1777 IIA Training Brochure WEB

IIA Training Courses
2011
Building Self Assurance
Welcome to the Chartered
Institute of Internal Auditors
Internal auditing continues to grow in profile, reputation and professionalism.
Recognition of its value as a specialist business discipline is also increasing,
championed by the Chartered Institute of Internal Auditors (IIA).
We are the leading provider of internal audit training, qualifications and

development programmes in the UK and Ireland. Our courses are delivered
by highly experienced trainers with a wealth of practical experience, at
locations across the UK and Ireland.
Professional development for all internal auditors
New to internal audit? The IIA Certificate in Internal Audit and Business Risk or our Beginner’s
course are designed specifically for you (see pages 7 and 15).
Experienced head of internal audit? Our strategy courses will develop your leadership skills
and help you to impress your audit committee (see page 20).
Planning a career in internal audit? Become a Chartered Internal Auditor by taking our
Diploma in Internal Audit Practice and Advanced Diploma in Internal Auditing
and Management.
Need something special?
We create bespoke training packages, tailored to your organisation’s needs and delivered to
your team in-house. Please call us to discuss your training needs.
Members get the benefits
Become a member and get discounts on training courses, events and our flagship event, the
IIA Annual Conference. You will also get access to our magazine, online knowledge centre,
networking opportunities and other benefits.
For information on the Chartered Institute of Internal Auditors and our range of professional
development opportunities visit www.iia.org.uk
We look forward to welcoming you as a delegate and as a member.
To book a course, please visit www.iia.org.uk | trainingandevents@iia.org.uk | 020 7498 0101

Contents
Continuing Professional Development 4
In-house Training 5
Regional Events 6
Internal Audit & Business Risk 7
Professional Development & Practice 14
Stategy & Leadership 20
Risk & Audit 25
Finance & Accounting 41
IT Audit 43
Terms and conditions 47
3
Continuing Professional
Development (CPD)
Maintaining and extending competency, developing personal effectiveness and updating
knowledge are widely recognised as being hallmarks of professionalism.
Continuing professional development (CPD) is an ongoing, structured process designed to

maintain and enhance professional competence. It arises from the changing demands of a
professional role, the desire to improve the quality of service given and the personal ambition of
the individual. It can be achieved through many different types of activity and will be shaped by
the particular range of circumstances in which the individual operates. Hence, any new learning
which impacts favourably on effectiveness within a professional role can be regarded as CPD.
CPD is a broad term referring to any activity that sustains and promotes individual effectiveness in
one’s professional role. The type of activity, and the level and number of hours that are needed,
will vary considerably between individuals, depending on such factors as current job role, prior
training and learning, career ambitions, employer needs, sector demands, other commitments,
development opportunities and costs.
Members can use our online CPD tool to help you plan your professional development
www.iia.org.uk/en/Qualifications_and_CPD/CPD/cpd_module.cfm

“I just wanted to say a big thank you for a super course. The two days
really did exceed my expectations and I am really pleased with how
you got the team to engage and contribute so productively. Thanks for
tailoring the course for us”. Karen Wall - Acting Compliance Audit Manager, NFU Mutual
In-house Training
As the largest supplier of internal audit training, the IIA is committed to the ongoing
development of internal auditors and we offer an extensive programme of training and
learning opportunities. Our in-house training service provides you with a flexible and cost
effective approach to learning where we bring our experts to you.
The benefits
First class training
All trainers are highly skilled in their areas of expertise and have a wealth of personal
knowledge and experience. Many combine training delivery with hands on experience in
internal audit and risk management.
Cost effective
Since the training takes place at your own premises, there is no travel, no time away from
the workplace and no expenses often associated with public training courses. Fees are
charged per day rather than per delegate, therefore staff can be trained at a very low cost
per person enabling you to maximise your training budget.
Flexible
All the courses from our public training programme can be offered on an in-house basis.
Should you require something more tailored to your exact training requirements,
we can also develop a course to suit your specific needs. As you are able to arrange a
date that fits in with existing work demands, in-house training offers the ultimate flexible
training solution.
Immediate impact
By learning in familiar surroundings and having colleagues alongside throughout the training,
the impact throughout the organisation is immediate. Sensitive company information can be
shared and used as real life examples during the course in complete confidence to enable you
to relate your learning directly back to your working environment.
The package
Standard course
Any course direct from the training programme with very few adaptations to format
and content.
Tailored course
Any course from the training programme where the course content, length or main focus
is tailored to suit specific requirements.
Bespoke
Any course specifically developed in accordance with the requirements of your
organisation. The content, length and course focus is discussed and agreed with the
relevant trainers.
5
2011 Regional courses and
seminars at a glance
Assurance Mapping – The Foundations IIA Award in Corporate Governance and
18 April - York Risk Management
21 November - York 9-10 February - York
6-7 April - York
Assurance Mapping – Driving Further Benefits 5-6 July - Cardiff
19 April - York
22 November - York IIA Award in the Internal Audit Planning and
Assurance Framework
The Balanced Scorecard 13-14 April - York
6 May - Glasgow 29-30 November - Cardiff
7 July - Birmingham
18 November - Manchester IIA Award in the Effective Delivery of Audit
and Assurance
The Bribery Act – what it means for internal audit 8-9 March - York
22 March - Edinburgh 13-14 September - York
16 June - Leeds
17 November - Bristol IIA Award in Interpersonal Skills for Audit
1 December - Worthing and Assurance
10-11 March - York
Ethics and Culture – their role in good governance 15-16 September - York
27 January - Birmingham
7 April - Liverpool IIA Award in Information Systems Audit
6 October - Cardiff and Assurance
14-15 June - York
How to audit Corporate Risk Management
27 January - Dublin IIA Award in Compliance Audit and Assurance
16-17 June - York
How to audit Marketing
29 March - Dublin Internal Audit Processes – good practice
and benchmarking
How to audit Expenses and Policies 16 February - Stansted
4 May - Dublin 18 May - Nottingham
7 September - Dublin
How to audit HR
7 October - Dublin Risk Based Internal Auditing – An Audit
Management Course
Internal Auditing – A Beginner’s Course 13-14 July - York
8-10 March - Surrey
10-12 May - Surrey Risk Based Internal Auditing – A Practitioner’s Course
7-9 June - York 12 July - York
6-8 September - Surrey
4-6 October - York A Practical Guide to Evaluating Risks and Controls
8-10 November - Surrey 22-23 June - Dublin
6-8 December - York 30 November - 1 December - York

IIA Certificate in Internal Audit
& Business Risk
Contents A
IIA Award in Corporate Governance and Risk Management 8
IIA Award in Internal Audit Planning and Assurance Framework 9
IIA Award in Effective Delivery of Audit and Assurance 10
IIA Award in Interpersonal Skills for Audit and Assurance 11
IIA Award in Information Systems Audit and Assurance 12
IIA Award in Compliance Audit and Assurance 13
The IIA Certificate is an accredited training programme which combines theory and
practical skills to provide you with a comprehensive overview of the internal audit function.
It will help develop practical, relevant skills and give you • Students can enrol on the Certificate programme at
the confidence to be more effective at work. any time.
The learning programme comprises a mix of self-study and Full details of the Certificate programme and how to enrol
attendance at four two-day courses. can be found on our website www.iia.org.uk
• Study text with learning activities enables you to learn
from your work experience, and apply your learning in
your work
Fees: £3465 + VAT plus student membership
• Guide to completion of the Certificate to help you

complete your Personal Development Log and Courses can also be attended on a stand alone basis.
Professional Experience Record
7
IIA Award in Corporate Governance and Risk Management
Recent developments and corporate failures have demonstrated more than ever the real need for
effective corporate governance and risk management. Internal auditors have a critical role to play
within this and it is therefore important they are up to date with current thinking in these areas.
Who should attend? Course programme

• new entrants to internal audit who do not You will be expected to participate fully throughout this
necessarily anticipate remaining in internal audit course and the following topics will be covered:
as their chosen career path
• introduction to the course and participants
• internal auditors and internal audit managers expectations
• risk managers • introduction to corporate governance
• audit committee members • characteristics of good corporate governance
• specialists who join or are seconded to the • introduction to risk management

internal audit team to assist with specific projects
• risk management practices and principles
or assignments that also require other technical
expertise, for example engineering, health and safety • introduction to internal control
or IT professionals.
• control models and frameworks
This course will be suitable for those who have already had
• embedding risk management
exposure to business and organisational practices through
work experience. • internal audit and risk management
How will this course benefit you? • risk-based internal auditing.
After completion you will be able to: Pre-work

• understand the reasons behind the current state Before the course, you are asked to familiarise yourself with
of play within the corporate governance arena the issues discussed in the complementary study text.
• appreciate and consider current and potential Presented by
future corporate governance initiatives both in
the UK and overseas This course has been designed and developed by the IIA
and will be presented by specialist trainers.
• assess the extent to which your organisation
demonstrates characteristics of good and Note
effective corporate governance
This course is non residential.
• understand basic principles and practices of risk
This is one of the courses that make up the IIA
management including many practical
Certificate in IABR
examples drawn from top UK and overseas
organisations
• appreciate the contribution that internal control

DATES
makes to effective risk management and
governance 9-10 February – York
6-7 April – York
• understand the role that internal audit might
5-6 July – Cardiff
play within an organisation’s risk management
22-23 November – London
and governance efforts
• appreciate some practical tips on embedding

STANDALONE FEES
risk management into the culture of your
Non member - £1020 + VAT
organisation
Member - £920 + VAT
• have an overview of risk-based internal auditing. Full Certificate Programme fee - £3465 + VAT
plus student membership

IIA Award in the Internal Audit Planning and Assurance Framework
The purpose of this course is to assist new entrants to internal audit to gain a comprehensive
introduction. It will help explain the tools and techniques used by internal auditors to assess
whether risk and control processes are adequate.
Who should attend? • audit evidence
• new entrants to internal audit who do not • audit documentation

necessarily anticipate remaining in internal audit
• reporting
• follow up
• those seeking an initial taster of the work of
internal audit Pre-work
• specialists who join or are seconded to the Before the course, you are asked to familiarise yourself with
internal audit team to assist with specific projects the issues discussed in the complementary study text.
or assignments that also require other technical
Presented by
expertise, for example engineering, health and
safety or IT professionals. This course has been designed and developed by the IIA
This course will be suitable for those who have already had
exposure to business and organisational practices through Note
work experience.
How will this course benefit you? This is one of the courses that make up the IIA
After completion you will be able to: Certificate in IABR
• appreciate the work of the internal audit

function and allow you to begin to operate at an
initial level of understanding
• communicate with the internal audit team and

clients, using language and technical terms, as
appropriate, to the situation and requirements
• contribute to the effective delivery of an

audit assignment through appreciation of the
planning, delivery and follow through
of assignments
• demonstrate an understanding of the value

internal audit can add to business
Course programme
You will be expected to participate fully throughout this
course, and the following topics will be covered: DATES
• purpose and role of internal audit 15-16 February – London
13-14 April – York
• professional framework for internal audit
12-13 July – London
• risk based audit planning 29-30 November – Cardiff
• planning an audit engagement
• documenting information STANDALONE FEES

