• How to design an organizational risk universe that supports organizational-level risk assessment
• How to consult on enterprise-wide risk projects with internal audit as a key stakeholder
• How to provide control effectiveness insights to risk management outside of audit reports to drive change

• Limitations of SOX auditing and how to overcome them
• How to educate and train staff on risk, controls, and process
• What internal auditors and SOX auditors can do to better partner together
• Who should be in charge of the SOX process on an organizational level

• How to support the design and implementation of compliance management processes
• The importance of training middle management to foster a strong control environment
• Challenges in building data analytics capability, especially for risk assessment or detecting outlier transactions
• How internal audit and compliance can support third-party risk management

• How internal audit can support the development of rapid response methodologies and processes before they are needed
• How to work with InfoSec to develop preventative controls that could mitigate some, if not all, cyber security risks
• How to strengthen the relationship between InfoSec and Internal Audit

• How to design an effective and efficient vendor review and risk management program
• How to design and perform vendor site visits and risk review
• How to develop vendor risk model based on risk categories or portfolios

Episode 5: Building a strong relationship between Internal Audit and the Board of Directors 

Episode outcomes: