06340158 - Risk management, internal audit and control
| Crédits ECTS | 6 |
|---|---|
| Volume horaire total | 4E+1 |
| Volume horaire CM | 40 |
Responsables
- CANU Aymeric
Objectifs
This course introduces the key concepts and methodologies of internal audit, risk management, and internal control. It provides a practical framework to assess risks, evaluate control systems, and conduct audits effectively.
Through real-world examples, tools, and structured approaches (COSO, International audit standards, three lines of defense, etc.), participants will learn how to support governance, prevent fraud, and enhance compliance. Ethics and crisis management are also covered to give a 360° view of the auditor’s role in a changing environment.
Estimation of private study (outside of contact hours): 4 hours
DIMENSION OF SOCIAL RESPONSIBILITY
The course highlights the auditor’s role in supporting ethical conduct, regulatory compliance, and sustainable practices. Topics such as anti-corruption, data privacy, and ESG reporting are addressed, reinforcing the importance of transparency and accountability in today’s organizations.
TARGETED KNOWLEDGE AND SKILLS
Knowledge
• Fundamentals of internal control, internal audit, and risk management
• Key frameworks: COSO, International Audit Standards, Three Lines of Defense Scheme, ISO 31000
• Main regulatory environments impacting internal control & audit : AMF, Sapin II, FCPA, GDPR, CSRD…
• Concepts of ethics, compliance, and crisis management
Skills
• Identify, assess, and map risks
• Conduct a full internal audit process from planning to follow-up
• Use audit tools (flowcharts, walkthroughs, SoD analysis, etc.)
• Detect fraud indicators and recommend preventive measures
• Write clear audit reports and formulate actionable recommendations
• Communicate effectively with audited parties
• Contribute to the continuous improvement of internal control systems
Through real-world examples, tools, and structured approaches (COSO, International audit standards, three lines of defense, etc.), participants will learn how to support governance, prevent fraud, and enhance compliance. Ethics and crisis management are also covered to give a 360° view of the auditor’s role in a changing environment.
Estimation of private study (outside of contact hours): 4 hours
DIMENSION OF SOCIAL RESPONSIBILITY
The course highlights the auditor’s role in supporting ethical conduct, regulatory compliance, and sustainable practices. Topics such as anti-corruption, data privacy, and ESG reporting are addressed, reinforcing the importance of transparency and accountability in today’s organizations.
TARGETED KNOWLEDGE AND SKILLS
Knowledge
• Fundamentals of internal control, internal audit, and risk management
• Key frameworks: COSO, International Audit Standards, Three Lines of Defense Scheme, ISO 31000
• Main regulatory environments impacting internal control & audit : AMF, Sapin II, FCPA, GDPR, CSRD…
• Concepts of ethics, compliance, and crisis management
Skills
• Identify, assess, and map risks
• Conduct a full internal audit process from planning to follow-up
• Use audit tools (flowcharts, walkthroughs, SoD analysis, etc.)
• Detect fraud indicators and recommend preventive measures
• Write clear audit reports and formulate actionable recommendations
• Communicate effectively with audited parties
• Contribute to the continuous improvement of internal control systems
Contenu
COURSE OUTLINE
1. Risk Management and Internal Control System
2. Internal Control : COSO Framework & Three lines of Defense
3. Internal Audit : Role , Objectives and process
4. Fraud Risk & Detection tools
5. Ethics and Compliance Risk
6. Risk and Crisis Management
7. Audit Methodology:
- Risk-Based Approach and Audit Cycle
- Fieldwork Techniques: Interviews, Testing, Process Mapping
- Case Studies and Real-World Examples
- Audit Reporting and Follow-Up
1. Risk Management and Internal Control System
2. Internal Control : COSO Framework & Three lines of Defense
3. Internal Audit : Role , Objectives and process
4. Fraud Risk & Detection tools
5. Ethics and Compliance Risk
6. Risk and Crisis Management
7. Audit Methodology:
- Risk-Based Approach and Audit Cycle
- Fieldwork Techniques: Interviews, Testing, Process Mapping
- Case Studies and Real-World Examples
- Audit Reporting and Follow-Up
Bibliographie
PRESCRIBED TEXTS AND PUBLICATIONS
• « Les Outils de l’Audit Interne » - Edition Eyrolles / IFACI
• COSO – Internal Control Framework (2017)
• IFACI / IIA – Standards for the Professional Practice of Internal Auditing
• ISO 31000 – Risk Management Guidelines
RECOMMENDED TEXTS AND PUBLICATIONS
• Loi Sapin II – French Anti-Corruption Law
• GDPR – General Data Protection Regulation
• FCPA – U.S. Foreign Corrupt Practices Act
• AMF Requirements on Internal Control
Additional materials include internal manuals, audit templates, and case studies provided during the course (i.e. PWC Worldwide analysis).
In addition, recommandation of video material (TV series such as The DropOut, Le Fièvre) and interviews (Alsthom, Audit evolution from Enron to WireCard)
EMBLEMATIC BOOKS OR RESEARCH PAPERS REGARDING THE SUBJECT OF THE COURSE
• COSO – Internal Control Framework (2017)
• IFACI / IIA – Standards for the Professional Practice of Internal Auditing
• ISO 31000: Risk Management – Principles and Guidelines
• « Les Outils de l’Audit Interne » - Edition Eyrolles / IFACI
• COSO – Internal Control Framework (2017)
• IFACI / IIA – Standards for the Professional Practice of Internal Auditing
• ISO 31000 – Risk Management Guidelines
RECOMMENDED TEXTS AND PUBLICATIONS
• Loi Sapin II – French Anti-Corruption Law
• GDPR – General Data Protection Regulation
• FCPA – U.S. Foreign Corrupt Practices Act
• AMF Requirements on Internal Control
Additional materials include internal manuals, audit templates, and case studies provided during the course (i.e. PWC Worldwide analysis).