• audit testing Member - £920 + VAT
Full Certificate Programme fee - £3465 + VAT
9
IIA Award in the Effective Delivery of Audit and Assurance
The aim of this course is to help participants develop their skills in delivering an effective audit
Who should attend? Effectively monitoring the progress of an audit engagement
- using monitoring tools
• new entrants to internal audit who do not
- regular reviews
necessarily anticipate remaining in internal audit as their
- corrective action
chosen career path
- handling contingencies
• those seeking an initial taster of the work of internal audit
Identifying effective team working skills
• specialists who join or are seconded to the internal
Time management techniques
audit team to assist with specific projects or assignments
that also require other technical expertise, for example Techniques for report writing and critiquing audit reports
engineering, health and safety or IT professionals.
Delivering value to the audit client
This course will be suitable for those who have already had - challenging accepted practice
exposure to business and organisational practices through - scheduling audit work
work experience - delivering an effective report
- evaluating the audit
How will this course benefit you?
Understanding how to produce effective audit work –
After completion you will be able to:
pulling it all together.
• plan an audit engagement
Pre-work
• develop and negotiate an audit engagement brief
Before the course, you are asked to familiarise yourself with
• understand the techniques that will enable you the issues discussed in the complementary study text.
to successfully monitor the progress of an audit
engagement Presented by
• identify skills needed for effective team working
This course has been designed and developed by the IIA and
• understand how to write effective audit reports will be presented by specialist trainers.
• understand how the effective delivery of an audit can add

Note
value to an audit client
• develop a plan for improving your skills in delivering an
effective audit and apply this to real situations at work. This is one of the courses that make up the IIA Certificate
in IABR
Course programme
course. There is a combination of role play and training
activities aimed at developing skills in an enjoyable and
relaxed environment. The course will cover the
following topics:
DATES
Identifying the criteria for an effective audit
8-9 March – York
Planning an audit to deliver results 17-18 May – London
- setting objectives 13-14 – September - York
- scheduling audit work 6-7 December – London
- identifying resources
- using project management tools and techniques STANDALONE FEES
- communicating the plan for the audit Non member - £1020 + VAT
Preparing, negotiating and agreeing an audit Member - £920 + VAT
engagement brief Full Certificate Programme fee - £3465 + VAT

IIA Award in Interpersonal Skills for Audit and Assurance
The aim of this course is to help participants develop their communication and relationship
building skills for gathering and imparting information during an internal audit assignment.
Who should attend? Interviewing skills

- types of interview
• new entrants to internal audit who do not
- structure of interviews
necessarily anticipate remaining in internal audit
- types of questions
Negotiating skills
• those seeking an initial taster of the work of
internal audit - structure of negotiations
- preparing for negotiations
• specialists who join or are seconded to the
- win-win and other outcomes
internal audit team to assist with specific projects or
assignments that also require other technical expertise, - developing the win-win approach to negotiations
for example engineering, health and safety or Reporting and presentation skills
IT professionals. - critiquing an audit report
This course will be suitable for those who have already had - preparing for oral presentations
exposure to business and organisational practices through - making a presentation and handling questions.
work experience.
Pre-work
How will this course benefit you? Before the workshop, you are asked to familiarise yourself
After completion you will be able to: with the issues discussed in the complementary study text.
• understand why good communication skills Presented by

are important
This course has been designed and developed by the IIA
• understand how to use different communication and will be presented by specialist trainers.
skills across a range of situations
• use your communication skills to develop better

Note
internal auditor-client relationships This course is non residential.
• develop a plan for enhancing your skills in This is one of the courses that make up the IIA
communication and client-auditor relations and Certificate in IABR
apply this to real situations at work.
Course programme
course. There is a combination of role play and training
activities aimed at developing your communication skills
in an enjoyable and relaxed environment. The course will
cover the following topics:
DATES
Principles of effective communication
10-11 March – York
- communication purposes, media, styles, results
19-20 May – London
and process
15-16 September – York
Building effective relationships with clients
8-9 December - London
- effective and ineffective relationships
- expectations of internal auditors STANDALONE FEES
- improving relationships Non member - £1020 + VAT
11
IIA Award in Information Systems Audit and Assurance
Who should attend? • concepts of confidentiality, integrity and

availability and why the information systems
New entrants to audit who wish to undertake information auditor needs to understand and apply them when
systems or information technology audits. Also those who reviewing and accessing information systems
wish to gain a broad experience of audit opportunities.
• importance of continuity planning and back-up
As a refresher or update for the experienced auditor or an
auditor who has returned to internal audit following some • different types of information system audits and
time in the operational side of the business. the skills that are required to undertake them
Specialists who join or are seconded to audit who need to get • logistical issues involved in planning the
up to speed quickly with contemporary IT audit practice or information systems audit
who wish to move into IT auditing.
• information systems audits responsibility in respect
This course is also ideal as in-house tuition. It can be of effective control and how this links to their role
customised to use your own audit working practices to enable in providing assurance
participants to learn in a familiar environment.
• means by which assurance is provided including its
How will this course benefit you? communication in the assurance statement.
After completion you will be able to: Pre-work

• understand the role of the information systems Before the course, you are asked to familiarise yourself with
auditor and his / her relationship with the the issues discussed in the complementary study text.
information systems function
Presented by
• understand and apply computer assisted audit
tools and techniques as appropriate This course has been designed and developed by the IIA and
will be presented by specialist trainers.
• understand and apply the basics of computer
forensics and social engineering techniques
Note
• explain the different types of information system
audit and the logistical issues involved in planning This course is non residential.
such audits This is one of the courses that make up the IIA Certificate
• understand some of the technical issues relating to in IABR
information systems.
Course programme
course and the following topics will be covered:
• purpose of information systems audit
• appreciation of how information system auditors

work with others
DATES
• information systems governance
22-23 February – London
• structure of a typical centralised information
14-15 June – York
technology function
11-12 October – London
• computer assisted audit tools and techniques and when
and how they can be applied
• introduction to computer forensics and explain STANDALONE FEES

how to follow established protocols to maintain a Non member - £1020 + VAT
continuous trail of evidence Member - £920 + VAT
• risks relating to social engineering

IIA Award in Compliance Audit and Assurance
Who should attend? • planning a compliance audit using formal and less
formal approaches including unannounced visits
New entrants to the compliance team who wish to have a
better understanding of how compliance auditing works • testing including developing the test programme,
and what is expected of them. Specialists who join or are writing audit tests, selecting a sample and using
seconded to compliance audit who need to get up to speed compliance and substantive tests
quickly with the basics of compliance audit
• types of evidence including primary and secondary and
The course is suitable for those who undertake compliance how to evaluate audit evidence
audits in their own organisations as well as those who
• prioritising audit findings according to their risk
work within a regulatory / governmental environment who
exposure and working out the overall assurance opinion
undertake such audits in third party organisations.
• appreciate the means by which assurance is provided
This course is also ideal as in-house tuition or if you want to
including its communication in the assurance statement.
benchmark your compliance function against good practice.
• reflections on the mini-action plan.
Pre-work
Before the course, you are asked to familiarise yourself with
• understand the role of the compliance auditor,
the issues discussed in the complementary study text.
the governance framework in which they
operate and the types of audit they can be
Presented by
involved in
• apply appropriate audit techniques to the This course has been designed and developed by the IIA and
development of the compliance audit plan and the will be presented by specialist trainers.
methodology used to plan the audit engagement
Note
• understand and apply relevant techniques to ensure an
effective audit test programme and appropriate sample This course is non residential.
sizes and evidence This is one of the courses that make up the IIA Certificate
• evaluate evidence and determine a reasonable level in IABR
of assurance
• manage the relationship with key stakeholders.
Course programme
course and the following topics will be covered:
• introduction to the course, participants expectations

and the mini-action plan
• purpose of compliance auditing and the difference

between compliance audit and internal audit
DATES
• governance and the compliance function including
cultural, risk, reporting, monitoring and evaluation 24-25 February – London
issues 16-17 June – York
13-14 October– London
• stakeholders of the compliance function and how
to manage the relationships
• types of compliance audit and the responsibilities of a

STANDALONE FEES
compliance team
• developing the annual compliance plan using a variety Member - £920 + VAT
of approaches including a risk based approach Full Certificate Programme fee - £3465 + VAT
13
Professional Development
and Practice
Contents
udit & Business Risk 9
Internal Auditing - A Beginner’s Course 15
“How to Audit” Series Workshops 16
Audit Report Writing 17
Improving Audit Reports for Senior Practitioners

and Heads of Internal Audit 18
Ultimate Persuasion Techniques 19
To book on a course, please visit www.iia.org.uk | trainingandevents@iia.org.uk | 020 7498 0101

