IIA Award in compliance audit and assurance
The purpose of this course is to assist those who are working in a compliance or assurance role to understand their responsibilities. By compliance or assurance role we mean those who work in the second line of defence or those who have assurance responsibilities within the first line of defence.
Who should attend?
- new entrants to a compliance or assurance role with little or no experience of how to ensure they are providing credible assurance
- subject matter experts who join or are seconded to a compliance role who need to get up to speed quickly with the tools and techniques needed to provide assurance
- those who work in a compliance or assurance role in their own organisation or those who undertake compliance/assurance reviews in third party organisations, for example audits of third-party compliance with outsourced contracts
- internal auditors with a remit to provide oversight or review a compliance function.
What will I learn?
Upon completion you will be able to:
- confidently articulate the compliance role and its importance to the organisation as well as preparing and assessing the effectiveness of a reporting structure for the compliance team
- develop a risk-based periodic plan based on the defined compliance universe underpinned by an appropriate rationale
- generate the terms of reference for a compliance review from relevant research, controls identification and test strategy
- design a compliance test programme that will enable testing of key controls and generation of appropriate sample sizes and evidence
- evaluate the quality of the evidence collated, formulate findings and conclusions and appreciate the techniques involved in preparing an effective compliance report
- assess the quality of their own methodologies in providing credible assurance on their compliance universe.
What is compliance audit?
- different compliance roles
Importance of the compliance role
- where you fit within the governance and risk structure and your accountability and responsibility for providing assurance
Governance structure (s) for compliance teams
- effective reporting lines and key stakeholders
- cultural barriers to achieving successful stakeholder relationships
Periodic plan – putting the schedule of work together for the coming periods
- the compliance universe – the boundaries of the assurance activity for the compliance team
- gathering information
- analysing information / use of risk factors
- impact / likelihood assessment
- analysing the results of the assessment / prioritising work for the year
- approval of the plan
- reviewing the plan on a quarterly basis
Writing risk statements and internal control
- how to write the risk statement
- using the risk statement in individual compliance reviews
- the importance of control design, key controls and impact assessment to the compliance role
Planning the compliance review
- introducing the compliance review
- agreeing a sponsor for the compliance review
- collating key documents including statistical data
- conducting effective meetings
- completing a risk and control matrix / understanding key controls and types of control
- control design effectiveness testing / walkthrough testing
- test strategies / using testing procedures
- terms of reference
- types of test / compliance and substantive tests
- writing a test programme to test controls
- selecting samples based on the risk maturity of the activity under review
- collecting evidence to test the operating effectiveness of controls
- evaluating and assessing the quality of the evidence and how this has been documented in the draft report
- root cause analysis
- writing up issue, effect, root cause and context / has the risk been managed / is it in alignment with the defined risk appetite?
- what should the executive summary look like?
- challenging the report – what is the likely reaction of the reader?
- follow up – what do we look at?
- how confident are we in the quality of the assurance we are giving?
There will be some pre-course preparation for this module which you will be advised on upon confirmation of your booking.
CPE competency areas covered
- Performance (Internal control | Engagement planning | Engagement fieldwork | Engagement outcomes)
14 CPE points