IA Module 3 -- Critical Knowledge Foundations for Internal Auditors: Governance, Risk Management, and Control (GRC)
Monday, May 1, 2023 – Tuesday, April 30, 2024
The definition of Internal Auditing promulgated by The Institute of Internal Auditors (IIA) speaks to the critical areas of value adding coverage and services Internal Auditors can and must bring to their organizations. These include the key areas of: governance, risk management, and (internal) control (GRC).
Internal auditors play vital assurance and consulting roles for organizations and their stakeholders. The significant reliance placed on internal auditors by organizational management teams, boards of directors/audit committees, external auditors, regulators, and other key stakeholders, cannot be overstated.
An integral component in supporting these roles are the knowledge foundations that auditors bring to the fore in applying their technical and analytical skills when assessing core areas of organizational governance; risk management (including fraud related risk management); compliance; and (internal) control (GRC). This course lays the critical foundation for strengthening the knowledge base of auditors at all levels in these critical areas of organizational GRC processes and performance.
- Identify the core roles and responsibilities of Internal Auditors with regard to organizational governance, risk management, and controls (GRC)
- Strengthen understanding of major IIA and COSO GRC guidance and frameworks
- Clarify distinctions and expectations of internal auditors regarding regulatory compliance and internal control assurance
- Expand knowledge of GRC principles, concepts, and practical audit application and integration strategies
- Governance, Risk Management, and Compliance/Control (GRC) – Internal Auditor’s positioning, roles, and responsibilities
- IIA GRC guidance overview
- COSO (Committee of Sponsoring Organizations) history, guidance, and frameworks overviews
- Critical knowledge foundations and fundamentals:
- Risk Management/Enterprise Risk Management (ERM)
- Internal Control
- Fraud Deterrence/Fraud Risk Management
- IT/Cyber security risks/controls
- Effective GRC coverage related alignment/integration opportunities and strategies for IAs
- Industry specific guidance/ considerations