As the two global headliners in best-practice solutions for conducting audits, both the COSO II – Enterprise Risk Management Frameworks (ERMF) and Control Objectives for Information and Related Technology (COBIT) procedural models offer an opportunity for integrated auditing between IT and commercial audits in the form of a consistent methodology according to international standards.
Course participants become acquainted with and learn to understand the transformation mechanism of a definition of assignments for examining an internal monitoring system. The internal monitoring system is defined according to the auditing field’s global professional association, the Institute for Internal Auditors (IIA), and consists of three components, namely internal control, risk management and a governance system. The resultant procedural models enable participants to interlink and apply the eight COSO II audit components directly with practical audit goals.
At the same time, ARC instructors employ audit objects and examples from the auditing field to illustrate the options and variations of practical applications in an everyday audit environment. Likewise, in combination with the COSO model in practical audit applications, an interconnection with IT-audit standards such as COBIT and the Information Technology Infrastructure Library (ITIL) is demonstrated. This consequently facilitates an integrated examination procedure between commercial and IT auditors. Within the integration framework of IT-audit examination goals, ARC instructors build upon an internationally validated audit model promoted by the Information Systems Audit and Control Association (ISACA) and the IIA as well as that of numerous projects which have been conducted.
Upon completion of coaching, participants succeed overall in achieving high-quality audit results through the interaction of IT and commercial auditing. Due to the audit procedures learned, course participants significantly increase not only the probability of success regarding their audit results and their degree of audit coverage. Rather, they also achieve a higher risk-oriented accuracy rate within the framework of audits that they perform. As a result, they are capable of achieving a structured, replicable audit success. This conforms entirely with the maturity-level expectations reflected in an audit-managed process in accordance with Capability Maturity Model Integration (CMMI).