Risk-based Auditing for Financial Institutions and Regulators
The epic collapse of the BCCI, Barings Bank and Enron has confirmed the importance of risk management in organizations. For the banking industry, the issue is even more complexified by the arcane volatility of the financial markets. This has prompted renewed regulatory interest in risk management of financial institutions. Emerging regulations such as the Basel II Accord, Sarbanes-Oxley Act and COSO control framework now dictate new audit requirements that focus on enterprise and operations risks to help management deal with problems before they crystallize into monetary losses. This is what we call Risk-Based Auditing – a process that focuses on the organization’s business risk – those risks which can affect a company’s profitability or the activities that hold the key to its survival.
For financial institutions, auditing to meet regulatory requirements for operational risk management imposes the need for Risk-Based Auditing geared towards addressing new types of risks emanating from new products, services, and technologies, demanding enhanced monitoring of activity that only a risk-oriented audit process can achieve. This course has been designed to teach participants risk-based audit practices and procedures in financial institutions.
Course Outline:
• Regulatory Requirements for Risk-Based Auditing: Basel II Accord, CBN, NDIC, etc
• Enterprise and Operations Risk Management Frameworks
• Review of CBN’s Framework for Risk-Based Supervision of Financial Institutions
• Accounting and Banking Industry Risk-Based Audit Requirements
• The Audit Challenge of Operational Risk Management
• Overview of Risk-Based Audit Process
• Conducting Operational Risk Assessment for Audit Planning Purpose
• Risk Assessment for Individual Banking Products, Services and Functions & Technologies
• Developing Bespoke Risk-Based Audit Program
• Using Risk-Based Auditing for Fraud Prevention
• Conducting Risk-Based Auditing: Procedures and Workpapers
• IT Risks & Audit – Regulatory Requirements
• Operational Risk Auditing of IT Systems
• Case Studies