A Competent Internal Auditing Function

What does it mean?  Where do you start? What should you expect?

A series of 3 one-day seminars on Best Internal Auditing Practice
Improving Organisation Performance by providing Assurance about Risk and Control
16th January, 2002 Hotel Taj – Roof Top Rendezvous – Mumbai, India

Managing Business Risk

21st  January, 2002 - Hotel Windsor Sheraton & Towers – Regency
Bangalore, India

Repositioning the Internal Auditing Function

24th January, 2002 - Hotel Taj Connemara – Binny Room - Chennai, India
A Sama Presentation for Corporate Governors, Senior Management and Risk & Audit Professionals by Barry S Leithhead FCPA CIA, Australia International Consultant & Speaker on Risk Analysis & Internal Auditing In conjunction withSama Audit Systems & Softwares Pvt. Ltd .

Organisation Challenges

Growth opportunities, competition, cost reduction, downsizing, value creation for shareholders and customers, profit center restructuring and bottom line improvements are providing new challenges for  organisations, corporate governors and Internal Audit professionals. Global, regional and industry dynamics are changing constantly, with very significant impacts on organisation risks and control systems.  How can an organisation stay ‘in control’ in such challenging times?  Internal auditing (in particular must make a value-adding contribution or it will become irrelevant.

This series of workshops provide practical guidance about improving organisation performance through better risk management and control systems.  Internal auditing contributes to corporate governance by providing assurance about risk and control.  But that alone is not enough – better organisation performance must be internal auditing’s goal.  Only when the internal auditing function is competent, can the organisation expect the best from the people in the function.

There is confusion about the connection between risk management, internal auditing and control systems.  These seminars remove that confusion by providing a strategy for ‘Risk Assurance Services’ and practical guidance in best practices in risk assurance using relevant case studies from Indian organisations.  The seminars are designed to provide practical and personal assistance to understand and apply these practices.

Who should attend?

The seminars are designed for Audit Committee Members, CEOs & CFOs, other senior managers and professionals in Internal Auditing and Risk Management.  These are the people for whom the seminar answers the questions about competent ‘risk assurance services’

What does it mean?  Where do you start? What should you expect?

This is a unique opportunity to bring specific challenges into an interactive and stimulating workshop. Under the guidance of your expert facilitator, you will really get to grips with and solve those issues that have been restricting your development.

In Addition..

The seminars are supported by a series of High Tea presentations in each city on the subject:

 “Internal Auditing’s contribution to Corporate Governance”

Course Contributors

Barry S Leithhead FCPA CIA specializes in Risk Analysis and Internal Audit and has a wealth of practical experience backed up by research and training. As a Corporate Risk Manager and Internal Audit Manager he developed simple and effective methods for Business Risk Management. As one of the developers of the IIA’s global Competency Framework for Internal Auditing, published in March 1999, Barry researched the best future practice of internal auditing over a 3-year period.

Barry was Contributing Editor of the Risk Watch segment of ‘Internal Auditor’ and a member of the IIA’s International Ethics Committee. He presents seminars on best practice Risk-Based Internal Auditing in Australasia, South East Asia and the Middle East.

Leithhead & Associates have clients in public and private sectors in Australia, Malaysia and the Middle East and networks with other specialist consultants in risk management, audit and control self-assessment.

He will be assisted by Deepjee Singhal, Chartered Accountant and Manish Pipalia, Chartered Accountant.

Improving Organisation Performance by providing Assurance about Risk and Control

1-Day Workshop Wednesday January 16, 2002
Mumbai, India


  1. Promote Internal Auditing’s contribution to organisation performance.
  2. Understand the interaction between Performance, Risk and Control.
  3. Apply relevant case studies to demonstrate performance improvement.
  4. Realize the benefits of alliances between Risk Assurance functions.


The presentation style will be a mix of explanation of the subject matter by the seminar leader, intensive discussion and lively participation.

  1. PERFORMANCE IMPROVEMENT –‘Assuring performance objectives are achieved or bettered’CFIA’s 4X3 Matrix of Focus, Process and Outcomes (Understanding, Improvement, Assurance) Is Internal Auditing’s Objective:
    • To improve risk management and control systems and hence improve control? OR
    • To improve achievement of objectives

    Improving Organizational Performance is the direct purpose of Risk Assurance: Cases

  2. RISK – ‘Potential Impacts on Performance Objectives’
    • Taking a ‘stance’ on Risk
    • The Australia/New Zealand Risk Management Standard (AS/NZS 4360:1999)
  3. CONTROL – ‘Anything that assists the achievement of Performance Objectives ‘
    • Practical philosophies about control:
    • Control Models e.g. COSO (Treadway, U.S.A)
    • Control Models e.g. CoCo (CICA, Canada)
  4. INTERNAL AUDITING – ‘Developing understanding about risk and control’

     The Competency Framework Focus and Process 4X3 Matrix.


    Quality Management , Risk Management, Human Resource Development, Strategic Development, Planning, Environment, Health & Safety, Compliance, Legal, Security. Practices, Literature, education, research, professional associations.

Business Risk Management (BRM)

1-Day Workshop Saturday January 19, 2002
Bangalore, India


  1. Develop sensitivity to risk exposures;
  2. Practice risk analysis techniques using relevant cases;
  3. Understand risk assessment by applying evaluation scales;
  4. Contribute to risk treatment options and actions.


BRM has two primary dimensions

  1. Opportunities – Positive impacts; aggressive management;
  2. Threats- Negative impacts, defensive management.
  1. BRM Processes AS/NZS 4360:1999
    1. Establish context:
      • Strategic context; Organizational context; Risk management context;
      • Decide the structure;
      • Develop criteria;
    2. Identify risks
    3. Analyse risks
      • Determine Likelihood; Determine Consequences; Establish level of risk;
    4. Evaluate and prioritise risks
    5. Treat risks:
      • Resource allocation (management);
      • Control systems improvement (management and internal auditors);
      • Identify and evaluate treatment options;
      • Prepare and implement treatment plans;
    6. Monitor and Review
  2. Case Studies in Business Risk Management

    Relevant Examples from Indian and other organisations.

  3. Methodware's Risk Advisor ’99  software tool
    • Using the tool templates to understand the process;
    • Entering data from the case studies to create the risk profile;
    • Reporting the Risks, Controls and Treatments.
  4. Steps in Implementing Business Risk Management
    • Gaining Senior Management’s attention and support;
    • Integrating with other business processes;
    • Policy, Program and Processes;
    • Selecting the starting point.
Repositioning Internal Audit for Excellence

1-Day Workshop Thursday January 24, 2002
Chennai, India
Seminar Outline

Dynamic, growing organisations need assurance about risk and control, but many internal auditing functions do not address the big issues those organisations face.   Using the IIA’s global Competency Framework (CFIA) you can change that, drawing on the contributions of 600 profession thought leaders from around the world.   With a new description of internal auditing, a new ‘Service Value Proposition’ and well-described task performance criteria, CFIA is the way forward for best practice.

What is Repositioning?

  • Moving from where you are, to where you want/need to be
  • Being a different person/function
  • Changing the way you respond/interact with your "conditions and circumstances"
  • Recognizing opportunities
  • Being prepared for the opportunities to arise
  • Taking action, when the opportunities arise.

    Taking action to get where you want to be (CSA2):
  • Deciding where you want to be, where you are, and how the gap is "a problem"
  • Why this problem or gap exists – the underlying causes
  • All the things you could do to remove the cause
  • Obstacles others have to remove
  • What you are doing/will do.

This intensive full day workshop will cover:    
  • An explanation of the IIA’s global Competency Framework and the opportunities it creates for the profession and practitioners
  • The 10 strategic initiatives Internal Audit Directors have to take to reposition the Internal Auditing function to best serve dynamic, growing organisations
  1. Negotiating the IA role
  2. Improving Organisation Performance
  3. Customer Satisfaction Drivers
  4. Resourcing, Outsourcing Competencies
  5. Strategic Alliances with other functions
  6. Business Risk Management
  7. Risk, Quality, Control, Self-Assessment
  8. Creating an Accountability Environment
  9. What to Audit – Priorities, Subjects, Issues
  10. Designing the Services needed
  • The Value Proposition for ‘new’ internal auditing that defines the quality, substance and  suitability of audit services
  • Using CFIA for assessing the internal auditing function and practitioners, for recruitment, job structuring, design a training program, and much more..