Course Catalog

This course is intended to help scripters support internal audit departments and improve their testing processes, and reviews the scripting process from planning to development to interactivity and export.
View course details
This course focuses on key building blocks of modern IT audit, physical and logical security, including identity and access management, the threats to web-based e-commerce, best practices and standards for auditing servers.
View course details
This course covers the common architecture of cloud computing and examines the security and controls of SaaS, PaaS, and IaaS. It also covers the deficiencies that exist in cloud-based services and how Security-as-a-Service can be helpful.
View course details

When given a project to audit, the task may seem daunting and impossible. Many will not know where to start. Through this course, students will understand the importance of auditing capital projects and will learn tips and tricks to determine the project's risks and risk mitigation techniques. The course will be a general overview and will enable an auditor to develop an audit workflow, prioritize tasks, and understand how all the pieces of the projects fit into one another. Students will be able to have a more intelligent conversation with the project management staff, as some common terms will be defined in the course. Students will also be able to develop effective audit strategies. There are many complexities in understanding the payment process that may affect the findings discovered during the audit. Students will be walked through the chaos to better understand issues and document the correct findings amount. This course will also review some of the most common myths and misconceptions about having a contract and auditing it. Being able to understand contracts and contract risks will be discussed so that students can more effectively understand what the wording means and how a simple word can change the entire intention. Consequently, students will learn what the correct word choice should be and why the contract may not be as strong as they first imagined. Lastly, students will understand what is typically found during an audit and why the audit is important. They can bring this knowledge back to the audit committee or senior management to become a champion that will encourage further audits and to better protect the organization.

View course details

This course provides internal auditors with a foundation for approaching an audit of company culture. Learners will be exposed to key drivers and frameworks that can help establish guidelines and parameters around the somewhat nebulous topic of culture. This course will prepare internal auditors for performing an audit of culture by first exposing them to ways in which an organization can be assessed. 


We will review how attitudes towards risk, organizational strategies and values, structure, communication styles, and decision-making processes all factor into assessing organizational stances of culture. We will also explore considerations that auditors should be aware of when preparing to perform an audit of culture. Learners will leave this course with a better understanding of how to factor these considerations into their audit work and execute their audit engagement. Finally, this course will illustrate how to best perform an audit of culture and share the audit report with key stakeholders to yield improved outcomes for employees and organizational leaders.

View course details
This course focuses on how in-charge auditors lead audits. You will review audit program development and changes, risk assessments, setting priorities, delegation, managing staff performance, reviewing workpapers and stakeholder management.
View course details
This course provides an overview of the Enterprise Risk Management (ERM) process and all the underlying elements of ERM, including risk appetite, governance, and roles and responsibilities. The course includes the attributes that make an ERM process effective, such as addressing black swans, using risk-driven metrics, and linking ERM with the organization's strategy. Most of the course will involve methods for auditing the ERM process by assessing the process according to the COSO framework, comprising five components and twenty principles. The course also includes ISO 31000, a summary of key highlights, and a comparison of the commonalities and differences between the ISO risk management framework and the COSO risk management framework. The course also covers the application of concepts using examples, case studies, exercises, and ERM reporting to various stakeholders.
View course details

An effective audit will produce a desired or intended result.  It is built on a broad and deep assessment of an area, process, or system.  It "begins with the end in mind," and creates a meaningful plan an auditor and/or audit team will follow.  An efficient audit is one where we work productively with minimum wasted effort or expense.   Audit leadership sets in motion themes and expectations, based on risk assessment and communication with stakeholders inside and outside internal audit.   Effective auditing means having a firm grasp on the scope, budget, resources, personnel, and timeline dedicated to a project.  Auditors need to be able to manage unplanned issues while moving forward on audit goals and tasks in progress. An efficient audit requires focus and discipline to stay the course.   This course explains and provides examples of who, what, why and how to structure and manage a more in-depth and meaningful process and produce great results for both client and auditor.

View course details
This course provides a comprehensive review of the COBIT framework, and its IT governance, management, control, and audit elements. It covers how to use this framework to evaluate the effectiveness of IT activities.
View course details

As auditors, communication is an integral soft skill that must be honed. This course is intended to provide internal auditors of all experience levels with the tools and techniques used to improve communication and identify communication missteps. We will begin with an overview of communication channels, styles, and their purpose. With this foundation, we will determine which channel is most appropriate given different situations — a discerning communicator is an effective communicator! It is vital that auditors familiarize themselves with the array of communication tools they have at their disposal. This course will review these tools and provide learners with guidance as to when and how to use them effectively. By learning to become agile and adaptable, learners can become more tactical and specific in their communication strategies.

