CPEs: 24
Instructor: Yiannos Ashiotis
Level: Intermediate
Tuition: £3,495.00
Register Now

NEW Internal Controls – Assessing the Design and the Operating Effectiveness of Controls and Compliance IC300

Location: UK EU MEAN WAT GCC Time Zones

First Date: Mar 27 - 29 2023

Duration: 3 days

Programme Director: Yiannos Ashiotis CFSI MBA CPA

All Dates & Locations
Venue Details

Experience the highly-interactive expert-led social learning through Virtual Classroom via Cisco WebEx from Risk Reward.

All our 2023 Live, Virtual and Face-to-Face Classroom events feature shared (or discrete) live chat between delegates and the expert, participate in topical surveys, polling questions, group exercises and case studies for a tried -and- true engaging and gratifying learning experience.

Need to bring this course in-house and/or at your location anywhere worldwide? Simply contact us for a prompt and courteous reply offering significant cost savings and dates to meet your specific requirements.

"Excellent trainer. Had a usually quiet group of delegates active and participatory."
Accounting and Finance department L&D Manager, Saudi Industrial, Riyadh
Agenda Highlights

Session 1: Compliance, Controls And Governance

Session 2: Designing internal controls

Session 3: The Three Lines Model

Session 4: Assessing Internal Control Systems

Session 5:  Evaluating Internal Controls

Session 6:  Materiality and Risk Appetite

Session 7:  Assessing Controls in Key Business Cycles

Session 8:  Third Party Risk Management

Session 9: Discussion, Q&A and Summary


"Very well received training by a knowledgeable subject matter specialist."
Finance Manager, Ports Authority, Solomon Islands

This course considers the important issues relating to designing and assessing internal controls.  In the current environment as there is increasing application of AI techniques and automated monitoring techniques, it is important for any firm to reconsider its control environment.  However any changes made need to be consistent with rules and regulations as well as the expectations of stakeholders.

This practical course takes delegates through the issues that they are likely to face in practice and consider approaches to identification of improvements and assessment of controls which can be applied when they return to their environment after the event.

"A very useful course and excellent trainer! The most impactful topics were third party issues and vendor management and payable cycles."
Financial accountant, South Pacific Stock Exchange Pte
Who Should Attend

Designed primarily for management and staff within corporate entities and financial institutions but also recently attended by those within IT, legal and HR functions and roles:

  • Operations
  • Internal control
  • Risk management
  • Compliance
  • Internal audit



Additional Course Information

What Does It Cover?

Compliance, controls and governance 

  • What are the latest developments in controls and compliance?
  • What are the changes consequential to the recent crisis?
  • How will this change your control environment?
  • The responsibility for control and compliance
  • 1st and 2nd line roles
  • The Board responsibilities
  • Committees and their responsibilities
  • Key indicators and monitoring
  • Leading v lagging
  • Real-time monitoring 

Case Study: Discussion reviewing structures within financial services. 

Designing internal controls 

  • The process of designing internal controls
  • The continuing role of compliance
  • Preventative v detective
  • COSO, its role and history
  • Implementing a COSO framework
  • The COSO 2017 framework and definitions
  • COSO ERM and its role 

Case Study: Practical case studies on seeking to improve controls using actual cases of financial service failure.  What are the controls that were missing? 

The Three Lines Model 

  • The old three lines of defence model
  • Why has this changed?
  • The new 3 lines model from the IIA
  • The contents and challenges
  • What this means for an organisation 

Case Study: Discussion on the challenges faced as a consequence of the changing views of the IIA 

Assessing Internal Control Systems

  • Considering the nature of the control system
  • Applying controls to key processes
  • Documenting key processes
  • Efficiency and effectiveness
  • Using and developing indicators
  • Considering cost implications
  • Identifying areas for improvement
  • Understanding the changes to the environment
  • Innovation v gradual change
  • Considering design approaches
  • Approval, documentation and monitoring

Case Study

Evaluating internal controls

  • The control universe and register
  • Controls do not work in isolation
  • RCSA and controls
  • Entity level controls
  • Process level controls
  • Transaction monitoring
  • Testing techniques and approaches
  • Using AI techniques and data mining in assessment
  • Identifying areas for improvement

