Partner
Exam Preparation

CIA® 2
Certified Internal Auditor
Part 2

Rating:
4.9
English
Intermediate
Video preview
FACE 2 FACE
ON SITE TRAINING
LIVE VIRTUAL
TRAINING
COACHING
& MENTORING
SELF-PACED
TRAINING
Select Date
Download Brochure

Course Overview

This course is designed to provide internal auditors with the essential knowledge and practical skills needed to effectively plan, execute, and oversee internal audit engagements. Participants will develop a structured approach to engagement planning, risk assessment, data analysis, evaluation of controls, and communication of results. The course covers best practices in gathering and analyzing audit evidence, leveraging technology for enhanced insights, and ensuring compliance with professional standards. Additionally, it emphasizes effective stakeholder communication, supervision techniques, and the development of actionable recommendations to drive continuous improvement within organizations. 
By mastering these concepts, participants will be equipped to perform value-added audits and contribute to stronger governance, risk management, and control frameworks that align with organizational objectives.

Qassim A.
Senior Specialist - Program Enrollment

Key Takeaways

1
Develop effective engagement plans by defining objectives, scope, and risk-based evaluation criteria to align with organizational goals.
2
Apply data-driven audit techniques to gather, analyze, and evaluate information for reliable decision-making.
3
Assess internal controls and risk management practices to identify gaps and recommend improvements.
4
Enhance audit supervision and quality assurance to ensure consistency, compliance, and value-added outcomes.
5
Communicate audit results effectively to key stakeholders, providing clear findings, recommendations, and action plans.

The Institute of Internal Auditors
Brand Logo
Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Florida, USA. The IIA is the internal audit profession’s global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.

Course Outline

Part 1: Engagement Planning (50%)
Determining engagement objectives and scope
  • Apply Topical Requirements when determining objectives and scope
  • The elements to be considered in the development of engagement objectives, including regulatory requirements; the organization’s strategy and objectives; governance, risk management, and control processes; risk appetite and tolerance; internal policies; previous audit reports; work of other assurance providers; and whether the engagement is intended to provide assurance or advisory services
  • Identification and documentation of relevant scope limitations during planning
  • Approaches for managing and documenting stakeholder requests
  • Effective methods for addressing changes in objectives and scope
Determining evaluation criteria based on relevant information gathered
  • The most relevant criteria for evaluating the activity under review
  • Determination of whether a set of evaluation criteria is specific, practical, relevant, aligned with the objectives of the organization and the activity under review, and produces reliable comparisons

 

