Certified Agile Based Auditor Certificate (CABA)
Covid-19 had had clearly revealed the inadequacy in enterprise risk management (ERM) controls in many organisations globally for not adopting holistic approach in managing and controlling risks where risks are aplenty causing great uncertainty and concerns by stakeholders. Therefore, auditors (both internal and external) are continually challenged to provide more value to stakeholders while enhancing organizational influence and impact. Deloitte & Touche LLP mentioned in their 2017 report that “the need to change is clear. The time for change is now for all auditors to embrace”. Stakeholders are demanding more efficient assurance, better advice on processes and controls, and greater anticipation of risks. In reports, stakeholders demand deeper insights and stronger points of view from auditors.
This “need to change” brings forth the new trend for auditors to focus on Agile Audit which is the mind-set of an Audit function to focus on stakeholder needs, accelerate audit cycles, drive timely insights, reduce wasted effort, and generate less documentation. Agile prompts auditors and stakeholders to determine, upfront, the value to be delivered by an audit.
This 5-day Certified Agile Based Auditor workshop is a highly interactive program providing intellectual insights on Agile-based concepts with practical application of constructing Holistic Agile Based Audit Framework; identify root causes of risks effectively; assess the measure of risk holistically; develop effective agile audit control with strong emphasis on the role of agile audit in compliance and governance in particular the tone from top management and board of directors. Although this program targets Audit professionals responsible for developing or implementing agile-based approach, it is still open for other assurance professional such as those in compliance and QA functions willing to develop their Agile Based Approach frameworks.
By the end of this training program, each participant will be able to:
- Audit the organisational risk maturity level to aid formation of Agile-Based Audit Framework
- Deliver deeper insights into strategic risks emerging from strategic plan formulation
- Develop Agile-Based Auditing and monitoring policy from the identified risk priorities
- Emphasis more agile-based audit planning and monitoring plan from identified risk priorities
- Assess risks across enterprise wide for prioritisation, likelihood of occurrence and impact on organisation
This 5-day program is entirely interactive and every participant will be fully participative in group discussion, exercises and case studies. A step-by-step guidance in how to develop, establish and implement an Agile Based Audit (ABA) framework will be taught to each participant. Trainer will coach each participant and ensure that each participant is able to execute the ABA framework.
Who should attend
This program is suitable for heads of audit, audit managers and senior auditors, auditors responsible for developing or implementing a agile based approach, other assurance professionals such as those in compliance and QA functions who are wanting to develop their Agile Based Approach. Senior managers and Directors of business functions – to aid their knowledge of a agile based audit approach.
Participant should have at least THREE (3) years of practical experience in audit, assurance, risk management or financial control, compliance, QA or managerial experiences. He/she needs to have pre-requisite knowledge in accounting, auditing and corporate finance knowledge.
What is Agile-Based Audit (ABA)?
- Definition and trends of Agile-Based Audit
- Purpose, roles and concerns of agile-based audit
- Why senior and top management may lack full understanding of risk
- Established Awareness of agile-based audit
Identify Root Causes of Risks and how it impacts Risk Appetite and Risk Capacity
- Root cause of risks – how to detect
- Relationship between risk and strategic objectives
- Scope of risk capacity and risk appetite of each organization
- Strategic, financial and operational risk
- Impact on agile-based audit
Cognitive Dissonance and its Impact on Agile-Based Auditing (ABA)
- Risk and cognitive dissonance relationship
- The importance of cognitive dissonance and how it works
- Appreciate how cognitive dissonance influencing Economic decision makers’’ choices and decision making
- Impact of cognitive dissonance on agile-based auditing
Participants will apply cognitive dissonance techniques on a real-world case study and understanding its impact on strategy selection and other investment decision making. Participants will learn how to apply agile-based audit by drawing out concrete lessons learnt from the ability to balance impacts from rational and emotional behaviours made by economic decision makers.
Global Corporate Failures and Why both Internal and External Auditors had Failed to Detect
- High profile corporate failures and the lessons learnt from the major risks in your organization
- Why did both internal and external auditors failed to detect those corporate failures
- Draw lessons learnt from corporate failures with implication to Agile-Based Auditing for best practice adoption
Updates on Latest Regulation Impacting Agile-Based Auditing (ABA) Approach
- Explanation of the new ISO 31000 international risk standard 2009
- Latest Developments of Basel II and III solely for bankers
- Most recently updated COSO ERM framework 2017
- Importance on Agile-based audit
Participants will be given a real-world case study and audit the causes to such corporate failures and why both internal and external auditors had failed to detect. They will learn the different approaches and challenges involved in the process of risk identification using agile-based auditing approach.
