Practical Approach to Risk Based Internal Audit Date: 11 – 12 October 2017

INTRODUCTION

TheIns(tuteofInternalAuditorsdefinesRiskBasedInternalAudi(ng(RBIA)asamethodologythatlinksinternalaudi(ngtoanorganiza(on’soverallriskmanagementframework.RBIAallowsinternalaudittoprovideassurancetotheboardthatriskmanagementprocessesaremanagedeffec(velyandappropriatelytotheriskappe(te.

Buteveryorganisa(onisdifferentintermsofitsaEtudestorisk,organisa(onalstructures,internalprocessesandprocedures.Experiencedinternalauditorsneedtoadapttheseideastotheneedsoftheirorganisa(oninordertoimplementRBIA.Onceimplementedcorrectly,RBIAofferstremendousadvantagestoanycompany.

Thisintensive2-daycourseprovidesathoroughoverviewofRBIAprocesses,planningstagesandmeasurementstrategies.Youwillgaintheprac(caltoolstosetup,analyseandmanageRBIAwithinyourorganisa(on.

LEARNING OUTCOME Bytheendofthiscourseyouwill:

• HaveasoundunderstandingofRiskBasedInternalAuditfunc(onandprocessandbeabletodifferen(ateitfromaregularinternalauditapproach

• Gainthetoolstosetupandaffec(velymeasuretheframeworkwithinyourorganisa(on

• UnderstandtheroleofCOSOandERMininternalaudi(ng

TARGET PARTICIPANTS This practical hands-on training course is designed for professionals from corporates, financial institutions and risk sensitive organisations. The following job titles/ positions will benefit from attending:

• Board members, especially risk and audit committee chairs and members • Chief Risk Officers • Heads of market, credit, and operational risk • Head of Risk Management • Chief Compliance Officers • Chief Audit Officers • Chief Financial Officers • Actuaries • Treasurers • Auditors (External & Internal) • Bank regulators and examiners • Risk management consultants

Risk Based Internal Audit - A 2-Day Programme What is Risk Based Internal Auditing?

• An introduction to Risk Based Internal Auditing • Traditional Approach versus Risk Based internal approach • Stages of Risk Based Internal Auditing • Measuring the effectiveness of Risk Based Internal Auditing

Risk Based Internal Auditing – Background

• Rationale behind Risk Based Internal Auditing • Internal Audit – Definitions, objectives and scope • The “Expectations Gap” • The RISK BASED Internal Audit • Comparison to the traditional approach

Risk Management

• Understanding risk • The attributes of risk – Likelihood & Consequence • The Risk Heat Map • Audit risk • Business risks – classification, internal & external, controllable & non-controllable

The COSO risk management framework

• Understanding COSO • COSO — An Integrated Risk Management Framework • The COSO ERM Framework • COSO in Finer Detail • Updates to COSO

Basic concepts of risk management

• Risk capacity, risk appetite, risk response • Inherent & residual risk • Entity risk assessment & Business process risk assessment • Significant risk • Risk register

ERM – Enterprise Wide Risk Management

• ERM and the Board of Directors • What is covered under ERM

Risk Maturity

• What is risk maturity • Why it is important • Risk maturity levels • Scorecard for assessing risk maturity • Analysing the risk maturity results

Using a Risk Based Internal Audit (RBIA) Methodology

• Audit is of management of risks and not of risk • Key reporting areas in the management of risks • Documenting Board assurance requirements and risk appetite • Audit strategy & risk maturity • Selecting individual risks to audit • Frequency of coverage • Including the Risks into an Audit Assignment • Importance of selecting the right auditable unit

Stages of RBIA

• Assessing risk maturity • Preparing the audit plan • Conducting the assurance audit • Reporting to the appropriate level

Model Process for Assessing & Evaluating Risks

• Risk assessment steps and tools • Risk identification • Business Activities that are Sources of Risk • Operational Risk and its categories • Risk identification methods • Industry risk models • Choosing which methods to use • Typical risk areas • Risk estimation (Risk measurement/ Risk scoring) • Risk evaluation • Risk Heat map & Actions Needed • Using risk scores

Risk Assessment Tools

• Market survey • Dependency modeling • SWOT analyses • Event tree analysis • BPEST (Business, Political, Economical, Social & Technological) • Fault tree analysis (Root Cause Analysis) • FEMA (Failure Mode and Effect Analysis)

Internal Audit Process In this section we cover the complete Internal Audit Process including the RBIA methodology. This includes the need for the Internal Auditor to become acquainted with the business and the industry allowing him to assess the risk maturity which determines his/her ability to provide the RBIA assurance and to review the risk assessment done by management and the her/his conclusion whether this risk register may be relied upon. The process covered includes:

• Strategic analysis • Enterprise risk assessment • Internal Audit Plan development • What Risks to Audit – An Alternative Approach • Internal Audit execution • The Process Risk Matrix • Reporting • Issue Resolution tracking

Case Study: How the RBIA methodology is applied This is an illustrative case study showing how the RBIA methodology is applied in a real world environment. Comparing the Two Methodologies

We compare the RBIA methodology to the regular audit methodology and examine them in terms of: • Managing risk • Setting responsibility for risk management, and • Usefulness to the Board of Directors

REGISTRATION FORM Practical Approach to Risk Based Internal Audit

PARTICIPATION FEE

B$2,800.00 per par t ic ipant (For Stakeholders only)*

B$3,200.00 per participant (For Non-Stakeholders and Public)

(Stakeholders are AMBD and all domestic banks in Brunei Darussalam)

Your fee includes a workshop manual, practical sessions, refreshments &

lunches, and certificate of attendance (for full participation). Payment must be made prior to the commencement of the

programme.CANCELLATION:

* CIBFM operates a strict NO CANCELLATION POLICY upon receiving registration from organisations.

* CIBFM reserves the right to postpone/cancel the programme should the minimum of 10 participants are not met.

This programme is redeemable from SBS up to 25%.

VENUE OF TRAINING:

CIBFM, ILIA BUILDING, UBD CAMPUS, UBD, TUNGKU-LINK HIGHWAY, BRUNEI DARUSSALAM Tel: 2461221 / 2461223 Fax: 2461224 Email: Hanizam@cibfmbrunei.com

PLEASE REGISTER THE FOLLOWING NAMES:

SUBMIT YOUR REGISTRATION BY:

21 September 2017

APPROVING OFFICER

1

Name:

Position:

Email:

Contact No.

2

Name:

Position:

Email:

Contact No.

3

Name:

Position:

Email:

Contact No.

Name:

Designation

Organisation

Email

Contact No.

About CIBFM

ILIA, LEVEL 3, UNIVERSITI BRUNEI DARUSSALAM CAMPUS, JALAN TUNGKU-LINK BE 1410, NEGARA BRUNEI DARUSSALAM

CIBFM is the Centre of Excellence for the finance industry in Negara Brunei Darussalam. Under the purview of Autoriti Monetari Brunei Darussalam (AMBD), CIBFM plays an important role in developing the human capacity in the areas of banking, finance, leadership and management.

Accredited by Brunei Darussalam National Accreditation Council as a Training Institution, all CIBFM’s training programmes are recognised as Value Added Qualifications. In its role to enhance human capacity development, CIBFM organises high profile events in partnership with renowned institutions and the support of AMBD. CIBFM’s signature events are Leadership Conference (LeadCon) and the Brunei Darussalam Islamic Investment Summit (BIIS).