Planning the engagement to assess key risks and controls
  • How to apply Topical Requirements when planning an engagement
  • When planning an engagement, recognize the strategic objectives of the activity under review and their integration with risk management, business performance measures, and performance management techniques
  • When planning an engagement, recognize existing and emerging cybersecurity risks, common information security and IT controls, IT general controls, the purpose and benefits of using an IT control framework, principles of data privacy, and data security policies and practices
  • When planning an engagement, recognize business continuity and disaster recovery readiness concepts such as business resilience, incident management, business impact analysis, and backup and recovery testing
  • When planning an engagement, recognize finance and accounting concepts related to the activity under review such as current and fixed assets, short-term and long-term liabilities, capital, and investments
  • When planning an engagement, recognize key risks and controls related to common business processes such as asset management, supply chain management, inventory management, accounts payable, procurement, compliance, third-party processes, customer relationship management systems, enterprise resource planning systems, and governance, risk, and compliance systems
Detailed risk assessment of each activity under review
  • How to apply Topical Requirements when completing a risk assessment
  • The pervasive financial, operational, IT, cybersecurity, and regulatory risks as they relate to the activity under review
  • The impact of emerging risks on the organization
  • Appropriate methods and criteria to evaluate and prioritize identified risks and controls
  • The impacts of change of people, processes, and systems on risk
  • The impact of different organizational structures and environments on the risk assessment, including centralized versus decentralized, flat versus traditional, and in-person versus remote work
  • The impact of organizational culture on the control environment, including individual and group behaviors and tone at the top
Engagement procedures and work program development
  • Procedures to evaluate control design
  • Procedures to test the effectiveness and efficiency of controls
  • The adequacy of the engagement work program
  • Identification of testing methodologies for an engagement that includes accounting, finance, IT systems, business operations, or cybersecurity
  • Financial, human, and technological resources required for the engagement
  • Evaluation of implications of resource limitations
Part 2: Information Gathering, Analysis, and Evaluation (40%)
Sources of information to support engagement objectives and procedures
  • Suitable methods for obtaining information, including interviews, observations, walk-throughs, and data analyses
  • Suitable documents for obtaining information, including policies, checklists, risk and control questionnaires, and self-assessment surveys
Evaluation the relevance, sufficiency, and reliability of evidence gathered to support engagement objectives
  • Suitable criteria in evaluating the quality of evidence
  • Factors that impact the reliability of evidence, such as obtaining the evidence directly from an independent source, obtaining corroborated evidence, and gathering evidence from a system with effective governance, risk management, and control processes
  • Evidence that would allow an informed and competent person to reach the same conclusions as the internal auditor
Technology options to develop and support engagement findings and conclusions
  • Efficient and effective solutions, including artificial intelligence, machine learning, robotic process automation, continuous monitoring, dashboards, and embedded audit modules
Analytical approaches and process mapping techniques
  • Process workflow segments
  • Process workflows through process mapping, walk-throughs, and responsibility assignment matrices
  • Data types, including structured and non-structured
  • Data analytics processes, including defining objectives, obtaining relevant data, normalizing data, analyzing data, and communicating results
  • Various data analysis methods, such as diagnostic analysis, prescriptive analysis, predictive analysis, anomaly detection, and text analysis
Analytical review techniques
  • Analyzing ratios, variances, trends, financial and nonfinancial information, and benchmarking results
  • Analytical techniques to achieve engagement objectives
The difference and significance between evaluation criteria and existing conditions of each finding
  • Analysis of existing conditions and compare to evaluation criteria
  • Identify root causes and potential effects of deviations from evaluation criteria
  • Appraise factors to establish the significance of findings
Workpapers preparation, including relevant information to support conclusions and engagement results
  • Organize information in workpapers
  • Identification of elements of workpapers that are complete and include sufficient evidence
  • The link between workpapers and the engagement results
  • Factors to be considered when organizing and retaining engagement documentation, including regulatory requirements and internal policies
Summarize and develop engagement conclusions
  • The significance of aggregated findings by applying professional judgement
  • Elements to be considered when developing engagement conclusions, such as the effectiveness of governance, risk management, and control processes
Part 3: Engagement Supervision and Communication (10%)
Supervising audit engagements
  • How supervision applies throughout engagements, including during engagement planning
  • Supervisor responsibilities related to coordinating work assignments, reviewing workpapers and engagement conclusions, and evaluating auditors' performance
Effective communication with stakeholders
  • Effective communication methods (formal or informal, written or oral) during planning, fieldwork, and reporting
  • Identification of the situations that require escalation
  • Determination of appropriate stakeholders for engagement communication

Who Should Attend?

This highly practical and interactive course is tailored for professionals who aspire to achieve the Certified Internal Auditor (CIA) designation and advance their careers in internal audit. It is designed for:

Chief Audit Executives 

Audit Managers

Internal Audit Staff

Risk Management Professionals

Compliance Officers

Finance Professionals

FAQ

What language will the course be taught in and what level of English do I need to take part in a LEORON training program?
Most LEORON courses are delivered in English. However, there are some courses offered in Arabic, mainly online. For our in-house courses, sessions can be curated and delivered in any language upon request. In general, the best way to confirm language availability is to check with our Enrollment Managers for the most up-to-date information. Simply click on “Let’s talk on WhatsApp” to chat with us directly.
What formats are the courses offered in?
LEORON delivers training in various formats including face-to-face, live virtual sessions, self-paced learning, in-house delivery as well as online courses.
Are LEORON Public courses certified by an official body/organization?
Yes, most LEORON public courses are accredited by internationally recognized bodies such as CIPD, ATD, PMI, EdEx, and many others—depending on the course.
Who accredits LEORON’s training programs?
LEORON partners with over 20 international bodies such as PMI, CIPD, ATD, EdEx, NASBA, CISI, GARP, HRCI, SHRM, ACCA, ASQ, IIA, ILM, IAC, and others
Are CPD points or PDUs provided?
Yes, learners can earn CPD credits and professional development units (PDUs) including NASBA CPEs, PMI PDUs, CISI, GARP, HRCI, SHRM, and more.
How can I register for a course?
You can register through our website by filling in the inquiry form, or by speaking directly with one of our consultants via WhatsApp or email. Once we confirm your interest, we’ll guide you through the steps.
When is the registration deadline for public courses?
Registration typically closes 14 days before the course start date, with occasional late registrations accepted upon confirmation
What is included in the course fee?
The fee generally covers 5-star venue facilities, training materials, certified instruction, lunches and refreshments, plus certification and membership where applicabl0065
Are there group rates or discounts?
Yes, group bookings and corporate-level discounts are available. Learners are encouraged to reach out to discuss specific arrangements
What support is available with registration?
Enrollment Managers and a Registration Desk assist with the entire process, including deadlines, travel logistics, and course customization. As well as any other special requests you might have. Simply to go your preferred course and click on “Let’s chat on WhatsApp” to do so.
Can I request a bespoke course at my location or within my organization?
Yes, in-house training is fully customizable in terms of curriculum, language, delivery, and timing. You can suggest dates and locations. Simply to go your preferred course and click on “Let’s chat on WhatsApp” in order to address any questions or concerns in this regards.
What is the refund or cancellation policy?
Refund and cancellation policies vary depending on the course type and location. Generally, cancellations made at least 14 days before the course start date may be eligible for a full or partial refund, while cancellations made closer to the course date may incur a fee. For exact terms, please consult your Enrollment Manager or refer to the course confirmation email.
Can I register multiple employees from my company?
Yes. We support group registrations and offer corporate packages for organizations enrolling multiple participants. Our team can help coordinate the logistics for group bookings.
Who should attend these courses?
LEORON caters to a variety of professionals: from those seeking leadership development to project managers, HR specialists, finance professionals, cybersecurity, procurement, Ai enthusiasts and many others.
Do I need prior experience or academic qualifications?
Not always. Many specialized paths, like cybersecurity, accept learners without prior experience. However, some courses (e.g., PMI PDU-based ones) may have recommended prerequisites. Its always better to chat with one of our Enrollment Managers to discuss more. Simply to go your preferred course and click on “Let’s chat on WhatsApp” to do so.
Will I receive a certificate after completing the course?
Yes. Upon full attendance and successful completion, you will receive a certificate of participation or accreditation, depending on the course.
Are meals and refreshments included in face-to-face courses?
Yes. For in-person courses, lunch and coffee breaks are provided daily at the venue.
Can LEORON deliver a course in-house at our organization?
Absolutely. All programs can be delivered privately at your company or virtually for your team, customized to match your internal goals and structure.

Reviews

  • Review:
    IAMM Internal Audit Maturity Model
    In recognition of their dedication and contribution supporting IKEA Saudi Arabia in arranging training programs during 2017 & 2018, looking forward for more development and exciting effort this year. On behalf of IKEA Saudi Arabia, THANK YOU!
    Dalal Kutbi
  • Review:
    Certified Professional in Quality and Patient Safety
    Dating back to 2014, Mobily’s “LEORON” experience has grown from a single collaboration to a long-term partnership. We consider “LEORON” Institute as a strategic partner, whose contribution has been nothing but premium in equipping our staff with field-based knowledge and information. Past three years have resulted with an expanded collaboration with superior customer service and support. Best Regards,
    Turki S. Alsahaan
  • Review:
    Certified Professional in Quality and Patient Safety
    Since the partnership was signed between BAE Systems Saudi Development & Training and LEORON in 2017, we have been working together to offer the Saudi market a complete portfolio of training solutions benefiting from the wide and extensive experience of both parties. Recognizing the great success of this partnership, we are looking for further collaborations in the future that will position both companies as one of the leading training providers in Saudi Arabia. We thank the LEORON team for their full cooperation and continuing support, and look forward to further success together in the years to come.
    Emad Alrajih
  • Review:
    Certified Professional in Quality and Patient Safety
    We have been working with LEORON for the past two years and will be working with them again this upcoming year. The programs they delivered were fruitful and exciting and our organization has received positive feedback from the participants. What our organization aims to do is to provide at no cost training for all the private sector employees so that they may benefit from our offered programs in Innovation and Professional development. LEORON has helped us achieve this goal. We look forward to continuing this service and wish them the best of luck. Regards,
    Nasser M. Al-Subaie