Internal Auditing - A Beginner’s Course
As a result of emerging corporate governance requirements in the private and public sectors, the profile
of internal audit has reached an all time high. If you are about to become involved in internal audit, it is
vital that you are aware of the fundamental requirements of the role within today’s organisations.
This three day practical course takes participants from any Interviewing techniques
business sector through the principles, recognised best - types of interview
practices and essential techniques of internal auditing. It - essential features
provides you with guidance on planning and performing audit - use of questions
work in line with the latest standards and current thinking. - body language
- note taking
Who should attend?
Testing, sampling and working papers
New entrants to internal audit, internal auditors with - problems for internal auditors
limited experience and those returning to the function will - effects on auditees
find the course a useful overview. - a testing framework
How will this course benefit you? - evidence
- a working paper strategy
After completion, you will be able to: Computer audit (an overview)
• nderstand the organisation, planning and control of
u - changing role
internal auditing - the generalist and computer auditor
- computer fears
• relate to the current philosophy and practice - organisation of computer audit
- computer audit techniques
• r ealise and manage the behavioural implications of
internal auditing Internal audit reporting
- style
• appreciate the essential techniques to be used.
- structure
Course programme - marshalling information
- clarity
The challenging world of internal audit - words choices and grammar implications
- the purpose Quality assurance of internal audit
- potential and change
- qualitative aspects
- principles of internal audit
- performance measures
- current International Standards for the Professional
- quality standards
Practice of Internal Auditing
- defending internal audit.
Internal audit relationships
- management expectations
Presented by
- image of internal audit L.G. Westwood, FCCA, CPFA, FIIA, Consultant.
- behavioural reactions
Stephen Maycock, QiCA CFIIA, CIRM, Consultant.
- building relationships
- external audit
Note
Fraud and the internal auditor
- what is fraud? This course is fully residential. The fee includes course
- why involve internal audit? materials, two nights accommodation and meals and
- police implications refreshments throughout.
- fraud investigations
Planning internal audit work DATES
DATES
- the audit charter 8-10 March –Surrey
- the audit universe
10-12 May – Surrey
- risk assessment and risk based internal audit 16-17 June – York
7-9 June – York
- strategic, annual and assignment plans 13-14 October– London
6-8 September – Surrey
Risk management, corporate governance and control evaluation
4-6 October – York
- definitions
8-10 November– Surrey
- internal control and COSO
- systems, risk and control objectives 6-8 December – York
FEES
- types of controls
- evaluation techniques and documentation Non member - £990 + VAT
FEES

Non member £1650 + VAT | Member - £1495 + VAT
15
“How to Audit” Series Workshops
Ever since their launch in 2008, the “How to audit” series of practical one day workshops have
proved to be extremely popular. All the topics in the series cover topical and thought provoking
subjects that commonly feature as organisational risks or key systems within organisations.
The “How to audit” workshops are a great way to hear Course programme
about the latest developments in various areas of audit
through an interactive learning approach that mixes input, A blend of theoretical, technical, discursive and practical
practical exercise, shared experiences, post course write approaches covering:
ups and links to additional resources. • risk associated with each subject area
Reduce some of the time it takes for background research • risk mitigation, management and cost effectiveness
by letting the “How to audit” series give you a head start
and new high level perspectives when thinking about your • topical current issues and developments
next audit. These workshops will help you deliver more • ractical re-enforcement through a team based
p
effective and professional assurance to your organisation scenario simulation
over complex and changing subjects.
• audit testing and evidence collation
Who should attend?
• practical problems, obstacles and barriers when
The workshops are designed to be relevant to internal auditing this subject.
auditors from every business sector, private, public and
Presented by
voluntary and for delegates with varying levels of practical
experience. It is most relevant to those about to embark Nigel Freeman, CFIIA, CMIIA, FACTS Limited.
upon an internal audit of the subject and for those who
manage audits that cover the subject area and for anyone
Note
wishing to stay up to date with topical developments and This workshop is non residential.
potential organisational risks.
How will these workshops benefit you?

After completion, you will be able to: DATES
• nderstand the role and importance of key areas
u Customer Service
and how they contribute to the achievement of 25 January - London
26 May - London
organisational objectives and strategy
Corporate Risk Management
• r ecognise the objectives of key areas within any 27 January - Dublin
organisation 9 February - London
5 July - London
• identify and assess risk and appropriate mitigation
association with the key area from an internal audit Management Information
27 May - London
perspective 24 November - London
• s elect and apply effective evidence collection and Procurement - 9 June - London
testing techniques to lead to sound internal audit 25 November - London
assurance Asset Management (New)
30 March - London | 6 July - London
• k now where to go for additional resources and
information to help you audit more effectively. Marketing - 29 March – Dublin
Expenses and Policies - 4 May – London
13 May – Dublin
HR - 7 October – Dublin | 17 October - London
FEES
Non member £390 + VAT | Member £285 + VAT
Dublin: Non member u480 | Member u355

Audit Report Writing
Auditors often, inadvertently, create ineffective audit reports - they are unclear, offer no logical
sequence and fail to convince the reader.
This brief course provides a stimulating and practical Good writing: conciseness and readability
introduction to audit report writing and focuses on report - brevity
structure and effectiveness. - phrasing and jargon
- design and layout.
Who should attend?
Presented by
This hands-on course is open to all, although auditors with
less experience will find it of greatest value. The heart of MindGrove Ltd.
the course is in the correct sequencing and presentation
Note
of observations to create a compelling content. The result
is the production of reports that are seen to contribute This course is non residential.
significant value.

• write a report using information that meets target
audiences’ requirements
• deploy a structure for writing up observations that
maximise acceptance of the audit viewpoint
• apply strategies to maximise conciseness and
improve readability.
Course programme
Audience and framework: empathy for your audience
- the target audience
- approved structures for audit reports
- trends and changes in audit reporting
The nitty - gritty: writing up observations

- the five “cs” approach
- the condition (finding)
- the criterion (yardstick)
- the cause (reason)
- the consequence (effect)
- the conclusion (recommendation)
- quality checking observations
- audit rating scales and opinions
- common variations in report layouts: paragraph
structure / table structure / action strip structure
DATES
2 March - London
14 June – London
5 October - London
30 November - London
FEES
Non member £605 + VAT
Member £500 + VAT
17
Improving Audit Reports for Senior Practitioners and
Heads of Internal Audit
The most difficult audit challenge is to produce an audit report that is businesslike, relevant,
compelling and value-adding.
This one-day course explores the possibilities of improving Audience and readability
report communications by harvesting ideas used by - brevity and communication
successful audit teams. - phrasing, language construction and jargon,
avoiding dullness
Who should attend?
- constructing a house style: preferred rules of
Senior auditors who need to produce persuasive and clear expression, sentence structure and grammar; the use
written communication. of words
How will this course benefit you? - design and layout - page layout, the use of white
space, typographic options, paragraph styling.
Presented by
• e
valuate options for improving reporting within your
organisation MindGrove Ltd.
• deploy a reporting structure that engages and Note

communicates greater value to the reader This course is non residential.
• apply strategies to improve the readability of
finalised reports.
Course programme
Audience and image
- style expectations of your target audience
- house-styling communications - do you really need
branding?
- the message you want your image to promote
- preferred delivery formats: paper, electronic,
or both?
- look and feel of completed reports
Audience and empathy
- trends and changes in the style of audit reporting
- audit rating scales and opinions - translating these
for the reader
- inclusion of synopsis data and high level visual
devices such as temperature maps, visual risk
indicators or scoring tables
- body framework layouts: paragraph structure / table
structure / action strip structure
- inclusion of process maps, images, charts and visual
aids - careful use of meaningful graphics
- generation of alternative formats: reports in word; DATES
reports in excel; reports in powerpoint 2 November – London
- using software to assist quality assurance
FEES
Member £500 + VAT

Ultimate Persuasion Techniques
Tired of all the usual excuses and arguments your colleagues offer you? Fed up with wasting
time arguing hour after hour with someone who will eventually give in and do what you
want? In your job you need to enable smooth transitions to better methods and risk limiting
outcomes. You cannot afford to lose the argument!
You need to draw on all the techniques of persuasiveness The power of body talk
available to you today, and that is what this course will - using your body talk to influence
enable you to do. This course is your answer to the - choosing the words with care
stubborn, the unwilling and the downright difficult. OK, influence me
- role plays to help you practise your new skills
Who should attend?
Permanent commitment
Anyone who needs to get the rest of the department, the
- how to ensure lasting influence
rest of the organisation, the rest of the family or the rest of
- get real not token agreement
the world on their side.
- see it past the new toy stage.
During the course we will use the case studies you have
After completion you will be able to: provided: this is your chance to get a solution for one of
• influence all types of individual your persuasion needs.
• u
nderstand why some people are more difficult than Before attending the course you will be asked to complete
others to persuade and still persuade them a questionnaire to help you think about your approach to
• use your behaviour to help others accept your ideas those you seek to influence. How many of the six key skills
can you claim as your own?
• understand how to build very high levels of rapport
• build
a permanent commitment to any changes Presented by
you introduce. Jane Allan & Associates.
Course programme Note

This course offers you the chance to bring your own This course is non residential.
situations where you need to be more persuasive to the
session and walk away with a solution.
Influencing skills audit
- assertion, expertise, political acumen through
preparation
- effective presentations, client centred
People
- understanding the human psyche
- the hidden effect you can have
- behaviour breeds behaviour
- how to make sure you use your own behaviour
wisely and that no one takes advantage of you
Emotional intelligence DATES
- understand the impact of your emotional intelligence 14 April – London
- use it to influence colleagues, customers and 8 September – London
family alike
- how do your filters work? Are they helping or
hindering?
FEES
Member £500 + VAT
19
Strategy and Leadership
Contents
The Balanced Scorecard 21
Leading the Audit Team 22
The Internal Auditor’s Guide to Strategic Thinking 23
20

The Balanced Scorecard
Principles, practicalities, progress and pitfalls
Who should attend? • practical syndicate working
• CEOs, MDs, FDs and other board / business • overcoming the obstacles to the successful
unit members concerned with defining, articulating, adoption of a scorecard
communicating, and delivering strategic intent
• the importance and use of personal action
• management accountants, IT directors and others planning checklists.
responsible for the preparation, analysis and
presentation of financial and non-financial information Note
to help assure the delivery of the strategy. This course is non residential.
• explore the critical and fundamental role of strategy
maps and how to create them
• acquire a powerful structure for inspiring high
performance through building strategy focused
performance management information that can be
cascaded throughout the organisation
• understand how vision, strategy, objectives, measures,
targets, initiatives, key performance indicators (KPIs)
and their ownership can be brought together
into one comprehensive and extremely powerful
performance management framework
• examine the broader organisational issues associated
with successful balanced scorecard implementation
• evaluate the practical application of the balanced
scorecard to your own organisation and become
focused on what to do next.
Course programme
• role, benefits, and usage patterns of the
balanced scorecard
• structure of the scorecard, the famous four
perspectives, and the critical role of
strategy mapping
• detailed business case studies, including
organisational cascades; and using scorecard
principles to execute strategic intent effectively
DATES
DATES
11 February - London
6 May - Glasgow
16-17 June – York
7 July - Birmingham
13-14 October– London
23 September - London
18 November - Manchester
6 CPD hours (for non-CIMA members)
FEES
FEESmember - £990 + VAT
Non
Non members:
Member - £890£599 +VAT
+ VAT
CIMA and IIA members: £539 +VAT
21
Leading the Audit Team
Motivating and leading a team of individuals under stress is an important skill for managers. There
is often a conflict between the need to get the job done and the needs of the people in the team.
This course is designed to cover a range of skills needed for getting the most from your audit team.
Who should attend? Managing stress

