Facilities and structures identified as Vital Installations require specialized protection, security plans and services. Locations such as nuclear plants, military bases, governmental buildings, petro-chemical sites, ports and harbors, educational institutions, and specialized health-care facilities, may fall into this category. These locations are often the target of attention for potential criminals, terrorists, and activists. Site-specific emergency response plans, business continuity strategies, security procedures, and reporting protocols are traditionally required by local, state, and federal law enforcement agencies.

The effectiveness and maturity of risk management within the organization will determine how internal audit approach their planning and assessments, Applying risk based internal auditing also enables internal audit to form an opinion on the adequacy of the assurance framework and the reliability of assurance sources, new skills are required of internal auditors to ensure they implement RBIA effectively.

Who should attend?

Heads of internal audit and senior internal auditors involved in planning and providing assurance on control and management of business risk within their organization.

How will this program benefit you?

Upon completion you will be able to:

  • Understand the key concepts of RBIA and how they might be applied in your organization.
  • appreciate the links between the organization’s risk management framework and each stage of RBIA.
  • determine risk maturity and apply the relevant internal audit approach
  • appreciate how internal audit fits into your organization’s assurance framework and undertake an assurance mapping exercise.
  • produce a risk-internal audit plan.
  • apply a risk based methodology to internal audit assignments
  • Provide meaningful assurance statements to your audit committee and board
  • explain the benefits of RBIA

Course Programme

 This course will provide you with practical examples and case studies on the application of a risk based internal audit approach During this interactive course the following topics will be covered:


  • driving forces for a risk based approach
  • overview of current guidance – RBIA stages
  • meeting board/audit committee requirements.

Assurance framework

  • sources of assurance to the board
  • mapping assurance sources
  • reviewing the adequacy of assurance
  • linking the internal audit plan into the assurance framework.

Risk management and maturity

  • what does good risk management look and feel like?
  • forming risk maturity opinions – where does your organization sit on the
    risk maturity continuum?

Risk based internal audit planning

  • internal audit planning case study
  • mapping risks, processes, business units and assurance
  • prioritizing the focus of assurance (or what to audit with limited
  • understanding the concept of risk appetite
  • the involvement of management in the internal audit plan.

Risk based assignment planning and reporting

  • determining the assignment scope
  • monitoring controls – the management role
  • reporting conclusions and agreeing action – a new approach.

Reporting on risk and control

  • assurance statements from internal audit
  • making assurance statements meaningful and useful.

Challenges to successful implementation

  • practical problem solving to provide solutions to your barriers.

Presented by: IIA specialist trainers

Duration: Two days