Group Training

Our company provides a wide range of engaging training courses designed to provide practical information for audit, risk, and fraud professionals. Browse the course catalog for ideas, or let me know what you are looking for. Any course listed can be modified to fit your needs, or we can discuss creating presentations on new topics.

Ready to Book a Group Training

Internal Audit Topics

  • Working on an audit certification is stressful, time-consuming, and expensive, but is it worth the effort? This presentation breaks down the most common certifications by cost, effort, and potential benefits so you can make the right decision for yourself.

  • The IIA regularly publishes guidance on the skills we all need to be competent and proficient auditors. They do this because the skills we need are constantly shifting. We are required to keep up with technical skills and soft skills. If we work together as a team, we can help each other gain the skills and confidence we need to succeed!

  • Organizations face periods when risk levels surge far beyond the norm. Economic uncertainty, disruptive technologies, geopolitical instability, rapid organizational change, and large-scale operational disruptions all place extraordinary pressure on internal controls, governance, and risk management. These “high-risk” conditions demand an audit function that is agile, focused, and capable of delivering assurance when it matters most.

    This course provides a practical framework for conducting audits during extraordinary times. Participants learn how to rapidly reassess risk, prioritize critical processes, adjust audit procedures, and communicate emerging threats to leadership with clarity and urgency. The session covers how to evaluate controls under stress, how to identify gaps created by disruption, and how to tailor audit approaches when evidence quality or process stability is compromised.

  • Impact, Likelihood, and Velocity are our assessments' three most common risk metrics. Among the many lessons learned from COVID-19, risk velocity may be one of the most important, especially in emerging risks. Emerging risks often catch us off guard, which can spread through an organization with fantastic speed.

  • Your report is boring, and no one wants to read it! Internal auditors spend weeks performing an audit, but in the end, others only see the audit report. It is time to rethink the format you have been using.  Are you including meaningful content, visuals, and an overall theme? The last thing we want to hear is that the report was boring. In this presentation, we will tear apart standard report templates and improve them!

  • Internal auditors are supposed to remain independent from their work organization. We usually do this by establishing reporting lines directly to an audit committee. However, the reality is that we still work in this organization. We still must ride the elevator with coworkers in other departments and get paid for working at our jobs. Because of our unique position, we often face an ethical dilemma at the end of every audit. Management wants to issue a "clean" report, while auditors need to report unbiased facts highlighting the organization's risks. Ultimately, we must decide if we will keep our reports intact or bend to pressure from management to sanitize the language before it gets to senior leadership.

  • What will an internal audit look like in the next 5 years? In this event, we will explore areas most likely to change in the next few years: freelance auditing, agile auditing, dependence on AI, and reliance on the other lines of defense.

  • We combine subjective measures with past audit results and data from different systems for our risk assessments. Then we tack on CPEs of interviews with management that only adds more subjectivity. When I push deeper and ask who designed this risk assessment process, very few auditors can answer. Usually, someone who left the organization years before or an external consultant recommended the approach. When it takes so much effort to complete the assessment that it takes away from the actual audits we could be working on, is it time to admit that our risk assessment process is too complicated?

  • You've gathered lots of data from your audit processes, but now you need to use the data to tell a story to your audit committee. Designing these presentations is critical for leading audit departments. To help audit leaders develop compelling presentations, we will review the results of the surveys from The IIA to ensure we are meeting the audit committee's expectations. We will share trends, best practices, critical success factors, and tips for including the most relevant data. The presenter will then provide real-world examples showing how to use data to create trending reports and data analysis for inclusion in audit committee presentations using tools you already have, like Excel and PowerPoint

  • Can you imagine auditing without having to deal with issuing time-consuming audit reports? The truth is you don't need to write a report. The Standards never actually required us to do any writing. This presentation will discuss modern alternatives to the formal reporting we have all dreaded. You will understand what we must communicate during an audit and how to get it done better.