View course details
Students explore cybersecurity scenarios designed to reinforce the knowledge of effective control design, execution, risk warning signs and investigative techniques. Students also learn how to implement and assess controls effectively.
View course details
This course covers the critical aspects of data mining that auditors should know, what data to use, how to incorporate data mining into audit methodology, how to assess critical business functions and essential analytical procedures
View course details
This course reviews audit planning best practices so the work focuses on the right areas, like how to develop a business-focused, objective-based plan that will zero in on business issues and maximize the value of expended audit resources.
View course details

More and more today, companies are deciding to undertake the journey to employ Development Security Operations (DevSecOps) as an evolutionary extension of the Agile principles. Change management processes are continuous and largely automated in a DevSecOps environment, which can be challenging for Internal Audit teams, as they must shift their mindsets about IT risks and the controls in place to mitigate them.
DevSecOps is a software development and delivery approach that emphasizes communication and collaboration between development, security, and IT operations, building on Agile and Lean thinking to provide technology faster, with greater stability, quality, scalability, and security. DevSecOps encompasses many teams involved in the software development and delivery process. The “Dev” side incorporates developers, front-end designers, and quality assurance. The “Ops” area brings in system administrators and support teams responsible for the product after it’s been moved to production. The “Sec” area covers all the cybersecurity professionals responsible for system control, compliance, and secure applications.
In a DevSecOps centric organization, tools are used to automate historically manual tasks, such as code quality checks, execution of test scripts, and deployments. These factors raise some questions about the efficacy of traditional change management controls in the environment, especially Separation of Duties (SoD).
Automation does not have to mean that humans are left out of the process. Manual decisions still need to be made to tell the automated tools how to perform. These human-centric aspects of the process should also be considered in the risk-management approach.
All these challenges and more need to be identified, discussed, and put into perspective as organizations seek to make the transition towards a DevSecOps methodology. The benefits can be numerous, but the risks are plentiful, and the decisions your customers make are the difference between successful implementation and failure.

In this course, we will delve into the DevSecOps methodology, assessing how and where auditors can find their footing. We will cover best practices that need to be on the forefront of business leaders’ minds as a DevSecOps culture is adopted, identifying key shifts in mindset that must occur for a seamless transition from manual transactions to automated process flows. Finally, with a forward-thinking approach, we will address how organizational teams can work together in a DevSecOps environment, prioritizing tools and resources that will facilitate meaningful collaboration.

View course details

There is a need for public companies to provide investors and consumers with information on organizational operations as it pertains to sustainability initiatives that companies use to drive financial performance. These sustainability initiatives are summarized around three key factors — environmental impact, social responsibility, and good corporate governance. 


This course will provide business professionals with a historical background on how these Environmental, Social, and Governance (ESG) factors evolved and how they play an important part in a company's current financial reporting and corporate disclosures. We will look at the current landscape of recommended ESG reporting standards outlined by various organizations and how you can leverage them to create your own set of policies and controls for ESC reporting and disclosures. Finally, we will also look at ESG from an investor's and consumer's perspective and give an overview of how companies are positioning their ESG reporting in alignment with their investments, interests, and values.

View course details
An effective audit team works together cohesively and towards the same end goal. This course will show you how to build teamwork, communicate effectively, deal with difficult people, enable change and work effectively with others.
View course details

Internal auditors must act ethically while reviewing and making recommendations to improve the structures and processes that promote appropriate ethics within their organizations. To do this, they must understand the principles and practices that drive ethical decision-making, the roles that various parties play setting expectations, monitoring results, rewarding compliance, and correcting deviations. All organizations are under pressure to meet business objectives while managing the variety of ethical views of their diverse stakeholders. This course provides a solid foundation on the values, organizational structures, roles, responsibilities, and best practices driving ethical conduct in a complex and rapidly changing world, how organizations create capacity to address new scenarios, and how internal auditors can meet their mandate to evaluate the design, implementation, and effectiveness of ethics-related objectives, programs, and processes.

View course details
The course will provide an overview of forensic auditor duties and responsibilities as applicable to various engagements, both in civil and criminal cases.
View course details

This course provides audit practitioners a comprehensive understanding of the types of fraud affecting organizations and shows proven techniques for preventing and detecting fraud.  

View course details
This course teaches how to use data analytics to identify fraudulent activity. It combines fraud risk assessment and the use of data analytics to assist the auditor in responding to the risk of fraud within their audits.
View course details
This course covers ways to create risk statements, assess fraud risk, and verify the necessary controls are in place. It also provides information on fraud deterrence and detection in high-risk business processes
View course details
This course covers different types of process automation, considerations before implementation, and how to assess them. It includes functional specific tools, robotic and cognitive automation tools, governance and understanding workflows.
View course details
In this three-day course, you will learn traditional and operational auditing concepts, gaining proven tools and techniques for performing effective audits. This course provides insights for conducting internal audits effectively.
View course details
In this course you will learn how to implement a GRC framework, what boards and their audit committees need, and how to work with executive management to set the appropriate tone for ethics, compliance, investigations and fraud reporting.
View course details
In this course students learn audit leadership and management tools that will enhance their role as a leader, improve the performance of the audit team, and boost its profile in the organization.
View course details