In addition, recommandation of video material (TV series such as The DropOut, Le Fièvre) and interviews (Alsthom, Audit evolution from Enron to WireCard)
EMBLEMATIC BOOKS OR RESEARCH PAPERS REGARDING THE SUBJECT OF THE COURSE
• COSO – Internal Control Framework (2017)
• IFACI / IIA – Standards for the Professional Practice of Internal Auditing
• ISO 31000: Risk Management – Principles and Guidelines
Contrôles des connaissances
Individual grade
Audit Case analysis with :
- Risk assessment
- Recommandation
- Audit synthesis
1h
Other grade(s)
Grading during class
- Analysis of a real case of internal control deficiencies
- Analysis by group then public presentation
1h
Audit Case analysis with :
- Risk assessment
- Recommandation
- Audit synthesis
1h
Other grade(s)
Grading during class
- Analysis of a real case of internal control deficiencies
- Analysis by group then public presentation
1h
Informations complémentaires
TEACHING METHODS
The course combines lectures, case studies, group discussions, and practical workshops.
Emphasis is placed on interactive learning, real-life audit scenarios, and risk analysis exercises to develop hands-on skills
NATURE OF MATERIALS
Material includes slides, real cases and documents/templates, interactive & group exercises
TEACHING INNOVATIONS AND USE OF TECHNOLOGY
Use of video, use internet for autonomous search to support real case analysis & presentation
Recommandation of TV/films presenting real cases to illustrate the course
PRE-REQUISITES IN TERMS OF KNOWLEDGE AND SKILLS
• Basic understanding of corporate organization and business processes
• Familiarity with financial statements and accounting principles
• Interest in governance, compliance, and risk-related topics
• Analytical mindset and ability to work with structured information
RESOURCES AVAILABLE
IFACI (French Institute of Audit and Internal Control)
https://www.ifaci.com
French professional association, affiliated with the IIA. A national reference for internal audit practices in France.
H3C (High Council for Statutory Auditors)
https://www.h3c.org
Regulatory authority for statutory auditing in France.
IIA Global (Institute of Internal Auditors)
https://www.theiia.org
Global reference for the internal audit profession. Provides standards, certifications (CIA), and publications.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
https://www.coso.org
Key framework for internal control (COSO 2013) and risk management.
ISO – International Organization for Standardization
https://www.iso.org/iso-31000-risk-management.html
ISO 31000 standard for risk management.
AFA (French Anti-Corruption Agency)
https://www.agence-francaise-anticorruption.gouv.fr/fr
Public agency supporting public and private stakeholders in preventing and detecting corruption, in line with the Sapin II Law.
EDPB – European Data Protection Board (GDPR)
https://edpb.europa.eu
European authority on data protection (GDPR).
CSRD – Corporate Sustainability Reporting Directive
CSRD Link
EU directive requiring companies to disclose non-financial (ESG) performance information.
FERMA (Federation of European Risk Management Associations)
https://www.ferma.eu
European federation of risk management associations, including AMRAE. Advocates for risk managers at the EU level.
AMRAE (French Association for Corporate Risk and Insurance Management)
https://www.amrae.fr
France’s leading association for risk managers, corporate risk oversight, and insurance governance.
The course combines lectures, case studies, group discussions, and practical workshops.
Emphasis is placed on interactive learning, real-life audit scenarios, and risk analysis exercises to develop hands-on skills
NATURE OF MATERIALS
Material includes slides, real cases and documents/templates, interactive & group exercises
TEACHING INNOVATIONS AND USE OF TECHNOLOGY
Use of video, use internet for autonomous search to support real case analysis & presentation
Recommandation of TV/films presenting real cases to illustrate the course
PRE-REQUISITES IN TERMS OF KNOWLEDGE AND SKILLS
• Basic understanding of corporate organization and business processes
• Familiarity with financial statements and accounting principles
• Interest in governance, compliance, and risk-related topics
• Analytical mindset and ability to work with structured information
RESOURCES AVAILABLE
IFACI (French Institute of Audit and Internal Control)
https://www.ifaci.com
French professional association, affiliated with the IIA. A national reference for internal audit practices in France.
H3C (High Council for Statutory Auditors)
https://www.h3c.org
Regulatory authority for statutory auditing in France.
IIA Global (Institute of Internal Auditors)
https://www.theiia.org
Global reference for the internal audit profession. Provides standards, certifications (CIA), and publications.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
https://www.coso.org
Key framework for internal control (COSO 2013) and risk management.
ISO – International Organization for Standardization
https://www.iso.org/iso-31000-risk-management.html
ISO 31000 standard for risk management.
AFA (French Anti-Corruption Agency)
https://www.agence-francaise-anticorruption.gouv.fr/fr
Public agency supporting public and private stakeholders in preventing and detecting corruption, in line with the Sapin II Law.
EDPB – European Data Protection Board (GDPR)
https://edpb.europa.eu
European authority on data protection (GDPR).
CSRD – Corporate Sustainability Reporting Directive
CSRD Link
EU directive requiring companies to disclose non-financial (ESG) performance information.
FERMA (Federation of European Risk Management Associations)
https://www.ferma.eu
European federation of risk management associations, including AMRAE. Advocates for risk managers at the EU level.
AMRAE (French Association for Corporate Risk and Insurance Management)
https://www.amrae.fr
France’s leading association for risk managers, corporate risk oversight, and insurance governance.