Course Catalog
When given a project to audit, the task may seem daunting and impossible. Many will not know where to start. Through this course, students will understand the importance of auditing capital projects and will learn tips and tricks to determine the project's risks and risk mitigation techniques. The course will be a general overview and will enable an auditor to develop an audit workflow, prioritize tasks, and understand how all the pieces of the projects fit into one another. Students will be able to have a more intelligent conversation with the project management staff, as some common terms will be defined in the course. Students will also be able to develop effective audit strategies. There are many complexities in understanding the payment process that may affect the findings discovered during the audit. Students will be walked through the chaos to better understand issues and document the correct findings amount. This course will also review some of the most common myths and misconceptions about having a contract and auditing it. Being able to understand contracts and contract risks will be discussed so that students can more effectively understand what the wording means and how a simple word can change the entire intention. Consequently, students will learn what the correct word choice should be and why the contract may not be as strong as they first imagined. Lastly, students will understand what is typically found during an audit and why the audit is important. They can bring this knowledge back to the audit committee or senior management to become a champion that will encourage further audits and to better protect the organization.
This course provides internal auditors with a foundation for approaching an audit of company culture. Learners will be exposed to key drivers and frameworks that can help establish guidelines and parameters around the somewhat nebulous topic of culture. This course will prepare internal auditors for performing an audit of culture by first exposing them to ways in which an organization can be assessed.
We will review how attitudes towards risk, organizational strategies and values, structure, communication styles, and decision-making processes all factor into assessing organizational stances of culture. We will also explore considerations that auditors should be aware of when preparing to perform an audit of culture. Learners will leave this course with a better understanding of how to factor these considerations into their audit work and execute their audit engagement. Finally, this course will illustrate how to best perform an audit of culture and share the audit report with key stakeholders to yield improved outcomes for employees and organizational leaders.
An effective audit will produce a desired or intended result. It is built on a broad and deep assessment of an area, process, or system. It "begins with the end in mind," and creates a meaningful plan an auditor and/or audit team will follow. An efficient audit is one where we work productively with minimum wasted effort or expense. Audit leadership sets in motion themes and expectations, based on risk assessment and communication with stakeholders inside and outside internal audit. Effective auditing means having a firm grasp on the scope, budget, resources, personnel, and timeline dedicated to a project. Auditors need to be able to manage unplanned issues while moving forward on audit goals and tasks in progress. An efficient audit requires focus and discipline to stay the course. This course explains and provides examples of who, what, why and how to structure and manage a more in-depth and meaningful process and produce great results for both client and auditor.
As auditors, communication is an integral soft skill that must be honed. This course is intended to provide internal auditors of all experience levels with the tools and techniques used to improve communication and identify communication missteps. We will begin with an overview of communication channels, styles, and their purpose. With this foundation, we will determine which channel is most appropriate given different situations — a discerning communicator is an effective communicator! It is vital that auditors familiarize themselves with the array of communication tools they have at their disposal. This course will review these tools and provide learners with guidance as to when and how to use them effectively. By learning to become agile and adaptable, learners can become more tactical and specific in their communication strategies.
More and more today, companies are deciding to undertake the journey to employ Development Security Operations (DevSecOps) as an evolutionary extension of the Agile principles. Change management processes are continuous and largely automated in a DevSecOps environment, which can be challenging for Internal Audit teams, as they must shift their mindsets about IT risks and the controls in place to mitigate them.
DevSecOps is a software development and delivery approach that emphasizes communication and collaboration between development, security, and IT operations, building on Agile and Lean thinking to provide technology faster, with greater stability, quality, scalability, and security. DevSecOps encompasses many teams involved in the software development and delivery process. The “Dev” side incorporates developers, front-end designers, and quality assurance. The “Ops” area brings in system administrators and support teams responsible for the product after it’s been moved to production. The “Sec” area covers all the cybersecurity professionals responsible for system control, compliance, and secure applications.
In a DevSecOps centric organization, tools are used to automate historically manual tasks, such as code quality checks, execution of test scripts, and deployments. These factors raise some questions about the efficacy of traditional change management controls in the environment, especially Separation of Duties (SoD).
Automation does not have to mean that humans are left out of the process. Manual decisions still need to be made to tell the automated tools how to perform. These human-centric aspects of the process should also be considered in the risk-management approach.
All these challenges and more need to be identified, discussed, and put into perspective as organizations seek to make the transition towards a DevSecOps methodology. The benefits can be numerous, but the risks are plentiful, and the decisions your customers make are the difference between successful implementation and failure.
In this course, we will delve into the DevSecOps methodology, assessing how and where auditors can find their footing. We will cover best practices that need to be on the forefront of business leaders’ minds as a DevSecOps culture is adopted, identifying key shifts in mindset that must occur for a seamless transition from manual transactions to automated process flows. Finally, with a forward-thinking approach, we will address how organizational teams can work together in a DevSecOps environment, prioritizing tools and resources that will facilitate meaningful collaboration.
There is a need for public companies to provide investors and consumers with information on organizational operations as it pertains to sustainability initiatives that companies use to drive financial performance. These sustainability initiatives are summarized around three key factors — environmental impact, social responsibility, and good corporate governance.
This course will provide business professionals with a historical background on how these Environmental, Social, and Governance (ESG) factors evolved and how they play an important part in a company's current financial reporting and corporate disclosures. We will look at the current landscape of recommended ESG reporting standards outlined by various organizations and how you can leverage them to create your own set of policies and controls for ESC reporting and disclosures. Finally, we will also look at ESG from an investor's and consumer's perspective and give an overview of how companies are positioning their ESG reporting in alignment with their investments, interests, and values.
Internal auditors must act ethically while reviewing and making recommendations to improve the structures and processes that promote appropriate ethics within their organizations. To do this, they must understand the principles and practices that drive ethical decision-making, the roles that various parties play setting expectations, monitoring results, rewarding compliance, and correcting deviations. All organizations are under pressure to meet business objectives while managing the variety of ethical views of their diverse stakeholders. This course provides a solid foundation on the values, organizational structures, roles, responsibilities, and best practices driving ethical conduct in a complex and rapidly changing world, how organizations create capacity to address new scenarios, and how internal auditors can meet their mandate to evaluate the design, implementation, and effectiveness of ethics-related objectives, programs, and processes.
This course provides audit practitioners a comprehensive understanding of the types of fraud affecting organizations and shows proven techniques for preventing and detecting fraud.