- using HSE guidelines, you will work on the key factors
Managers, audit team supervisors and anyone responsible
which create stress in the workplace and learn how to
for setting up a new team or leading an existing one.
mitigate that stress. The emphasis is on helping team
How will this course benefit you? members to support one another during stressful
After completion you will be able to: work periods
Coaching skills
• recognise
different strengths within the team and
- you will be introduced to a coaching model and
yourself and plan how to use these effectively
practise coaching one another on a work issue
• a dapt your leadership style so that you achieve better
Managing performance
results with each individual
- how to prepare and structure a meeting about
• motivate people through a variety of methods underperformance
• coach and set goals for people - key principles of giving feedback
• manage performance within the team more effectively - group discussion and practical exercises on
managing performance
• r ecognise the symptoms of stress within people and
plan remedial action Managing difficult people
- recognising trigger points in others
• plan the audit with the team.
- managing our reactions to difficult people
The first part of the course focuses on feedback on Belbin - dealing assertively with conflict
team roles. Pre-work questionnaires are issued and the
The audit context
information is collated into a report so that you get a clear
- tips and hints on managing audit teams.
picture of what team roles are best suited to you.
The course is very participative with individual and group Presented by
exercises, case study, role play, tutor input and discussion Ian Middleton, MA, CA, FIIA, Director of Audit and
throughout. Compliance, Scottish Legal Aid Board.
Course programme Elaine Morgan, MAST International.
Putting together the audit team Note

- Belbin team role feedback for each delegate This course is non residential.
- understanding where the strengths and weaknesses
may lie within your team
- what’s different about audit teams?
Leadership styles and how to use them effectively
- the situational leadership model
- you will complete a diagnostic and identify how to
use the four different leadership styles with other
team members DATES
Motivation 10-11 May - London
- recognising different motivational patterns in 6-7 September - London
yourself and others
- working with different motivational triggers to
improve performance
Case study
- this is based on an audit assignment. you will select FEES
the appropriate team and discuss the potential
pitfalls of an audit
Member £920 + VAT

The Internal Auditor’s Guide to Strategic Thinking
Solutions do not just present themselves, problems do not simply go away, plans do not spring
up in perfect detail out of a good night’s sleep: the world of risk is not like that. More and more
organisations are teaching their key people to think strategically. This makes for more efficient
planning, smoother transitions in the time of change and fewer insoluble problems. This course
will show you the techniques and set you on the road to efficient and clever strategic thinking.
Who should attend? The five criteria for strategic thinking. You must get
these right if you are to think strategically
Heads of internal audit, senior internal audit managers and
- organisation
directors of risk management. In essence anyone who has
- observation
to think strategically for the benefit of the organisation or
- views
their department.
- driving forces
How will this course benefit you? - ideal position
After completion you will be able to: Downboard thinking. Life can be like a game of
chess: those who can think ahead to understand the
• understand the techniques required to
consequences of our every move
think strategically
- one move ahead is not enough
• think your way through to innovative solutions - envision the future - how to be a futurist
• work with your own preferred mind pattern - discover opportunities behind obstacles - explore
• get out of your present thinking box patterns of behaviour
• bust out of date thinking Creative and critical thinking. Most of us do not break
away from what we feel comfortable with. If it’s not
• find the way forward in even the trickiest situation
broken, it’s too tempting to leave it alone until it breaks,
• a pply the concept of strategic intent and evaluate its but that might be too late
appropriateness in your department - how to think outside any box you know
• p
repare a competitive analysis of your department with - techniques to reveal your creative mind
recommendations for strategic development, based Checklist for creating a strategy. You’ve done your
on an industry analysis and an understanding of the thinking now you need to make sure the strategy works
company’s current operations and is a winner. Perhaps more importantly that your
• e
valuate your own organisation and your department in colleagues agree
terms of its core competencies - objectives
• build a strategic plan for your section or department. - SWOT
- scenarios, targets and allies
Course programme - tactics and timing.
The course content will be directed specifically at the
Presented by
industries represented in the room and delegate numbers
will be limited to enable participative discussion throughout Jane Allan & Associates.
the day. Please bring any examples with you to work Note
through in your group, as real life situations.
Understand yourself and your thought processes
DATES
- the upper level thinking skills. We do not all use our
brains in the same way. Nor are our brains wired up 21 April – London
exactly like our colleagues. This is what adds value 15 September – London
and additional dimensions to the thought processes
- your personal thinking capacities
- establish your strategic perspective
FEES
Member £500 + VAT
23
Lead your profession – Join the Heads
of Internal Audit Service today
In a highly competitive and increasingly complex business

environment, it’s vital that those leading the internal audit function
within an organisation are at the cutting edge of their profession.
The IIA Heads of Internal Audit Service (HIAS) has been designed to keep you informed of
the important governance, risk management and assurance practices as well as connecting
you with those who understand and share the challenges you face.
As a member of this exclusive service, you will have access to a suite of dedicated services,
designed to keep you informed, up-to-date and ahead of the game:
• Monthly forums and networking opportunities
• Benchmarking survey facility
• Regular news roundup emails
• Online discussion forums
• Member directory of HIAS members
• Executive briefings and analysis.
For more information and to register to join the Heads of Internal Audit Service
go to: www.iia.org.uk/hias or Contact the team on: 020 7819 1906
Risk and Audit
Contents
RBIA - A Practitioner’s Course 26
RBIA - An Audit Management Course 27
Value for Money / Performance Auditing 28
Auditing Projects and Project Risk 29
IT Governance and Risk - for the Non-IT Professional 30
Process Thinking for Auditors 31
Auditing Outsourced Contracts 32
Fraud Risk and the Internal Auditor 33
Auditing Business Continuity Management Plans 34
New Assurance Mapping – The Foundations 35
New Assurance Mapping – Driving Further Benefits 36
New A Practical Guide to Evaluating Risks and Controls 37
New Data Security – Protecting your Data 38
New Money Laundering – Managing the Risk 39
New Internet Investigations and eCrime 40
25
Risk Based Internal Auditing – A Practitioner’s Course
Risk based internal auditing (RBIA) requires internal audit to be strategically and operationally
linked to the business risk and assurance frameworks. How does this relate to internal auditors
going about their day to day business?
The approach can only be truly effective if everyone in the Stage 2: planning and prioritising - the principles
team understands what they are providing assurance on, the - starting with the end in mind
skills required to deliver a risk-based approach and how they - prioritising audits
fit into the wider assurance framework. - resources and skills
This course aims to give auditors an appreciation of the - consulting and reporting
strategy and planning for a risk based approach and the Stage 3: risk based audit assignments
ability to apply RBIA to audit assignments and assurance • assignment planning
reporting. - scoping the audit
Who should attend? - building on what you know
- linking objectives, risks and controls -
All internal auditors providing assurance on control and
a titanic task!
management of business risk within their organisation and
- example working papers
who want to get up to speed with an intensive one
day course. • Delivering assurance
- the role of management
How will this course benefit you? - testing and evidence - how far do you go?
After completion you will be able to: - the concept of risk appetite and agreed action
- your professional opinion
• d
efine risk based internal auditing in theory
- bringing it all together
and practice
- behaviours and competency
• map internal audit and the wider assurance framework - reflection.
• provide assurance on risk maturity
Presented by
• a ppreciate how a risk based audit plan is developed and
This course has been designed and developed by the IIA
audits prioritised
• u
nderstand how to plan, deliver and report on audit
assignments using a risk based methodology Note
• c onsider the skills and competencies required to deliver This course is non residential.
risk based internal auditing.
Course programme
Many sections of this course are based on group exercises
therefore you will be expected to participate fully. The
following topics will be explored:
What is risk based internal auditing (RBIA) and what

does it mean in practice?
- overview of principles and guidance
DATES
- 3 stages of RBIA
- driving forces for change 7 April – London
Stage 1: providing assurance on risk management 12 July – York
- what does good risk management look and feel like? 13 October – London
- the risk maturity continuum and impact on audit
approach
FEES
Member £500 + VAT

Risk Based Internal Auditing - An Audit Management Course
Risk based internal auditing (RBIA) requires internal audit to be strategically and operationally
linked to the business risk and assurance frameworks. Internal audit adds value by providing
assurances that the risk management framework, processes, controls and outcomes are
effective. This is a prime source of assurance for the Board to consider when reviewing and
reporting on the effectiveness of the system of internal control.
The effectiveness and maturity of risk management Stage 1: risk management and maturity
within the organisation will determine how internal audit - what does good risk management look and feel like?
approach their planning and assignments. Applying risk - auditing risk management and forming risk maturity
based internal auditing also enables internal audit to form opinions
an opinion on the adequacy of the assurance framework - where does your organisation sit on the risk maturity
and reliability of assurance sources. New skills are continuum?
- looking at a group, organisation and functional
required of internal auditors to ensure they implement
perspective on risk maturity
RBIA effectively.
- top tips for moving to a risk managed organisation
Who should attend? Stage 2: risk based audit planning
- audit planning case study
Heads of internal audit and senior internal auditors involved in
- mapping risks, processes, business units and
planning and providing assurance on control and management
assurance
of business risk within their organisation. - prioritising the focus of assurance (or what to audit
with limited resources)
How will this course benefit you? - providing assurance on risks which are not being
After completion you will be able to: controlled (treated)
- understanding the concept of risk appetite
• understand what RBIA means and how it might be
- the involvement of management in the audit plan
applied in your organisation
Risk based assignment planning and reporting
• c arry out a risk management review and determine risk - scoping the assignment
maturity and apply the relevant audit approach - monitoring controls - the management role
• produce a risk based audit plan - reporting conclusions and agreeing action - a new
approach
• appreciate how internal audit fits in to your
organisation’s assurance framework and undertake an Reporting on risk and control
- assurance statements from internal audit
assurance mapping exercise
- making assurance statements meaningful
• a pply a risk based audit methodology to audit and useful
assignments Challenges to successful implementation
• p
rovide meaningful assurance statements to your Audit - practical problem solving to provide solutions to
Committee and Board. your barriers.
Course programme Presented by