Materiality and Risk Appetite

  • Aligning risk appetite with materiality
  • Risk capacity and risk tolerance
  • Inherent and residual risk
  • Application to provision of limits and controls

Case Study:  Application of risk appetite within control design

Assessing Controls in Key Business Cycles 

  • Vendor management and payable cycles
  • HR and payroll cycle
  • Customer identification and take on cycle
  • Product pricing and income cycle

Case Studies:  For each of the 4 areas the delegates will identify and consider the assessment approach to the adequacy of the key controls applied.

Third Party Risk Management

  • Third party risk management and governance
  • Identification of all third parties
  • Relationship ownership and management
  • Operational resilience and third parties
  • What makes a third party critical?
  • The BIS operational resilience paper and third-party risk management
  • Risk assessing third party service providers
  • Relying on documentation received
  • Considering the SLA and contracting
  • Auditing within a remote third party

Case Study:  Develop a suitable assessment program for third party risk management

Discussion, Q&A and Summary 





Learning Objectives

By the end of this course, participants will gain the specialist knowledge

  • Understand the importance of the culture of compliance
  • Understand the practical implementation of the COSO Internal Control Framework
  • Explain COSO 2017 definition of internal control and the frameworks’ components and principles
  • Describe the importance of the Three Lines Model
  • Assess the design and operating effectiveness of internal control system
  • Learn to evaluate Internal Controls at the Entity Level, Process Level and to test them at the Transaction Level
  • Know how to perform top down risk assessment and risk analyzation
  • Be able to apply the concept of materiality
  • Understand the documentation requirements of the Key Processes
  • Understand risks and controls in the business cycles such as payable cycle, revenue cycle, payroll cycle, etc.
  • Understand how to identify internal control deficiencies
  • Be able to perform the risk assessment and assess the internal controls in relation to outside service Providers or third-party vendors.


Delegates who complete the course will receive a Certificate with equivalent CPD/CPE credits via email; and for those who require an assessment as a demonstration of competency via training a 20 multiple-choice questions and answers quiz, remotely invigilated with results report and 1 resit, is available at no additional charge when requested at time of reservation.

Social Learning & Methods

Highly interactive expert-led intensive presentation, Q&A, group real-time in-depth case studies, regulation and discussion supported by key principles and theory. The virtual learning platform uses safe, industry preferred encrypted Cisco WebEx to optimize live face-to-face visual interaction, discrete chat, for polling and quizzes.

(An invitation via email with access link is included for all participants.)


NEW Internal Controls – Assessing the Design and the Operating Effectiveness of Controls and Compliance

Course Fee

Apply the discount voucher RISK10 at check out for savings before Feb 15 2023

Course Fee (per person):
GBP £3,495.00 (+ UK VAT when applicable)

Number of delegates:

Data Privacy & Update of Contact Details Risk Reward Limited is fully compliant with the Data Protection Act. The information you provide will be safeguarded by Risk Reward Ltd. We do not rent, sell or exchange your details to anyone without your consent. Your details are never given to third parties. If you wish to update your details, please email: with your OLD and NEW details. Please allow 10 days to see the changes take effect. Thank you.

Terms and Conditions: You can cancel at any time. Due to the on-going COVID 19 environment cancellations may be made at any time for either a full refund or a credit towards another event occurring within the following 6 month period. Simply email or telephone the London Client Services team at to advise your preference and we will do our best to accommodate your circumstances. Risk Reward Ltd receives the right to a final decision in the event of a dispute.

All Risk Reward public courses are guaranteed to run although those offered by affiliates are subject to demand
SKU: TEMPLATE-20 Category:

Quick Contact

    Get in touch and see how Risk Reward can help you

    Our London team are ready to answer questions, provide information & choices to help make your public seminar booking in a prompt, professional & friendly manner.

    Get in touch and see how Risk Reward can help you

    Our London and Miami teams are ready to listen carefully to your needs, take the brief, explore options, offer suggestions and help you in a professional and friendly manner.