Audit the Alignment of ERM to Strategic Planning (incorporate COSO ERM 2017)
- Understand the organization’s strategic objectives
- Audit the alignment of ERM Strategy to Strategic Planning at corporate level
- Assess the identification of risk appetite and balancing with risk capacity at strategic level
- Audit the identification of risks at strategic level for forming Key Risk Areas (KRAs)
- Establishing an Agile-Based Auditing Framework at strategic level for effective assurance
Agile-Based Audit (ABA) to Assess Governance Structure for effective assurance
- Audit the Risk Awareness for all staff especially the tone set by top management
- Audit the ownership of Risks and responsibilities of BOD, CEO and Exco members
- Assess the accountability and responsibility of BOD and CEO to stakeholders
- Assure the protection of the financial position and potential capital losses
- Audit the handling of customer service and complaints response process
- Assure effective communication – internally and externally to stakeholders
Participants will study a real-world classical case study on how the identified risks were misaligned to corporate strategy during the strategic planning process. They will identify key lessons learnt, using ABA approach, while drawing references to current global financial situation leading to best practices being formed and adopted.
Use Agile-Based Auditing (ABA) Approach to Audit the ERM Process
- Audit the identification of surprises and risk
- Appreciate why financial risks are only the tip of the iceberg
- Understand the challenges faced due to global crisis, regulatory and compliance changes
- Developing a Agile-Based Audit strategy for your organizations
Assess the Risk Evaluation processes using ABA approach
- Audit the risk techniques used on identifying strategic, financial and operational risks
- Use of ABA diagnostic questions and thought provokers
- Know the pros and cons of using data capture technology
- Assess the evaluation process of risks pertaining to strategic, financial and operational risks
- Assess the effective measuring of consequences and likelihood of occurrence of each risks using ABA approach
- Develop Early ABA Warning Indicators for effective assurance
Participants will be given a case study requiring them to establish the early ABA warning indictors as part of ABA strategy for effective assurance. They will discuss and challenged each other on its viability and functionality leading to drawing lessons learnt.
Assess the Cascading of Strategic Risks from Top Management to Business Unit Level
- Auditing the potential misalignment of strategic risks from strategic objectives/plan
- Audit the cascading process of Risk awareness to all staff from top to middle and bottom
- Assess the establishment of Key Risk Indicators (KRIs)
- Diagnose the breaking down of KRAs to KRIs for business units
- Evaluate the risk tracking capability and effective use of risk register matrix for assurance
- Assess the robustness of risk management committee reporting, escalation and resolution of excesses by BOD
Audit the Risk Treatment/Controls according to ISO31000 & COSO 2017
- Audit the Identification of risk exposures – what risk is acceptable within risk appetite
- Assess the decision of residual risk levels within risk capacity
- Audit the relevancy of risks controls, risk registers and risk heat maps
- Assess the establishment of risk action plans, allocation of responsibilities to risk owners
Participants will be given a real-world case study to audit the problems arising from cascading of strategic risks to business units level resulting in wrong KRIs setting with irrelevant or outdated risk controls and risk registers. They will also discuss the various ways, using ABA, to mitigate such challenges and design proper communication channels as well as effective audit control mechanism.
Assess the Effective Setting of Key Risk Indicators and Loss Control per ISO31000 & COSO 2017
- Assess the effectiveness of establishing key risk indicators (KRIs)
- Evaluate the potential loss of IT systems, E-Commerce risks, cybercrime, IT security
- Audit the poor prioritisation of systems development impacting strategic objectives
- Assess the deployment of right people to right tasks
- Draw best practice for agile-based audit adoption
Embedding the Agile Based Auditing Process
- Assess the compliance with corporate governance requirements
- Assure risk awareness for all staff including BOD
- Audit the robustness of breaking down of Key Risk Indicators (KRIs) at business level into Key Performance Indicators (KPIs) for individuals
Participants will be given a case study requiring them to audit the corporate KRIs and subsequently breaking them down into individual KPIs. They will discuss and challenge each other on its viability and functionality leading to drawing lessons learnt. They will also discuss the various ways to mitigate such risks and design proper communication channels as well as effective risk control mechanism.
Audit the Assessment of Risk Mitigation per ISO31000 & COSO 2017
- Assess the effective controls or mitigation techniques/strategies
- Ensure risks are managed effectively
- Audit the identification of risk exposures
- Assess the updating of recording of risks – risk registers or risk maps
- Evaluate the relevancy of risk registers – dos and don’ts
- Audit the establishment of action plans from risk registers
- Assess the allocation of risk owners
- Assess the risk mitigation and handling of exposures in practice
Setup ABA Monitoring and Review control according to ISO31000 & COSO 2017
- Evaluate the risk benchmarking framework and policy for KRAs and KRIs
- Audit the risk management performance against KRAs and KRIs
- Assess the appropriate scenario and sensitivity analysis for early warning of risks to BOD
- Audit the timely reporting and escalating variance and unusual patterns to top management and BOD for their
Participants will be given a real world case study to firstly audit the types of risks and discuss the various possible risk mitigation strategies. They will learn the different approaches and challenges involved in the process of risk mitigation and control with trainer sharing best practice.
