About this learning event
The internal audit activity must follow International Standards for the Professional Practice of Internal Auditing (Standards) issued by The Institute of Internal Auditors. According to the Standards internal auditors must evaluate the effectiveness and contribute to the improvement of risk management (RM) processes. This means that an internal auditor has an important role in RM: although management is responsible for RM, internal audit’s role as the third line of defense is also very important. The auditor's as well as the management's roles are strictly defined and this workshop will help auditors understand how, when, and with which tolls auditors can help organization in improving RM processes, and how to assess fraud and key information technology (IT) risks.
What you will learn
The objective of this workshop is to help participants better understand the RM from the internal auditor perspective and the role of internal auditing in RM.
The workshop will holistically discuss RM from internal auditors’ point of view, how to undertake RM activity, how to deal with established RM, how to plan, and perform risk based internal audits with an emphasis on fraud and key IT risk. According to the Standard 1210, internal auditors must “have sufficient knowledge to evaluate the risk of fraud” as well as “sufficient knowledge of key IT risks and controls and available technology-based audit techniques to perform their assigned work” (IIA 2013).
Participants of this workshop will strengthen their knowledge of how to understand fraud and how to prepare a risk register for fraud. They will also learn how to act and react when fraud occurs. The workshop will also address questions of how to understand IT risks, IT governance, assurance, professional standards, and how to respond to IT incident from internal auditor perspective. Through the use of group exercises participants will exercise how to prepare an organizational risk register (not only for fraud and IT risks) and how to perform an internal audit on a basis of risk register.
By the end of this workshop participants will be able to:
- Prepare risk register for the organization or use already prepared risk register
- Prepare risk register for fraud risks
- Understand key IT risks
- Understand the logic of fraud risks
- Prepare a risk based annual plan
- Perform risk based internal audits
How you will benefit
The three-day training in the workshop format, facilitated by experts in the field, will be based on practical examples, case studies, group exercises, and concrete experience which will enable participants to develop skills for independent contribution to risk management. Institutions nominating participants will benefit by participants’ specific knowledge of fraud, IT risk, risk register, and other tools which allow auditors to add value and help organizations to accomplish their objectives.
Who should attend
The workshop is designed for junior and experienced internal auditors from ministries and other public institutions as well as other internal audit experts and professionals interested in the topic.
As the workshop will be held in ENGLISH with no translation, participants should have a good command of English.
The workshop will be highly participatory. Participants are encouraged to be active in discussions and exercises throughout the three day event.
Faculty
Tina Toman Pfajfar, Slovenia
Ms. Tina Toman Pfajfar is the Head of the On Site Inspection Section at the Insurance Supervision Agency. In the past, she was the Director of Internal Audit Service at the Slovenian KD Life Insurance Company and she also worked for the Ministry of Finance of the Republic of Slovenia, where she held a position of the Head of Internal Audit Service. Her main responsibilities included risk based internal auditing, providing assurance to the Minister (or Board) about the risk management and internal control system, preparing a Manual for the Internal Audit Service, PIFC, and others.
She is the president of the Internal Audit Committee at the Slovenian Institute of Auditors and vice president of the Slovenian Chapter of the IIA – Institute of the Internal Auditors.
She is Certified Internal Auditor at the Slovenian Institute of Auditors, State Internal Auditor at the Ministry of Finance, State Auditor at the Court of Audit of the Republic of Slovenia and she has a Certification in Risk Management Assurance (CRMA) at The Institute of Internal Auditors.
Polona Pergar Guzaj, Slovenia
Ms. Polona Pergar Guzaj is director and owner of consulting firm 4E d.o.o. The firm is specialized in providing consulting services in the area of corporate governance (internal audit, risk management and compliance) and fraud prevention and detection. She is also providing quality assurance reviews and assistance/cosourcing in establishing internal audit functions. In the past, she was CAE in financial conglomerate KD Group d.d. and in asset management company KD Funds, d.o.o. She also worked as CAE in production group, Steklarna Hrastnik. Her main responsibilities included supervising individual internal audit functions in the subsidiary companies, risk based internal auditing, providing assurance to the general manager and/or Board about the risk management and internal control system, preparing a group internal audit methodology and implementing it, and others. As internal auditor she specialized on fraud investigation.
She serves as an audit committee member in insurance company (Adriatic Slovenica d.d.) and in production company (Žito d.d.). She is the president of the Slovenian Chapter of the IIA – Institute of the Internal Auditors. She is Certified Internal Auditor at the Slovenian Institute of Auditors, Certified Internal Auditor (CIA), Certified Financial Services Auditor (CFSA) and Certified Fraud Examiner (CFE). She also holds a Certification in Risk Management Assurance (CRMA) fromThe Institute of Internal Auditors.
Boštjan Kežmah, Slovenia
Mr. Bostjan Kežmah is a senior lecturer at the Faculty of Electrical Engineering and Computer Science at the University of Maribor and CEO of the Center for Legal Informatics (CEPRIS). He has extensive experience in the field of information systems assurance engagements as lead auditor, expert or audit team member. He holds national and international Certified Information Systems Auditor certificate and he is judicial expert and judicial appraiser in the field of IT and software.
His experience includes secure software development methodologies and technologies gained through many IT projects of national importance (e.g. national registry of wills). He has been heavily involved in software and services accreditation procedures for electronic archives. Lately he has been engaged as judicial expert in the vast majority of major criminal acts in Slovenia involving misuse of electronic banks, organized internet crime and hackers. He has given many lectures in the field of IT assurance and IT security all over Europe and is author and co-author of many professional and scientific books and papers.
He is the past president of ISACA Slovenia Chapter and member of the Certified Information Systems Auditor Board at the Slovenian Institute of Auditors.
Application procedure
Application Closing Date: Aug 29,2014