Many sections of this course are based on group exercises This course has been designed and developed by the IIA
therefore you will be expected to participate fully. This and will be presented by specialist trainers.
course will provide you with practical examples and case
studies of applying risk based internal auditing to: Note DATES
Environment 16-17 March – London
- driving forces for a risk based approach 13-14 July – York
- overview of current guidance - the three stages of
rbia reporting on internal control and giving the
audit committee confidence
Assurance framework
- sources of assurance to the board
- mapping assurance sources FEES
- reviewing the adequacy of assurance Non member £1020 + VAT
- linking the audit plan into the assurance framework Member £920 + VAT
27
Value for Money / Performance Auditing
Organisations are increasingly facing performance driven challenges motivated by the need for
greater economy and efficiency. However, relatively few auditors have in-depth experience of Value
for Money /Performance Auditing.
This unique practice based course brings together the Executing the VFM / performance audit
common elements of VFM /Performance based reviewing - conducting the VFM / performance audit
into a single source for a reviewer. - working with others during the
VFM/performance audit
Who should attend?
- setting and assigning VFM / performance
This hands-on course is designed for all reviewers, particularly audit metrics
internal auditors that need to execute VFM /performance - issues that must be considered in the data
reviews. The delegates will conduct VFM /performance case collection process
reviews as part of the course structure. - issues when analysing data and extracting
How will this course benefit you? conclusions
- documenting the VFM / performance audit
- communication during the audit and quality
• e
xplain the nature and purpose of VFM /performance assurance of the results
auditing - VFM / performance audits - core processes and
• plan and conduct a VFM / performance audit process improvement
• form an opinion on the economy, efficiency and - VFM / performance auditing and information
effectiveness of a system technology
- VFM / performance audits of activities with an
• p
roduce compelling VFM / performancee
environmental perspective
audit reports.
Reporting the VFM / performance audit
Course programme - producing VFM / performance audit reports
What is vfm / performance auditing? - structure and presentation of the VFM / performance
- organisational drivers and objectives - the notion of a audit result - the high impact reporting approach
cascading framework of defined objectives - distributing a VFM / performance audit report for
- VFM / performance auditing and how it relates to the maximum attention and impact
meeting of organisational goals and objectives - follow-up to the audit.
- the challenges of VFM / performance auditing
Presented by
- relating VFM / performance auditing to key
performance indicators, balanced scorecards and MindGrove Ltd.
other forms of measurement Note
- the VFM / performance auditor
Initiating and planning the VFM / performance audit
- a risk-based approach to VFM / performance
auditing: a model framework
- the key steps in the VFM / performance auditing
cycle
- special planning considerations for VFM / DATES
performance audits 14-15 April – London
6-7 October – London
FEES
Member £920 + VAT

Auditing Projects and Project Risk
No one wants to squander money on under-functional or over budget projects. Increasingly, those
with risk related roles are being asked to give assurance that project risks are assessed, governed and
minimised. This course provides an intellectually simulating introduction to the subject of projects
and project risk.
Who should attend? Planning

- good and bad business cases: tangible and intangible; costs
Anyone responsible for assessing or auditing project or
and benefits
programme risk that needs to establish whether project risk is
- project plans: the good and the bad
being properly controlled.
- key performance targets, critical success factors and indicators
This course tackles the Audit of Projects and Project Risk through - risk stemming from technical issues
case work. At the end of the course all delegates will have Teams, metrics and money
become highly project-risk-aware and be able to add significant - the project team: people and risk factors associated with pace
value to the project review process. and stress
- understanding project metrics: independent project auditors,
How will this course benefit you? project offices and project accountants
After completion you will be able to: - communications and quality issues
• identify the critical differences between programmes Hidden dependencies
and projects - encountering and dealing with snags - projects at
intermediate stages - risk proximity, opportunity and impact
• r eview the roles and services that support programmes
- problem inflation and deflation
and projects
- controlling additional costs and time penalties
• evaluate the interplay between risk, cost and time in projects - plan reassessment
• plan for project and programme audits Documentation, change and quality
• describe the types of review that are used to assess projects - project documentation
- change management
• identify when to assess project and programme risk
- quality management
• perform project risk reviews Testing, acceptance and rollout
• report on project risks. - late project corrections
- testing and acceptance
Course programme - rollout
Terminology, players and methods Benefits and outcomes
- defining project and programmes - essential differences - benefits and realisable outcomes
- key players and roles - deciding on project contributions
- project management methods - measuring success and failure
- project diversity - different project types End of project reviews
Managing successful projects and programmes - post project reviews and lessons extraction
- how projects and programmes put organisations at risk - post implementation reviews.
- the risk profile of a typical project
- the audit role in projects and programmes Presented by
- the auditor’s involvement in projects - a suggested MindGrove Ltd.
DATES
working framework
- planning for audit action 3-4 March – London
First steps 28-29 July – London
- how projects are initiated - where and how does risk 1-2 December – London
assessment figure?
- how to assess initial project risk
- factoring in complexity: consortia, partnership operations,
process restructuring and culture risk FEES
- performing an independent risk assessment at project start-up
Member £920 + VAT
29
IT Governance and Risk - for the Non-IT Professional
Although governance is a key corporate issue, discussion of IT governance is often restricted to those
with a strong IT background. The content of this course is pitched at those who are less familiar with
technology but nevertheless have to make a contribution to the subject.
This course spends a significant amount of time examining IT and the law
the latest standards and guidance. - Data Protection Act / Freedom of Information Act
- regulation of investigatory powers act
Who should attend? - surveillance and monitoring at work via electronic
Anyone who wishes to extend their knowledge into the means
field of IT governance or anyone that needs to obtain - computer misuse act
a balanced overview of this subject in order to make a - other applicable legislation
contribution to the governance and risk debate. This course
IT performance risks
does not require an IT background and is suitable for those
- third party managed services, partnerships and
that spend little time working with technology.
outsourcing risks
How will this course benefit you? - service delivery and support best practices
- contingency, disaster and business resumption
planning
• understand how IT facilitates the delivery of IT development risks
organisational objectives - IT project lifecycles - project risk; project
• understand the structures and standards underpinning management standards
IT governance - software lifecycles - software development risk;
• understand the boundaries imposed on information software development standards
technology by UK law IT security risks
• understand the key risks involved in the arrangements for - IT security policies and their role in enforcing good
and support of IT services, software developments and how governance
these can be managed - secure and insecure systems - everyday security
problems and common sense solutions
• understand the major security related risks that occur in
the delivery of IT services and how these can Integrating IT into the audit mix
be reduced. - IT auditing roles in support of the organisations
governance activities.
Course programme
Presented by
IT governance
- connecting IT with the objectives of the organisation MindGrove Ltd.
- dependence on IT for meeting the organisation’s
Note
objectives
- IT governance and governance at large - why pick This course is non residential.
on IT?
- how the board and management should address the
challenge of IT governance
Governance structures and standards
DATES
- ISO/IEC 38500:2008 - a new standard for
24-25 March – London
the corporate governance of information
communications and technology 3-4 November – London
- COBIT, VAL-IT - established frameworks for control
and value
- ITIL, ISO 20000– frameworks and standards for
IT operations
- ISO:27000; GTAG - standards and advisories on FEES
IT security
Member £920 + VAT

Process Thinking for Auditors
This course brings analytical thought to bear on the component parts of a process to show how a
process generates value for the organisation and for its customers and clients, to identify where
particularly to look for risk within a process, and to demonstrate the importance of workflow.
Who should attend? Process flow analysis

Those familiar with internal auditing that want to explore - risk as a factor in the analytical approach
techniques to improve the value and business-relevance of - following flow through a process
their work. - asking the right questions
- service and risk attributes - what are they and where
To ensure practical grounding delegates will spend most of their are they?
time practicing and developing their process skills by working - seeking hidden paths
through examples and challenges. - identifying points at risk and applying controls
- identifying external links
- job roles, segregation and processes
- improving the control chain - reducing the cost of control
• a ppreciate how process thinking incorporated within the audit - reporting process improvements as part of an audit
process generates more businesslike audit results Process thinking
• u
nderstand the attributes of process chains and see how these - kaizen - continuous improvement
generate value for organisations, for customers and clients and - adaptation for audit purposes
how processes can generate or suppress risk - low impact adoption into audit processes.
• deploy a range of new techniques to improve the evaluation
Presented by
of processes and controls
MindGrove Ltd.
• p
erform low-impact process modelling to contribute
quantitative and qualitative value to audit observations Note
and conclusions.
Course programme
The audit paradigm
- adding audit value through process thinking
- risk within processes
- process techniques and auditing - appropriate roles and
strategies
Process chain basics
- concepts of process chain and value
- process chain analysis
- internal views of a process
- client views of a process
- risk and process activities - the hotspots
- process optimisation
- process analysis and its usefulness to audit documentation
Process analysis basics DATES
- core processes - the heart of the matter 19-20 May – London
- process expansion - top down analysis 27-28 October – London
- activity resourcing - quantification of a process
- path of least resource - lowest cost way of performing
the process
- software tools and assistance - smart approaches
FEES
Member £920 + VAT
31
Auditing Outsourced Contracts
As organisations seek to control costs, improve operational standards and increase efficiency, many
will consider the outsourcing of activities.
Outsourcing is often a viable alternative to the direct provision Overview of contract management
of activities, and there are many successful contracts in - outsourcing objectives
place. However, entering into an outsourcing or co-sourcing - transfer of risk
arrangement will bring new risks to the organisation, which - roles and responsibilities
need to be considered, evaluated and appropriately controlled. - elements of the management process
Implementation of an outsourcing arrangement requires review - different approaches to outsourcing
and reorganisation of staffing, development of new process - legal and contractual issues
and communication flows, and the structuring of appropriate Internal audit’s role
contract monitoring arrangements. - changes to the internal audit approach
This course is designed to introduce you to the concepts of - who are we providing assurance to?
outsourcing and the potential impact on business processes. - the new challenges to face
It enables you to consider how you can provide the assurance - a focus on client management roles instead of
that senior management, the Board and other stakeholders seek operations management
when considering the accountability of contracting processes - information needs
- communication flows
and the achievement of objectives.
- where can we add value
Who should attend? Risk
Internal auditors who are relatively new to the outsourcing - business seeking to transfer risk through the
outsourcing process
arena, who would like a greater understanding of outsourcing
- cost implications
and the implications it has for the planning, completion and
- balancing risk and the cost of control
reporting of internal audit work.
- what different risks are introduced through the
outsourcing arrangement
This interactive two day course uses a balance of lecture sessions Contract control and management
and practical case studies to provide you with the knowledge - developing the right structure
and skills to undertake an effective audit of outsourced activities. - matching control to contractual requirements
- qualitative v quantitative assessment
You will develop techniques which enable you to audit - development and use of KPIs
outsourcing arrangements at all stages, from the original - introducing changes in service or activity requirements
assessment of viability and decision making process, through - performance reporting
the agreement of objectives, selection of partner and effective - poor performance - remedy and review
monitoring of the service delivery itself.
Audit approach
• t he objective of outsourcing - why do organisations seek to - considering the drivers for the business
outsource? - considering business history and inherent risk
• key stages within the outsourcing process - determining key risks
- assessing the business control framework
• the objectives and elements of contract management - developing a structured approach to the
• internal audit’s role - what impact does an outsourcing audit work
arrangement have on the planning and delivery of the - focusing on key risk areas.
auditor’s work?
• w
hat are the system risks or ‘what can go wrong?’ within the
Presented by DATES
different stages of the contract Deloitte.
12-13 April – London
- identification of need and assessment of viability
- identification of potential contractors
- tendering and award of the contract
- handover of the activity
- monitoring contract performance
- evaluation against objectives
- termination of the contract FEES
• how to evaluate and map of controls for significant risks Non member £1020 + VAT
• t he development of an audit programme to test the Member £920 + VAT
effectiveness of key controls identified.