  • The presentation is designed to help auditors and fraud examiners bridge the gap between data analytic theory and application. This presentation aims to discuss the actual world application of simple data analytics to save time, improve efficiency, reduce risk exposure, add value, motivate team members, comply with best practices, detect potential fraud, and create new opportunities.

  • Sometimes we test controls that don't matter. Designing adequate internal controls can be challenging, especially with the current pace of change. A well-designed internal control system requires us to use judgment when assessing control effectiveness. We need to understand when a control does not address the risks so we don't waste time.

  • The risk landscape changes constantly, and we must remain vigilant as auditors if we stay ahead of the curve. The top risks for the current year have been impacted heavily by the pandemic, and each of the risks we will cover has a ripple effect as we explore the interrelated aspects of these risks.

  • Impact, Likelihood, and Velocity are our assessments' three most common risk metrics. Until now, I never fully grasped the meaning and importance of risk velocity. Among the many lessons learned from COVID-19, risk velocity might be among the most critical, especially in emerging risks.

Agile Audit Topics

  • The way we've been auditing is NOT going to work any longer. It's time for us to embrace an updated audit methodology: Agile Auditing. With this method, the audit department responds to risks more quickly, partners closely with the organization, and adopts a continuous quality and improvement mindset.

  • The session is a deep dive into the agile audit risk assessment process. We discuss how to build a quarterly risk assessment and discuss sources of data from interviews, financials, past data, and self-assessments.

  • Building on the assessment, this session explains how to create an audit backlog and use agile planning techniques such as building sprints and timeboxes.

  • In this session, we use the risk-based information from the assessment to scope and test the controls in the audit. Deep discussion will also be on agile project management techniques used throughout the audit execution phase.

  • Reporting in agile audit covers both audit reporting and audit committee reporting. We address the frequency, format, and benefits of the proposed changes. The report is generated from issues documented during fieldwork.

  • This session provides a clear, comprehensive roadmap for transitioning to agile audit. The plan includes selling the concept to traditional auditors and senior management, building a custom transition plan, audit team staffing and training, piloting and adjusting the plan, and finally reviewing the process end to end to ensure the agile mindset is embedded in the team. Then looking forward, the two main growth areas are moving from agile audit to agile assurance (working with other assurance teams like ERM, SOX, EHS, etc.) and technology enablement that will enhance the ability to become even more agile. Technology will range from simple analytics to AI and RPA (also included in the maturity model).

  • As audit leaders, we must produce the highest quality insights into the organization's risk environment. Agile auditing approaches the audit with an acknowledgment that risks are always changing, and we need to adapt to those changes to give the board and audit committee the information they need at the right time. Our agile audit teams can only function well with proper guidance - that's where you come in. As an Agile Audit Scrum Master, you have a deeper knowledge of agile, scrum, managing the audit team, and giving feedback to the CAE so that future audits are meaningful.

  • We need to audit the right risks at the right time, and agile auditing is the way to get there. With agile auditing, we only audit what matters by taking a different approach with everything from your audit universe to reporting. Preparing for a future based on agile auditing will require a rethink of how teams design their audit plan to address emerging risks, execute in the field, and report in near real-time across all levels of the organization.

IT Audit Topics

  • In any modern organization, all auditors are responsible for understanding a basic level of IT auditing. It's impossible to avoid technology. The good news is that we can apply auditing basics to IT auditing right now. The goal of this session is to increase your comfort level when approaching IT audits.

  • To be a successful IT auditor, you must understand various IT control topics and how to audit each against the guidance provided in frameworks such as those published by NIST. In this series, we delve into real-world examples of the major control topics covered in the NIST CSF, comparing the specific guidance included in frameworks such as NIST publications, HiTrust, and others.

