Fundamentals of Internal Auditing - OAG101


In this three-day seminar, attendees will learn the concepts of traditional and operational auditing and gain proven tools and techniques for performing effective audits. You will get a solid background in the basics of documenting and evaluating internal control and fieldwork techniques. Using specifically formulated case exercises, participants will examine the critical elements of internal auditing: assessing risk, flowcharting, designing flexibility into the audit program, performing the audit and applying audit results to solve business problems. You will focus on and put into practice the communications skills associated with internal auditing: conferencing with customers, writing audit findings and selling audit recommendations.

What you will learn

You will learn how to perform internal auditing from risk assessment, through planning, fieldwork, and reporting. Also, how to conduct interviews and key techniques like flowcharting, preparing risk-control matrices, and writing narratives.


Internal Audit Life Cycle and Key Concepts:

  • definition of internal audit
  • fundamental questions of internal audit
  • three lines of defense
  • lifecycle/steps in the internal audit process
  • identifying areas to be audited
  • types of internal audits
  • internal control frameworks
  • sample job description: role/level expectations

Risk Assessment Strategies:

  • performance standards for risk assessment
  • what is risk anyway?
  • effects of risk
  • different levels of risk assessment
  • key questions in risk assessment
  • balance between risk and control
  • examples of risks and risk assessment approaches

Audit Project Planning:

  • performance standards on planning
  • audit equals project
  • planning risks, stages, strategies
  • planning resources and key questions
  • stakeholder awareness
  • preliminary meetings
  • early deliverables
  • performance standard on governance

Documenting Internal Controls:

  • performance standards for documenting controls
  • evaluating and documenting internal controls
  • cost/benefit considerations
  • types of controls
  • the control environment
  • other barriers/blocks to good control
  • methods of documenting control
  • group exercises

Audit Programs:

  • performance standards for audit programs
  • audit program as guide and fence evaluating and documenting internal controls
  • audit program examples
  • criteria for audit programs
  • audit objective
  • audit scope
  • audit test steps
  • sample audit program

Fieldwork Techniques:

  • performance standards for fieldwork
  • definitions related to evidence
  • nine fieldwork techniques
  • reliability of audit evidence
  • types of audit evidence
  • handling sensitive evidence

Audit Interviews, Walkthroughs, Meetings:

  • communication overview
  • active listening
  • audit interviews and walkthroughs
  • purpose, preparation and planning
  • interview structure: five phases
  • face-to-face meetings: five reasons
  • question types
  • probing skills and questions
  • creating a work product from notes


  • performance standards for recording information
  • performance standards for engagement supervision
  • purposes of audit workpapers
  • workpapers should stand alone
  • workpapers’ completeness and accuracy
  • workpaper techniques/templates
  • electronic workpapers
  • tick marks
  • sample workpaper
  • quality assurance and improvement programs

Audit Findings:

  • performance standards on evidence
  • attributes of audit findings
  • selling audit findings
  • template for audit findings

Audit Reports and Written Communication:

  • why do auditors write reports?
  • performance standards on communication
  • report trends, contents, timeliness, persuasiveness
  • who is/are your reader(s)?
  • in writing, words are all
  • overview of the writing process
  • increase readability and logical flow, reduce wordiness
  • editing yourself and others

Sampling and Data Analysis:

  • audit testing
  • sampling terminology
  • sampling methodologies
  • sampling for sox compliance
  • data analysis definition, impact
  • a simple data analysis model
  • kdd process model
  • challenges in implementing data analysis

Events Which Have Helped to Create Growth in Internal Audit

  • Foreign Corrupt Practices Act
  • COSO
  • COSO Enterprise Risk Management
  • CoCo
  • federal sentencing guidelines
  • fraudulent financial reporting
  • blue ribbon panel
  • Sarbanes-Oxley Act
  • more recent regulatory matters

Further information

ACI Learning
ACI Learning
3 Days
Scheduled dates
Course type:
Amsterdam, Atlanta, GA, Bandar Seri Begawan, Boston, MA, Burlington, MA, Cape Town, Charlotte, NC, Chicago, IL, Dallas, TX, Denver, CO, Dubai, Dublin, Dublin, OH, Hong Kong, Houston, TX, Las Vegas, NV, London, Manila, New York, NY, Oman, Orlando, FL, Philadelphia, PA, San Antonio, San Diego, CA, San Francisco, CA, Seattle, WA, Singapore, Virtual Training Room Only, Washington, DC

Contact Information

ACI Learning

6855 S. Havana St.
Suite 230
80112 USA