Course programme
Fraud Risk and the Internal Auditor
Fraud is a key business risk for all organisations and is estimated to cost the UK economy up to £30
billion per year. Internal audit can provide a unique perspective on fraud risk management within any
organisation and can provide assurance to management that this risk is being adequately assessed
and monitored.
The aim of this course is to enable participants to gain a
greater awareness of the fraud risks facing organisations and to Auditors checklist and action plan, including:
provide information on how internal audit can make a valuable - raising the profile of fraud risk with executive management
contribution in this key area. - scoping fraud in individual audits
- consideration of fraud as part of development and
Who should attend? change Projects
Internal auditors, risk managers and other professionals of - fraud risk awareness workshops
all levels who require a greater understanding of fraud risk
management. Hot topics and fraud in the news
Interactive workshop.
Prework
It is suggested that all participants bring with them (if available)
• identify risks which could result in fraud copies of their organisations:
• provide recommendations to executive/senior management in • anti-fraud policy
managing fraud risk
• whistle-blowing policy
• identify warning signs of fraud in operational audits
• ethics policy
• develop audit programmes to look at fraud issues.
• audit approach to reviewing fraud risk.
Course programme Presented by
This is a participative course which will include face-to-face
training, workshop sessions and a case study. It will encourage Martin Robinson, Education & Training Consultant, Fraud
information sharing and benchmarking by participants. Advisory Panel.
Overview of fraud as a business risk Course materials

Fraud risk management in organisations Course materials will include complimentary copies of relevant
- anti-fraud strategies Fraud Advisory Panel publications.
- fraud detection tools and techniques
Note
- response planning and reporting requirements
- investigations This course is non residential.
- recruitment policies
- training and awareness
- cultural issues
- ethics
Outline of key areas for fraud, including:
- financial
- accounts manipulation
- HR / people DATES
- information technology 24 May - London
- cybercrime 11 October - London
- bribery and corruption
The critical role of internal audit in fighting fraud, including:
- the auditor as facilitator
- contributing to the organisation’s risk register
- auditing fraud risk at strategic and operational levels FEES
Member £500 + VAT
33
Auditing Business Continuity Management Plans
One of the primary risks that organisations face is ensuring the survival of their business in the event
of an incident. Internal audit departments have a key role to play in ensuring that any solutions
developed are appropriate to the organisation and its needs. This one-day interactive course based on
the business continuity management standard (BS 25999) will help you gain the practical knowledge
and understanding needed to enable you to contribute effectively to each phase of the business
continuity process.
Who should attend? The course will be interactive with opportunities for
delegates to discuss issues and to develop skills in an
This course has been designed for all internal auditors who
enjoyable and relaxed environment.
wish to develop or supplement their skills around business
continuity matters. It will however also appeal to those in Each course delegate will receive a copy of the book
security, information systems and business continuity who ‘Auditing Business Continuity Management Plans’ by John
are or will be involved in this area. Silltow and published by the British Standards Institution.
How will this course benefit you? Presented by

After completion you will be able to: This course has been designed and developed by John
Silltow of Security Control and Audit Limited.
• audit all or any part of a business continuity process
• understand the issues facing those developing business Note

continuity plans This course is non residential.
• brief management on the key issues involved in business
continuity planning
• work with and within a business continuity team
• contribute effectively to the development of a business

continuity plan
• become an effective player in any business

continuity exercise.
Course programme
• overview of business continuity
• a brief introduction to BS 25999 and other

relevant standards
• audit and business continuity
• auditing the BCP project
• auditing the business continuity plans
• auditing the testing
• auditing the completed project DATES

13 April – London
5 October – London
FEES
Member £500 + VAT

Assurance Mapping – The Foundations (New)
An assurance map is a key tool to ensure key risks are assured across your organisation, but there
are horror stories of lengthy, complex and incomplete mapping efforts. Through case studies and
practical examples, this one-day foundation course will cover the essential knowledge and skills you
need in order to get started on your journey to develop an assurance map. The benefits will mostly
be felt by senior management and the audit committee as well as internal audit.
Who should attend? Presented by

Head of internal audit and internal audit managers who have an James Paterson, Independent Consultant, Director Bvalco Ltd.
interest in this topic but have not implemented an assurance map
in their organisation or are at the first stages of the process. Note
• benchmark the state of your assurance processes, establishing

the key opportunities that can be taken
• review the lessons learned of successful mapping

implementation, thereby enabling you to develop a concrete
plan of action for your organisation.
Course programme
• understand the different sorts of assurance map and
their benefits
• review the strengths and weaknesses of your current
governance structures in order to see ways an assurance map
is likely to be of value
• work on the key foundations of a successful assurance
mapping initiative to ensure appropriate “quick wins” and
business buy-in to build on this (including consideration of
business case arguments)
• understand future opportunities, including assurance
scorecards and identify potential synergy opportunities.
DATES
8 February – London
18 April – York
27 June – London
12 September – London
21 November – York
FEES
Member £500 + VAT
35
Assurance Mapping – Driving Further Benefits (New)
This one day course is aimed at those who have already started on the assurance mapping
journey but are trying to ascertain “where next” including how to drive more benefit from
what they have already done.
Who should attend? The course provides an excellent opportunity for an

in depth consideration of specific challenges and
Heads of internal audit or other internal audit managers,
opportunities in their organisation to give participants
who have implemented an assurance map (or equivalent)
concrete actions on returning back to work.
in their organisation, but want to drive further benefits
from this. Presented by
How will this course benefit you? James Paterson, Independent Consultant,
Director Bvalco Ltd.
• recap the key ways in which assurance maps can Note

deliver value This course is non residential.
• benchmark progress against best practice and others
• identify the best areas to prioritise to add further value
• improve your understanding of opportunities for

improvement and plan your priorities and develop the
practical next steps that will add value to internal audit
and your organisation.
Course programme
• benchmark the state of your current assurance
mapping efforts
• benchmark with your peers and compare best practice
• explore specific areas for improvement going forward,

including leveraging the key principles from effective
assurance frameworks, the use of assurance scorecards,
and consideration of synergy opportunities
• reflecting on effective strategies for:
(a) dealing with key stakeholders in the assurance mapping

process to ensure any change programme is secure, and
(b) maximising the chances of proper embedding in

“business as usual”.
DATES
9 February – London
19 April – York
28 June – London
13 September – London
22 November – York
FEES
Member £500 + VAT

A Practical Guide to Evaluating Risks and Controls (New)
There are many theoretical models and tools covering risk management and internal control. The
challenge for internal auditors is to understand their benefits and use them in the practical and
effective application of internal audit processes.
The aim of this course is to help you apply theoretical knowledge to - how to distinguish between business risks, process risks, and
practical situations and increase your confidence in the definition of control risks
risks and controls in a manner that will improve the effectiveness of - describing risks in an effective manner
your internal audit work.
Evaluating controls
During the two days you will examine a wide range of models related - understanding the full range of controls
to governance, risk management and internal control. The facilitator
- using control models to identify controls
will use practical examples to demonstrate how these can be applied
to different aspects of the internal audit process. The course will be - the role of monitoring controls
very interactive with opportunities for delegates to put their learning - evaluating controls within the context of control models
into practice through a series of practical exercises. Testing with a clear purpose
Who should attend? - designing effective test strategies

- the use of risk and control models in test design
Internal auditors who have an appreciation of internal audit
- testing within the context of risks and controls
processes, but wish to improve the quality of their work through a
deeper understanding of how theoretical models can be applied to - how to evolve test strategies based on
their everyday work. accumulated knowledge
Analysing internal audit results
How will this course benefit you? - interpreting the results of internal audit work
After completion you will be able to: - putting findings within a business context
• apply risk and control frameworks to a range of internal - use of control models in the formulation of
audit processes recommendations
• work with management at all levels to identify and Providing assurance
understand key risks and controls
- getting the message across - focus on the things that matter
• critically analyse risk and control descriptions (e.g. as
documented in a risk register) - providing assurance within the context of risk and
control frameworks
• define risks and controls in a manner that will help provide
the correct focus for the internal audit work Managing relationships
• use risk and control model to evaluate controls / other risk - how to work effectively with management at each stage of
mitigation strategies the audit process
• appreciate the role of monitoring within risk and Consulting engagements

control frameworks - applying risk and control models in consulting assignments.
• design test strategies suited to each unique situation
Presented by
• use risk and control models to interpret internal audit
results, put findings in a business context and formulate Stephen Maycock, QiCA CFIIA, CIRM, Consultant.
useful recommendations
Note
• feel confident when discussing risks and controls with
management at all levels This course is non
residential. DATES
• use appropriate terminology related to risks and controls.
30-31 March – London
Course programme 22-23 June – Dublin
Risk management 28-29 September – London
- key stages of risk management 30 November – 1 December – York
- applying risk management frameworks to internal
audit processes
FEES
- making effective use of the output from risk management systems
Understanding risk
Member £920 + VAT
- identifying and clarifying risks
Dublin: Non member u1235 | Member u1115
- the difference between risks and issues
37
Data Security – Protecting your Data (New)
Data loss affects business and government entities of all shapes and sizes making prevention
everyone’s business. How certain are you that your systems and controls are robust enough to
prevent data loss? When entrusted with your client’s data, how sure are you that no-one else is
looking at what you can see?
High profile failures in the last few years have meant that • the Data Protection Act and our responsibilities
companies have been served with monetary penalties for serious
• the Human Rights Act and your responsibilities
breaches of the Data Protection Act following new revised
powers by the Information Commissioners Office (ICO). So, • data loss prevention methods – IT people and controls
how safe is your data and could the ICO come knocking on
your door? • how internal audit can provide assurance over the adequacy
of data security policies.
Internal audit has a significant role to play in providing
assurance that management have adequate controls in place to Presented by
protect confidential data from theft and corruption. Dr Stephen Hill, Director - Snowdrop Consulting Ltd.
This half day course demonstrates how to review the Note
effectiveness of your data security safeguards and adopt some
simple measures to help protect businesses and individuals from This course is non residential.
being victims of data loss. Delegates will better understand their
rights and responsibilities under the Data Protection and Human
Rights Act and learn how to react to a possible data breach.
Who should attend?