Audit the People, Process, Cyber-Security and Outsourcing Risks per ISO31000 & COSO 2017
- Assess the effective risk control external partners and consultants
- Audit the Loss of key personnel, low morale/stress impact on strategic objectives
- Assess the system security ready to combat cyber-attack and crime
- Evaluate the effective prioritisation of systems development to meet strategic objectives
- Appreciate the latest E-Commerce and IT security risks development
Launch Risk Communication to Instil Effective Risk Culture per to ISO31000 & COSO 2017
- Asses the strategic awareness of risk communication to external and internal stakeholders
- Assure the promotion of benefits of adhering to ERM policies, regulations and governance
- Ensure the instilling risk culture through implementing ERM processes
A real world case study given to participants to evaluate the causes of risks resulting from people or process. They will also discuss on the various ways to mitigate such risks and design proper communication channels to various stakeholders for effective ABA control mechanism.
Audit the ERM Process from Business/Division Levels to Team/Individual
- Audit the risk awareness for staff
- Assess the breaking down Key Risk indicators (KRI’s) at corporate/business level into Key Performance Indicators (KPIs) for individuals/teams
- Evaluate the effective reduction of excessive controls
- Audit the Monitoring and control process on residual risks
- Assess the management and alignment of stakeholder expectations
Emergence of Information Security Risk
- How audit data breaches and headline news?
- Determine the information breaches and its impact on firm’s financial losses
- Best practices from international Information Security Standards
- Establish audit controls on key information security risks
- Evaluate the level of confidentiality of the identify key information security risks
Participants will be given a case study from emerging countries where they identify the external and internal environmental challenges in establishing ABA framework and systems. This will lead to an implementable ABA framework for participants to take home for further deliberation and implementation.
Every participant will either use their own organization or an approved case study and attempt to apply all the knowledge that they had acquired over the 5-days. This includes setting up the Agile Based Audit Framework, evaluate the effectiveness of KRIs, audit the identification of root causes to different types of key risks covering governance, market, credit, operational, liquidity, compliance and cyber, setup key agile audit controls and assessment techniques plus new agile reporting structure. This project will be then assessed by a panel of international experts in the 2 accrediting bodies in addition to the trainer.
Dr. Christopher Goh
Dr. Christopher is a professional, with some 25 years with extensive experience in, risk management, design thinking, compliance, anti-money laundering, strategic planning, exotic options, behavioural finance, and structuring products using derivatives and in particular to enterprise risk management where he spent some 15 years in this area, where he was the pioneer in risk management, since 1989.
He holds the title of chief risk officer for Asia Pacific having established holistic enterprise risk management and compliance framework, which includes anti-money laundering, sanctions, compliance and governance, spearheaded the implementation enterprise risk management process for some 3 international banks in Asia Pacific.
He had implemented enterprise risk management and compliance framework through practical experience gained through various diverse economic cycles. He had worked for 6 different banks over a period of some 25 years across 6 different cultures, business practices and management styles. This had given him a very deep knowledge in handling clients and managed staff from diverse cultural background.
Dr Christopher had conducted many in-house corporate seminars for the past 15 years training international and central bankers, senior management from government bodies from Asia region like Malaysia, Indonesia, Taiwan, China, Singapore, South Korea, Thailand, Hong Kong, Vietnam, Myanmar, Philippines, and to as far as London, Vienna, Jeddah, Riyadh, Kuwait, Johannesburg, Lagos (Nigeria), Accra (Ghana), Nairobi (Kenya), Dubai, Zimbabwe, Zambia, Lesotho, Moscow and Ulaanbaatar (Mongolia). He had since travelled to some 38 international cities to conduct international workshops and consultancies.
His current seminars and consultancy works are mainly focused on Governance, Risk and Compliance, Design Thinking for Bankers and Non-bankers, Enterprise Risk Management, Setting KPIs with Enterprise Balanced Scorecard, Organisational Development Audit/Assessment, Compliance Risk Management, Operational Risk and Compliance Management, Transforming Strategy into Business Results.
He had published over 20 Risk Management, Strategy and Technopreneurship articles. He had co-authored 2 books published in 2017:
- Design Thinking for Management, Leadership and Technopreneurship, TWAN Pte Ltd, 1st Edition, ISBN: 978-981-11-4217-8, published in December 2017
- Technopreneurship: in Industry 4.0, TWAN Pte Ltd, 1st Edition, ISBN: 978-981-11-3875-1 published in December 2017
Dr Christopher has most recently been appointed as Dean for School of Finance and Banking with Swiss Institute of Management and Innovation based in Zug, Switzerland. He is also an Adjunct Visiting Faculty to some foreign universities namely: Shanghai JiaoTong University, Central University of Finance and Economics (Beijing), Harbin Institute of Technology (Harbin), S.P. Jain (Singapore and Dubai campus) on a yearly basis on banking certification courses and/or EMBA courses.
The Certified Chief Risk Officer (CCRO) is the unique programs from the Swiss Institute of Management and Innovation (SIMI)’s School of Finance & Banking. This program is also accredited as the other accredited programs from SIMI.