  • What needs to be communicated and to whom?
  • The purpose of a closing meeting
  • Selling audit fndings and recommendations – effecting change
  • Attributes of an effective communication
  • Should we move away from traditional audit reporting?
  • Case studies/Group discussion/Exercises

How do you know when internal audit is world-class?

  • What are the distinguishing characteristics of world-class internal auditing?
  • Does passing a Quality Assurance review guarantee suffcient quality and value?
  • What is the value of internal auditing? Who measures it?
  • OK, you are world-class – what is next?
  • Group discussion
Tea Break & Networking
Session Two

Internal audit’s role in fraud and fraud risk assessment

  • Is it internal audit’s role to prevent, detect, or investigate fraud?
  • When does internal audit get involved?
  • How do you assess the risk of fraud?
  • The skills and competency required to address fraud
  • An overview of a fraud investigation
  • Group discussion
Lunch Break & Networking  
Session Three

Auditing governance processes

  • What is organizational governance? Is it limited to the board or owners?
  • Why audit governance processes? Where is the risk?
  • When to perform assurance and when to perform advisory work
  • How to communicate the results of the audit
  • Case studies/Group discussion/Exercises

Auditing risk management

  • Why should internal audit assess the management of risk?
  • Should the audit be against policies, a standard or framework, or something else?
  • How to communicate the results of an audit?
  • Group discussion
Tea Break & Networking  
Session Four

GRC

  • Now we understand the pieces, let’s ft them together
  • How is the sum greater than the parts?
  • Silos and fragmentation
  • How failures in GRC inhibit success
  • Coordination among assurance functions
  • GRC projects
  • The value (or not) of software
  • Group discussion
     
Certifcate Distribution & Workshop Closure

Closing thoughts

  • Other topics of interest
  • Closing discussion
  • Awards and Recognition
     
Course Program
Time Topic
Day 1
08:00 to 08:30Registration & Introduction
Day 1-3
08:30 to 10:15Session One
10:15 to 10:30Tea Break & Networking
10:30 to 12:15Session Two
12:15 to 13:15Lunch Break & Networking
13:15 to 14:30Session Three
14:30 to 14:45Tea Break & Networking
14:45 to 16:00Session Four