Business auditors who wish to gain a better understanding of
protecting data within their organisations.

The course is designed for anyone who wishes to better
understand data exposure, data security and the Data
Protection Act.
This will include:
• current data exposures and lessons learnt
• how to safe guard your data
• current Data Protection Legislation
• accountabilities and responsibilities
• what constitutes good practice.
Course programme
This course will include face to face training, group participation
and a case study. DATES
• current state of data theft in the UK 11 March – London
• lessons learnt from government exposures including the 18 October - London
Poynter Review
(Note: This is a half day course - am)
• key IT and people risks to data exposure
• criminal use of stolen data

FEES
Non member – Full day £605 + VAT | Half day £302 + VAT
Member – Full day £500 + VAT | Half day £250 + VAT

Money Laundering – Managing the Risk (New)
Most organised criminal activity is directly or indirectly aimed at making money. The ability to launder
this money to prevent it being associated with criminal activity is a major concern for all organised
crime groups.
This half day course gives an overview of money laundering • verification of identity and ongoing client due diligence
and the associated fraud risk. In addition it will provide useful
• transaction Monitoring and Internal Suspicion Reporting
guidance as to the role of internal audit in the provision of
assurance over the adequacy of risk management and control in • record keeping
this area. Delegates will be guided through the practical steps
• management responsibilities
that a business needs to take to reduce this risk and includes a
review of recent developments in money laundering legislation. • adequacy of training and awareness in the subject of
Through the use of practical case studies, there is an opportunity money laundering.
to discuss the approach to the professional anti-money
laundering practice. Presented by
The programme is designed to help you review the effectiveness Dr Stephen Hill, Director - Snowdrop Consulting Ltd.
of your money laundering regulations and fraud controls looking
Note
specifically at the Proceeds of Crime Act 2002 (PACA) and Money
Laundering Regulations 2007. This course is non residential.
Delegates will be taken through the new risk based approach and
understand the importance of effective due diligence through
“Client Due Diligence” (formerly KYC-Know Your Client).
Who should attend?

Anyone who needs to understand the latest money
laundering regulations.

The course is designed for anyone who needs to understand the
latest money laundering regulations.
• POCA and the 2007 Money Laundering Regulations
• the meaning of “suspicion” and “tipping off”
• the practicalities of reporting
• dealers in high value goods and services.
Course programme
This course will include face to face training, group participation
and a case study.
• introduction to money laundering
• overview of legislation (POCA 2002 and MLR 2007)

DATES
• assessment of money laundering risks 11 March – London
• responsibility for controls surrounding money laundering 18 October - London
and compliance
(Note: This is a half day course - pm)
FEES
Non member – Full day £605 + VAT | Half day £302 + VAT
Member – Full day £500 + VAT | Half day £250 + VAT
39
Internet Investigations and eCrime (New)
With the use of the internet and associated technologies growing rapidly in recent years so has the
opportunity for computer related crime. Unlawful activity can be committed or facilitated online with
criminals trading and sharing information, masking their identity, gathering information on victims and
communicating with co-conspirators. Website, social networks, e-mail, chat rooms, online gaming and
file sharing networks can all provide evidence in an investigation of computer related crime.
This one day course demonstrates how to access the right • how to use specialist tools to automate a search and
information quickly and successfully from the Internet. The retrieve websites from online archives
course will equip delegates in the concepts of the world
• understanding and using Open Source Intelligence (OSINT)
around the Internet and the many supporting tools for an
online investigation. • criminal use of social networking sites for grooming,
identity theft and publicity
It will unravel Internet search engine jargon and make users
more aware of the sources of information available to them • how to determine the owner and location of a website
through a better understanding of advanced searching,
• investigating emails and examining email headers
meta browsing, the invisible web and Open Source
Intelligence (OSINT). • how to gain a webpage’s source code to assist in locating
hidden content and determine actual intent of website
Who should attend?
Anyone who wishes to use the internet more effectively for • how to maintain security and privacy (including anonymity)
when engaged in collecting evidence
research and investigation.
• IT security and protecting your computer.
After completion you will be able to: Presented by
Dr Stephen Hill, Director - Snowdrop Consulting Ltd.
• efficiently surf the web and save time getting the result
you want
Note
• utilise the Internet in a more effective way as an open This course is non residential.
source and/or investigation intelligence tool
• protect yourself online including privacy techniques
• understand Web 2.0 technology and the

benefits/threats posed
• collect intelligence on IP addresses, DNS and email headers.
Course programme
This course will include face to face training, group
participation and a case study. It will encourage information
sharing and benchmarking by participants.
• overview of the Internet and World Wide Web including

the methods to connect online
• surface and invisible (deep) web searching strategies DATES

and tools
4 April – London
• advanced use of internet search tools to efficiently be able 5 December - London
to find more information in less time
• how to search for blogs, podcasts, chat rooms and other

web 2.0 technology including social networks such as
Facebook, LinkedIn and Twitter
FEES
Member £500 + VAT

Finance and Accounting
Contents A
udit & Business Risk 9
The Essential Guide to Treasury Security & Controls 42
41
The Essential Guide to Treasury Security & Controls (New)
This interactive two-day course takes participants through the process of building a secure treasury
environment, from the creation of a framework of policy and delegated authority through to how
treasury should be organised to ensure maximum control of its activities.
Participants will learn about front, middle and back office Role of the accounting function and audit of
functions, external and regulatory requirements and controls electronic payments
and security essential to managing the use of technology - electronic and manual security methods
within treasury, as well as debating the key issues of control
- electronic web dealing
failure. The course draws on real examples where controls
have been weak or have collapsed, illustrating the absolute Market codes of conduct Electronic payments
importance of a well controlled treasury. and system controls
- authorisation
Who should attend?
- audit trails
Treasury managers and controllers, internal and external
auditors, those with responsibility for treasury but without - environment
prior hands-on treasury experience, anyone working in treasury - impact of new technology
dealing or involved with treasury transactions.
Instrument risks and structured derivatives
How will this course benefit you? - some extreme examples of control issues
Participants on this course should leave with an understanding - control in a multinational environment
of the principles and elements of security and control in the - controlling subsidiaries
Treasury environment sufficient to enable them to judge the - special situations
control adequacy of any Treasury and make or recommend
necessary changes. Detection of fraud - how controls can break
down in practice
Course programme - what went wrong in high-profile cases - war story
Policies, organisation structures and skills - examples from real life - four case studies.
- scope of treasury activity
Presented by
- policy, delegation of authority
Brian Welch FCT, FCMA, FCIS Pat M Scott FCT, FCCA.
- corporate governance
- control environment Note
- responsibilities at each level This course is non residential.
- effective monitoring
- control procedures
Front office controls
- implementing policies
- the London market
- use of limits as a control
- dealing procedures
Back office controls
DATES
- confirmations and settlements
15-16 June - London
- reconciliations and reporting
6-7 December - London
- system management
Middle office controls
- risk analysis and reporting
- reporting procedures
FEES
Non Members £1200.00 + VAT
IIA and ACT Members £1100.00 + VAT,
ACT Students £1100.00 + VAT

IT Audit
Contents
Introduction to Information Systems Auditing 44
Networks and Networked Applications 45
Advanced Information Systems Auditing 46
43
Introduction to Information Systems Auditing
This intensive course developed over 15 years by professional auditors provides the perfect starting
point for someone new to Information Systems Auditing. This course aligns to the latest standards
and best practice approaches.
Who should attend? Auditing new systems and developments
- software procurement - creating the right requirement
Those entering information technology audit that need a
- software development life cycles - formal and informal
practical primer to underpin their new career. This course
methods
is suited to all comers but an understanding of basic audit
- identifying high level risks in systems proposals
terminology and sequence is assumed.
- auditing systems under development - an approach that
How will this course benefit you? tracks the evolving solution
After completion you will be able to: Auditing the building blocks of its control
- information security (infosec) and acceptable use policies
• c omprehend relevant best practices such as ITIL/ISO 20000/
- performing a review of infosec and acceptable use policies
ISO 27000/COBIT
- physical security - working environments; location,
• understand the need to relate technology issues to risk structure and staff control; environmental control
• identify laws, risks and controls that impact an organisation’s - performing a physical security review
information processing - contingency and disaster avoidance
• perform reviews of live application systems - auditing business continuity and preparedness
arrangements
• perform reviews of systems under development - logical security - registration, identification,
• r eview information security policies and physical security authentication, biometrics, authorisation, permissions
within the organisation structures and logging
• review contingency and business resumption plans - performing a logical security review
- simple network diagrams and basic network terminology
• review logical security and access controls
- network management, monitoring and resilience
• e
xplain core network terminology and perform elementary - protecting data that is flowing across a network
network reviews. - performing a basic network audit
Course programme Assistance for audit activities
it/is auditing - ways of getting answers to IT audit problems.
- the IT/IS Audit role Presented by
- working to best practices: ITIL/ISO 20000/ISO 27000/
MindGrove Ltd.
COBIT
risks associated with information technology systems Note
- IT operations and the law This course is non residential.
- confidentiality, availability and integrity and the
common findings that emerge from audit reviews
Auditing existing systems
- IT directive, preventative, detective and corrective
controls
- applications and key controls
- additional controls made available by technology
- auditing an operational system - an approach that links DATES
found risk to business 15-18 March – London
12-15 July – London
FEES
Member £1600 + VAT

