AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

IIA Award in compliance audit and assurance

Presented by: Marian Silltow CFIIA CIA

The purpose of this course is to provide a framework for those who work in a compliance or assurance role. This framework will help to underpin understanding about the importance of the assurance work they undertake as well as to ensure the quality of that assurance work.

By compliance or assurance role we mean those who work in the second line of defence or those who have assurance responsibilities within the first line of defence.

Who should attend?

  • new entrants to a compliance or assurance role with little or no experience of how to ensure they are providing credible assurance
  • subject matter experts who join or are seconded to a compliance role who need to get up to speed quickly with the tools and techniques needed to provide assurance
  • those who work in a compliance or assurance role in their own organisation or those who undertake compliance/assurance reviews in third party organisations, for example audits of third-party compliance with outsourced contracts
  • internal auditors with a remit to collaborate with / provide oversight or review of a compliance function.

What will I learn? 

Upon completion you will be able to:

  • confidently articulate the compliance role and its importance to your organisation
  • assess the framework by which the senior leadership team can encourage better understanding of risk, control and compliance across the organisation
  • understand where you fit within the Chartered IIA’s three lines model
  • compare your compliance strategy / structure / reporting line to good practice
  • have an awareness of and understand how to develop different types of plan or scheduling work for the year or quarter – continuous risk monitoring, risk-based planning based on risk maturity and a defined compliance universe
  • prepare a risk statement and understand issues around internal control such as control design effectiveness assessment, types of control and control activities
  • have an awareness of the steps to follow in an outcome based review
  • plan risk-based compliance reviews using the appropriate audit documentation and applying your knowledge of risk and internal control
  • design a compliance test programme that will enable testing of key controls and generation of appropriate sample sizes and evidence
  • evaluate the quality of the evidence collated, formulate findings and conclusions, and appreciate the techniques involved in preparing an effective compliance report
  • assess the quality of their own methodologies in providing credible assurance on their compliance universe.

Course programme

What is compliance audit?

  •  the different compliance roles

 Importance of the compliance role

  • why a compliance function is an integral part of the assurance framework
  • examples of organisational failures

 Accountability and culture

  • why culture plays a key role in helping to achieve a good control environment
  • role of the executive team in setting the culture of the organisation particularly in relation to risk and control
  • use of cultural indicators by the compliance team
  • defining accountabilities and responsibilities for assurance across the three lines model

 Establishing a compliance function

  • key issues that need to be resolved if the compliance team is to be established with appropriate support and resources
  • effective reporting lines

 Annual planning – putting the schedule of work together for the coming year / quarters

  • awareness of the different types of planning – continuous risk assessment, risk maturity-based planning approaches
  • the compliance universe – the boundaries of the assurance activity for the compliance team
  • risk based planning – can you rely on the risk management framework?
  • risk based planning – where you can’t rely on the risk management framework

    - gathering information
    - analysing information / use of risk factors
    - impact / likelihood assessment

  • analysing the results of the assessment / prioritising work for the year
  • approval of the plan
  • continuous monitoring of the plan during the year

 Writing risk statements and internal control

  • how to write a risk statement
  • using the risk statement in individual compliance reviews
  • the linkage between strategic objectives, processes, risks and controls
  • what is a control? What is the linkage between strategic objectives, processes, risks and controls?
  • the importance of control design, key controls, control activities and impact assessment to the compliance role

 Planning the compliance review

  • approaches to compliance reviews – outcome based and risk based
  • agreeing a sponsor for the compliance review / agreeing roles and responsibilities during the review for stakeholders and the compliance audit team
  • collating key documents including the use of data analytics
  • meeting stakeholders
  • completing a risk and control matrix / understanding key controls and types of control
  • control design effectiveness testing / walkthrough testing
  • test strategies / using testing procedures
  • terms of reference


  • types of test / compliance and substantive tests
  • writing a test programme to test controls / being aware of the different types of testing techniques such as meetings, observation, analysis, calculation, examination of documents, reconciliation
  • statistical and non-statistical sampling - selecting samples based on the risk maturity of the activity under review
  • collecting evidence to test the operating effectiveness of controls
  • evaluating and assessing the quality of the evidence and how this has been documented in the draft report
  • root cause analysis


  • writing up issue, effect, root cause and context / has the risk been managed / is it in alignment with the defined risk appetite?
  • what should the executive summary look like?
  • challenging the report – what is the likely reaction of the reader?
  • presenting the compliance reports


  •  how confident are we in the quality of the assurance we are giving?

Pre-course work

There will be some pre-course preparation for this module which you will be advised on upon confirmation of your booking.

CPE competency areas covered

  • Performance (Internal control | Engagement planning | Engagement fieldwork | Engagement outcomes)

14 CPE points

All training courses are subject to our Fair Collection Notice and Privacy Policy