    Example Course Topics

    • Provisioning and Deprovisioning

    • Backup and Recovery

    • Access Management

    • Password Management

    • Change Management

    • SOC Reports

    • SDLC Controls

    • SOD Controls

    • Job Monitoring

    • Logging and SEIM

    • Cybersecurity

    • Disaster Recovery and BCP (Contingency Planning)

    • Physical Security

    • Network Security and Detection

    • Third-Party IT Risk Management

    • Common IT Frameworks

    • Data Loss Protection (DLP)

    • Security Awareness Training

    • Strategy and Governance (Security Management)

    • Incident Response Plan Development

  • This course equips IT professionals, security managers, and organizational leaders with the knowledge and tools to develop and implement a robust Cybersecurity Incident Response Plan (CIRP). As cyber threats grow in sophistication and frequency, having a well-prepared, actionable response strategy is essential.

    Participants will explore real-world attack scenarios, learn key frameworks like the NIST IR lifecycle, and develop a step-by-step approach to identifying, responding to, and recovering from cyber incidents. Through practical guidance and interactive discussions, learners will leave with the confidence to lead their organization through any cybersecurity crisis.

  • Cybersecurity consistently ranks as the top organizational risk, yet many internal auditors lack clear, practical guidance on how to assess it. This webinar closes that gap. Instead of high-level theory, we go directly into the real-world controls that matter—what they are, why they exist, and exactly how auditors should evaluate them.

    This session equips internal auditors with the clarity and confidence needed to perform meaningful cybersecurity reviews, even without a deep technical background.

  • With so many IT Control frameworks, it can be hard to know which one to use in your organization. In this presentation, we discuss the differences and similarities between each of the most popular IT control frameworks so you can choose the one that makes the most sense.

  • Change management controls are fundamental controls in any organization. This course will delve into best practices for establishing a configuration baseline, segregation of duties, and making changes. This course also includes insights into auditing SDLC controls to ensure new system implementations are properly managed. Participants will explore real-world examples and discuss testing strategies. You will leave this session more confident in your ability to audit the most common IT controls.

  • Cybersecurity consistently ranks as the top organizational risk, yet many internal auditors lack clear, practical guidance on how to assess it. This session closes that gap. Instead of high-level theory, we go directly into the real-world controls that matter—what they are, why they exist, and exactly how auditors should evaluate them.

    This session equips internal auditors with the clarity and confidence needed to perform meaningful cybersecurity reviews, even without a deep technical background.

    Example Course Topics

    • Discuss the foundational concepts of cybersecurity principles.

    • Define risk management terminology and assessments

    • Classify types of security controls

    • Strategy, Governance, and Management

    • Training, Awareness, and Policy Management

    • Identity and Access Management

    • Secure SDLC and Change Management

    • Data Protection and Management

    • Asset Management and Physical Security

    • Incident Response

    • Business Continuity and Disaster Recovery

    • Third Party Risk Management

Fraud Topics

  • "Those who cannot remember the past are doomed to repeat it."
    We will review five recent fraud cases to understand the scheme and how it was discovered. As auditors and fraud examiners, we must review the more common (and often more interesting!) fraud cases to know what to look for in the field. The stories are fascinating, and the way they were uncovered is critical.

  • Internal auditors are required to be aware of fraud schemes and red flags. Often, we overlook apparent red flags due to a lack of training in testing techniques, or we have bought into the phrase "you can't test for fraud." In reality, there are many tests that you can perform that would raise a red flag. We also downplay the power of conversation. The most vital tool in your kit for uncovering fraud might be a cup of coffee.

  • The Fraud Triangle has been the basis for most fraud evaluations for almost 70 years. With so much change in technology, business, and society, it is time to revisit the model and see what changes may be needed for our modern environment.

  • Auditors are rarely prepared to find fraud. We are not trained to look for fraud actively, and we only have basic exposure to fraud red flags. Yet, most organizations expect us to find fraud. So how do we meet these expectations? We learn fraud awareness!

*Frequently requested

Ready to Book a Group Training