Networks and Networked Applications
Most organisations are heavily reliant on the delivery of services via networks and
networked applications.
This unique course brings together the commonest elements of Unilateral data flow issues and risks
networked systems to provide a single source for an auditor’s all - web servers, information kiosks, text to phone, other one-
round understanding of network auditing. way information feeds
- active x, ole, flash, and scripting content
Who should attend? - navigational and w3c accessibility issues
This intensive course is intended for those with at least six - controlling anonymous web browsing users
months of IT Audit experience, those that have attended the - auditing infrastructures - a data flow approach
Introduction to Information Systems Auditing course, or those Bilateral data flows issues and risks
who are newer to audit but with some experience of IT. The - web based and non-web based networked applications,
course assumes a basic understanding of auditing. applets and scripts
- forms design and data transmission
- data validation
After completion you will be able to: - sensitive data content
• c omprehend how networks and networked applications - cookie controls
work together - authentication strategies: unilateral and bilateral
- auditing two way services - a risk based approach
• d
emonstrate an understanding of the common component
parts of network based systems Safe delivery of data
- lawful usage and collection of sensitive and private data
• d
escribe issues and risks associated with
- integrity preservation controls
common networking hosts and application delivery strategies
- implementation of cryptographic controls to protect the
• a udit unidirectional and bidirectional data flows and to safe network transport of private and sensitive data
evaluate the risks and controls associated with network - non-repudiation controls
messages and transactions - auditing delivery protection control.
• u
nderstand how the integrity and confidentiality of data can be
protected in a networked environment. Presented by
MindGrove Ltd.
Course programme
Network infrastructure and risks Note
- hardware: load balancers, web-servers, routers, firewalls, This course is non residential.
other appliances and services - issues, risks and key
controls
- reading infrastructure maps, diagrams and models
- database and application servers - issues, risks and
key controls
- illustrative service network structures: web based information
servers; simple web based and non-web based applications,
complex client server systems - issues, risks and key controls
- tcp/ip and message transmission - some basics and the DATES
issues, risks and key controls 19-20 April – London
- http - some basics and the issues, risks and key controls 25-26 October – London
- auditing infrastructures - a process flow
based approach
FEES
Member £920 + VAT
45
Advanced Information Systems Auditing
This intellectually challenging course is underpinned by an in-depth understanding of how control

processes operate within modern infrastructures and how an auditor can approach the evaluation of
these processes.
Who should attend? Data control - preventative and directive processes

- the big three - confidentiality, accountability, integrity
Those familiar with basic IT audits that need to extend their skills
- identifying data domains
into more technical aspects of IT auditing. This course is suited
- identifying and defining data assets and ownership
for those with six months or more experience in information
- interdomain data asset protection
technology auditing. This course may also be beneficial to those
- defining policy - rules for people rules for systems
taking CISA or CISSP exams.
- systems objects, security reference monitors and
How will this course benefit you? their interaction
After completion you will be able to: - registration, identification, authentication, authorisation
and logging processes - core control processes
• understand the process of hardening systems - locking down privilege - least rights rule and
• evaluate vulnerability, patch and fix regimes context setting
• deploy analytical software products and techniques to locate - permissions and permissions structures - deploying best
or evaluate system weaknesses practice control structures - auditing
permissions architectures
• analyse and evaluate critical preventative and directive
- using inheritance to ensure consistent security rules
control processes within systems
and policies
• analyse and evaluate control trails and event logs. - securing the data on portable and removable devices:
Course programme notebooks, PDAs, cell phones, removable and
portable media
Hardening systems - preventative and detective measures
- hardening of key software - the process Data control - detective processes
- sources of knowledge of system vulnerability - event logging processes
- interpreting vulnerability reporting - configuring event logs
- resolving vulnerability issues - user processes, system processes, security processes
- patching and fixing systems - analysing server logs, firewall logs, and other logs
- patch tracking and identification - retrieving data from logs and sieving the results
- analysing computers and media.
Auditing systems security - tools and techniques for auditors
- creating an audit toolkit - sources of software and issues in Presented by
deploying tools MindGrove Ltd.
- validation of security in systems
- location of weaknesses in systems software - tools and Note
technique This is course is non residential.
- locating weaknesses in networks - tools
and technique
- locating weaknesses in applications - tools
and technique
- automated exploit testing - tools and technique
- locating weaknesses in hardware - tools
DATES
and technique 15-17 June – London
- physical security of locations, hosts, and data 16-18 November – London
- penetration testing for auditors - penetration test contracts
- do’s and don’ts of penetration testing
FEES
Member £1290 + VAT

Terms and conditions
How to book
All bookings for training courses and events must be made in writing. You can do this online - visit
www.iia.org.uk/courses_and_events, select the course and date you wish to attend and then follow the
booking process.
Please note that once the IIA has received a completed booking form, your place on a course is confirmed. If a
course is fully booked, you will be notified. You are advised to read and understand the terms and conditions
outlined below.
Once we have received your booking we will send you a letter of confirmation within five working days. Joining
instructions including venue details will be issued approximately two weeks prior to the course. If you have any
doubt as to whether the course is going ahead or whether your booking has been received please telephone IIA
Training on 020 7498 0101.
Special requirements
If you have a disability or a medical condition that requires special arrangements to be made, please state your
requirements on the form. Every effort will be made by the IIA to accommodate special requirements that have
been notified.
Payment
Payment must be received before the start of the course or within 30 days of invoice date, whichever is sooner.
For international bookings, full payment must accompany the booking before any further documentation will
be issued.
We accept:
- Cheque - made payable to ‘Chartered Institute of Internal Auditors’
- Invoice - upon request
- Credit card.
If your company requires a purchase order number to be stated on the invoice, please ensure that the number
is quoted on the booking form.
Course discounts
Companies booking five or more delegates on the same course will receive a 10% discount on the course fee
(plus VAT).
Course transfers
There is no charge for transferring your booking to the same course on an alternative date provided you notify
the IIA in writing up to 20 working days before the start of the course and that there is availability. However,
a transfer fee of 20% of the course fee (plus VAT) will be payable if notice is received within 20 workings days
of the start date of the original course. No refund will be made in the event of a transfer. No more than one
transfer will be allowed.
Cancelling your place
If you notify the IIA in writing or via email up to ten working days before the start date of the course, you will
receive a full refund less an administration fee of 20% (plus VAT). Unfortunately late cancellations sometimes
cause events to be abandoned therefore if a delegate withdraws for whatever reason within the ten day period,
the fee will remain payable in full if you are unable to nominate a substitute attendee.
Non attendance
If you fail to attend the course on which you are registered and have not given prior notice to the IIA then the
course fee will remain payable in full.
Cancellation by the IIA
Where circumstances dictate, the IIA reserves the right to alter published programmes, speakers, fees or venues
without prior notice. In such cases liability will be restricted to a refund of any course fee paid.
Liability
The IIA does not accept responsibility for anyone acting as a result of information or views expressed on its
training courses. Delegates should take specific advice when dealing with specific situations. Opinions expressed
are those of individual speakers and not necessarily those of the IIA.
47
Chartered Institute of Internal Auditors
The Chartered Institute of Internal Auditors (IIA) is the only professional body
focused exclusively on internal audit and we are passionate about supporting,
promoting and training the professionals who work in it.
We play an active role in the public arena, promoting the role and value of internal audit
and developing the profession to ensure it has the knowledge, skills and expertise to be
essential to the success of organisations.
Every year we help thousands of internal auditors at every stage of their career by
delivering internal audit training, qualifications and technical resources enabling them to
deliver exceptional results for their organisations.
We have been leading the profession of internal auditing for over 60 years and were
granted our Royal Charter in 2010. Our International Standards and Code of Ethics unite a
global community of 170,000 internal auditors globally.
www.iia.org.uk
Chartered Institute of Internal Auditors
13 Abbeville Mews, 88 Clapham Park Road, London SW4 7BX
© December 2010

1777 IIA Training Brochure WEB

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

1777 IIA Training Brochure WEB

Uploaded by

Copyright:

Available Formats

IIA Training Courses

We are the leading provider of internal audit training, qualifications and

Professional development for all internal auditors

Members get the benefits

To book a course, please visit www.iia.org.uk | trainingandevents@iia.org.uk | 020 7498 0101

Internal Audit & Business Risk 7

Professional Development & Practice 14

Stategy & Leadership 20

Risk & Audit 25

Finance & Accounting 41

Terms and conditions 47

Continuing professional development (CPD) is an ongoing, structured process designed to

To book a course, please visit www.iia.org.uk | trainingandevents@iia.org.uk | 020 7498 0101

To book a course, please visit www.iia.org.uk | trainingandevents@iia.org.uk | 020 7498 0101

IIA Award in Internal Audit Planning and Assurance Framework 9

IIA Award in Effective Delivery of Audit and Assurance 10

IIA Award in Interpersonal Skills for Audit and Assurance 11

IIA Award in Information Systems Audit and Assurance 12

IIA Award in Compliance Audit and Assurance 13

• Guide to completion of the Certificate to help you

Who should attend? Course programme

• risk managers • introduction to corporate governance

• audit committee members • characteristics of good corporate governance

• specialists who join or are seconded to the • introduction to risk management

How will this course benefit you? • risk-based internal auditing.

After completion you will be able to: Pre-work

• appreciate the contribution that internal control

• appreciate some practical tips on embedding

To book a course, please visit www.iia.org.uk | trainingandevents@iia.org.uk | 020 7498 0101

Who should attend? • audit evidence

• new entrants to internal audit who do not • audit documentation

• appreciate the work of the internal audit

• communicate with the internal audit team and

• contribute to the effective delivery of an

• demonstrate an understanding of the value

• documenting information STANDALONE FEES

• understand how the effective delivery of an audit can add

To book a course, please visit www.iia.org.uk | trainingandevents@iia.org.uk | 020 7498 0101

Who should attend? Interviewing skills

• understand why good communication skills Presented by

• use your communication skills to develop better

Who should attend? • concepts of confidentiality, integrity and

After completion you will be able to: Pre-work

• purpose of information systems audit

• appreciation of how information system auditors

• introduction to computer forensics and explain STANDALONE FEES

To book a course, please visit www.iia.org.uk | trainingandevents@iia.org.uk | 020 7498 0101

• manage the relationship with key stakeholders.

• introduction to the course, participants expectations

• purpose of compliance auditing and the difference

• types of compliance audit and the responsibilities of a

“How to Audit” Series Workshops 16

Audit Report Writing 17

Improving Audit Reports for Senior Practitioners

Ultimate Persuasion Techniques 19

To book on a course, please visit www.iia.org.uk | trainingandevents@iia.org.uk | 020 7498 0101

How will these workshops benefit you?

To book a course, please visit www.iia.org.uk | trainingandevents@iia.org.uk | 020 7498 0101

How will this course benefit you?

The nitty - gritty: writing up observations

• deploy a reporting structure that engages and Note

To book a course, please visit www.iia.org.uk | trainingandevents@iia.org.uk | 020 7498 0101