Compliance, controls and governance 

• What are the latest developments in controls and compliance?
• What are the changes consequential to the recent crisis?
• How will this change your control environment?
• The responsibility for control and compliance
• 1^st and 2^nd line roles
• The Board responsibilities
• Committees and their responsibilities
• Key indicators and monitoring
• Leading v lagging
• Real-time monitoring 

Case Study: Discussion reviewing structures within financial services. 

Designing internal controls 

• The process of designing internal controls
• The continuing role of compliance
• Preventative v detective
• COSO, its role and history
• Implementing a COSO framework
• The COSO 2017 framework and definitions
• COSO ERM and its role 

Case Study: Practical case studies on seeking to improve controls using actual cases of financial service failure.  What are the controls that were missing? 

The Three Lines Model 

• The old three lines of defence model
• Why has this changed?
• The new 3 lines model from the IIA
• The contents and challenges
• What this means for an organisation 

Case Study: Discussion on the challenges faced as a consequence of the changing views of the IIA 

Assessing Internal Control Systems

• Considering the nature of the control system
• Applying controls to key processes
• Documenting key processes
• Efficiency and effectiveness
• Using and developing indicators
• Considering cost implications
• Identifying areas for improvement
• Understanding the changes to the environment
• Innovation v gradual change
• Considering design approaches
• Approval, documentation and monitoring

Case Study

Evaluating internal controls

• The control universe and register
• Controls do not work in isolation
• RCSA and controls
• Entity level controls
• Process level controls
• Transaction monitoring
• Testing techniques and approaches
• Using AI techniques and data mining in assessment
• Identifying areas for improvement

Materiality and Risk Appetite

• Aligning risk appetite with materiality
• Risk capacity and risk tolerance
• Inherent and residual risk
• Application to provision of limits and controls

Case Study:  Application of risk appetite within control design

Assessing Controls in Key Business Cycles 

• Vendor management and payable cycles
• HR and payroll cycle
• Customer identification and take on cycle
• Product pricing and income cycle

Case Studies:  For each of the 4 areas the delegates will identify and consider the assessment approach to the adequacy of the key controls applied.

Third Party Risk Management

• Third party risk management and governance
• Identification of all third parties
• Relationship ownership and management
• Operational resilience and third parties
• What makes a third party critical?
• The BIS operational resilience paper and third-party risk management
• Risk assessing third party service providers
• Relying on documentation received
• Considering the SLA and contracting
• Auditing within a remote third party

Case Study:  Develop a suitable assessment program for third party risk management

Discussion, Q&A and Summary 

END

By the end of this course, participants will gain the specialist knowledge

• Understand the importance of the culture of compliance
• Understand the practical implementation of the COSO Internal Control Framework
• Explain COSO 2017 definition of internal control and the frameworks’ components and principles
• Describe the importance of the Three Lines Model
• Assess the design and operating effectiveness of internal control system
• Learn to evaluate Internal Controls at the Entity Level, Process Level and to test them at the Transaction Level
• Know how to perform top down risk assessment and risk analyzation
• Be able to apply the concept of materiality
• Understand the documentation requirements of the Key Processes
• Understand risks and controls in the business cycles such as payable cycle, revenue cycle, payroll cycle, etc.
• Understand how to identify internal control deficiencies
• Be able to perform the risk assessment and assess the internal controls in relation to outside service Providers or third-party vendors.

Delegates who complete the course will receive a Certificate with equivalent CPD/CPE credits via email; and for those who require an assessment as a demonstration of competency via training a 20 multiple-choice questions and answers quiz, remotely invigilated with results report and 1 resit, is available at no additional charge when requested at time of reservation.

Highly interactive expert-led intensive presentation, Q&A, group real-time in-depth case studies, regulation and discussion supported by key principles and theory. The virtual learning platform uses safe, industry preferred encrypted Cisco WebEx to optimize live face-to-face visual interaction, discrete chat, for polling and quizzes.

(An invitation via email with access link is included for all participants.)