How to Assess Risks and Evaluate Controls
Mr. Keith has over 40 years of audit experience and served as the Chief Audit Executive for the Metropolitan Atlanta Rapid Transit Authority (MARTA) for 11 years before his retirement in 2012. His other audit experience includes serving as Operational Audit Manager for five years and was a Senior Auditor in the Contract Compliance Audit Branch at MARTA. He was also a Senior Auditor at Norfolk Southern Railway (formally Southern Railway), and a Bank Examiner at the Federal Reserve Bank of Atlanta.
He was a volunteer seminar instructor for the Institute of Internal Auditors. Some of the courses taught include:
- Writing Effective Audit Reports
- Tools and Techniques for the Beginning Auditor
- Communication Skills for Auditors
- Leadership Skills for the Auditor-In-Charge
- Audit Project Management
- CIA Review Course
He currently teaches audit webinars, including:
- Writing Effective Audit Observations
- Putting the Quality in Audit Reports
- What it Takes to be the Auditor-In-Charge
- Risk-Based Operational Audit
- Assessing Risk and Evaluating Controls
He has a degree in Economics from Clark Atlanta University. His certifications include Certified Internal Auditor (CIA), Certified Fraud Examiner (CFE), Certified Government Auditing Professional (CGAP), and Certified Internal Control Auditor (CICA).
Every organization is set up to accomplish its primary business objective. Whether it is a “for-profit” organization or a “not-for-profit” organization, there is always a primary business objective. And whenever there is an objective, there is always the risk that the objective will not be achieved.
Management has the responsibility to assess risks and establish controls to ensure that business objectives are achieved. Internal Audit has the responsibility to evaluate those controls to determine if they are adequate and effective.
For the auditor, the process starts with the development of a risk-based annual audit plan to identify the various risk areas. The risk areas are prioritized and subject to audit based on the high-level risk assessment. Each area is further subject to a more detailed review of their particular risks and controls.
There are certain Institute of Internal Auditors (IIA) standards that are required in the evaluation and communication of the risk and control assessment. There are also other resources available to auditors to assist them in their evaluation of risks and controls.
The objective of this webinar is to provide an understanding of:
- Risk and control related definitions
- Relationship between risks and controls
- Control loop
- Broad risk categories
- Types of controls
- Control limitations
- Management responsibility as it relates to risks and controls
- Internal audit as it relates to risks and controls
o Develop a risk-based annual audit plan
o Conduct a preliminary survey
o Determine audit objectives
o Determine audit scope
o Conduct fieldwork
o Communicate the results
- Related IIA Standards
- Exercises to strengthen knowledge
- Case Study
Course Level - Basic
Who Should Attend
- Chief Audit Executives
- Audit Directors
- Audit Supervisors
- Audit Managers
- Staff Auditors
- Government Auditors
- Compliance Auditors
- Internal Control Specialists
- Public Accountants
- Accounting Analysts
- Business Analysts
- Quality Control Specialists
Why Should You Attend
This class is designed to give you the basics for assessing risks and evaluating controls. We will discuss the responsibilities of management and internal audit as it relates to risks and controls. We will do a case study to follow the process from beginning to end. We will also do some exercises to further strengthen your knowledge.