RISK-BASED INTERNAL AUDITING (RBIA)
Aligning Audit Priorities with Strategic and Operational Risks
Course Schedule
| Date | Venue | Fees |
|---|---|---|
| 23 – 25 Jun 2026 | Doha, Qatar | USD 2495 per delegate |
Course Introduction
In today’s complex business environment, internal audit functions must evolve from compliance-focused reviews to providing strategic risk insights. Risk-Based Internal Auditing (RBIA) ensures that audit resources are directed toward areas that matter most to the organization—those with the highest potential impact on achieving objectives.
This practical, interactive course provides the tools and frameworks to implement or strengthen RBIA practices. Participants will learn how to assess risks across business functions, develop audit plans aligned to key risk areas, and conduct audits that drive meaningful improvement and assurance. The training is ideal for professionals looking to shift from traditional audit approaches to a modern, risk-focused model.
Course Objectives
By the end of this course, participants will be able to:
• Understand the principles and value of risk-based internal auditing
• Develop audit plans that are aligned to enterprise risk priorities
• Perform risk assessments and link them to audit scopes and objectives
• Conduct and document risk-focused audits across functional areas
• Provide risk-based assurance and recommendations to senior leadership
Key Benefits of Attending
• Modernize your audit approach using globally recognized RBIA practices
• Strengthen alignment between internal audit, risk management, and strategy
• Enhance audit efficiency and organizational impact
• Support board-level oversight and governance with risk-informed insights
• Learn how to structure audit programs to focus on what matters most
Intended Audience
This program is designed for:
• Internal Auditors and Audit Managers
• Risk and Compliance Officers
• Governance and Internal Control Professionals
• Chief Audit Executives (CAEs) and Audit Committee Advisors
• Anyone involved in planning or conducting internal audits
Individual Benefits
Key competencies that will be developed include:
• Enterprise risk assessment and prioritization
• Audit scoping based on inherent and residual risks
• Evidence gathering and testing based on risk exposure
• Writing audit reports that focus on root causes and risk mitigation
• Communicating assurance and control gaps to senior management
Organization Benefits
Upon completing the training course, participants will demonstrate:
• Stronger risk coverage across the internal audit plan
• Improved risk management practices through audit feedback
• Better integration between audit, compliance, and risk functions
• Proactive identification of high-risk areas and control weaknesses
• Enhanced reputation and trust in the audit function from stakeholders
Instructional Methdology
The course follows a blended learning approach combining theory with practice:
• Strategy Briefings – RBIA concepts, IIA standards, ERM integration
• Case Studies – Audit failures, emerging risks, board expectations
• Workshops – Audit planning, risk ranking, audit program design
• Peer Exchange – Sharing risk models, challenges, and frameworks
• Tools – Audit universe templates, risk control matrices, assurance maps
Course Outline
Training Hours: 7:30 AM – 3:30 PM
Daily Format: 3–4 Learning Modules | Coffee breaks: 09:30 & 11:15 | Lunch Buffet: 01:00 – 02:00
Day 1: Foundations of Risk-Based Internal Auditing
- Module 1: Internal Audit’s Role in Risk Management (07:30 – 09:30)
• IIA standards, governance linkages, three lines model - Module 2: Principles of Risk-Based Audit Planning (09:45 – 11:15)
• Risk assessment approaches and ranking criteria - Module 3: Building the Audit Universe and Risk Profile (11:30 – 01:00)
• Entity-wide risk mapping, control environment - Module 4: Workshop – Develop a Risk-Based Audit Plan (02:00 – 03:30)
• Participants build an audit universe and select priorities
Day 2: Risk Assessment and Fieldwork Execution
- Module 5: Risk Identification and Inherent vs Residual Risk (07:30 – 09:30)
• Criteria for control effectiveness, heat maps - Module 6: Designing Risk-Focused Audit Programs (09:45 – 11:15)
• Objectives, scope, procedures aligned to risk ratings - Module 7: Collecting Evidence and Testing Controls (11:30 – 01:00)
• Sampling, walkthroughs, effectiveness testing - Module 8: Workshop – Draft a Risk-Focused Audit Program (02:00 – 03:30)
• Participants design procedures for a high-risk process
Day 3: Reporting and Communicating Risk-Based Findings
- Module 9: Reporting for Impact and Risk Mitigation (07:30 – 09:30)
• Root cause analysis, control failure communication - Module 10: Writing Audit Reports with a Risk Focus (09:45 – 11:15)
• Prioritization, heat maps, actionable recommendations - Module 11: Communicating with Stakeholders and Boards (11:30 – 01:00)
• Presenting assurance, escalating critical findings - Module 12: Final Workshop – Simulate a Risk-Based Audit Debrief (02:00 – 03:30)
• Teams present audit findings and discuss remediation
Certification
Participants will receive a Certificate of Completion in Risk-Based Internal Auditing (RBIA), confirming their ability to design and execute internal audits focused on enterprise risks, controls, and organizational performance objectives.