ISO 31000 Internal Auditor Training

The ISO 31000 Internal Auditor Course offers practical training on how to conduct internal audits of risk management systems. Aligned with ISO 31000 and ISO 19011 audit guidelines, this course equips learners with the techniques to evaluate and improve risk frameworks from within. It’s ideal for professionals looking to support risk governance, assurance, and strategic performance through structured internal audits. 

Key Topics Covered 

• ISO 31000 Risk Principles: Understanding the foundations of effective risk management 

• Audit Planning and Preparation: Scope, objectives, and checklist development  

• Audit Execution: Gathering evidence, conducting interviews, and identifying gaps  

• Reporting and Follow-Up: Creating audit reports and supporting improvement actions  

• Risk Awareness and Culture: Evaluating organisational commitment to risk-based

Course Benefits 

• Build Internal Assurance Skills: Confidently audit risk practices and controls  

• Improve Risk Visibility: Help your organisation identify gaps and strengthen resilience  

• Support Compliance and Governance: Ensure risk management aligns with strategic goals  

• Prepare for audit leadership: Develop foundational skills for future Lead Auditor roles 

This course is ideal for individuals involved in internal audits or risk oversight. It is suitable for: 

• Internal Auditors  

• Risk and Compliance Officers  

• Operational Managers  

• Governance Professionals  

• ISO Coordinators  

• Quality or Business Continuity Team Members 

Module 1: Introduction to ISO 31000 

• Introduction 

• Scope 

• Normative References 

• Terms and Definitions 

• Principles 

Module 2: Risk Management 

• Introduction 

• Process 

• Response to Risks 

• Importance of Risk Management 

Module 3: Framework 

• General 

• Leadership and Commitment 

• Integration 

• Design 

• Implementation 

• Evaluation 

• Improvement 

Module 4: Process 

• General 

• Communication and Consultation 

• Scope, Context, and Criteria 

• Risk Assessment 

• Risk Treatment 

• Monitoring and Review 

• Recording and Reporting 

Module 5: Risk Treatment 

• Risk Response Planning 

• Identification of Options 

• Development of Action Plan 

• Approval of Action Plan 

• Implementation of Action Plan 

• Identification of Residual Risks 

Module 6: Methods for Risk Management 

• Avoidance 

• Retention 

• Sharing 

• Transferring 

• Loss Prevention and Reduction 

Module 7: Audit Risk 

• What is Audit Risk? 

• Types of Audit Risk 

Module 8: Internal Audit and Principles of Auditing 

• What is an Internal Audit? 

• What Do Internal Audits Accomplish? 

• Risk Management and Compliance 

• Duties of an Internal Auditor 

• Introduction to Auditing 

• Principles of Auditing 

Module 9: Managing an Audit Programme 

• General 

• Establishing Audit Programme Objectives 

• Determining and Evaluating Audit Programme Risks and Opportunities 

• Establishing the Audit Programme 

• Implementing Audit Programme 

• Monitoring Audit Programme 

• Reviewing and Improving Audit Programme 

Module 10: Conducting an Audit 

• General 

• Initiating Audit 

• Preparing Audit Activities 

• Conducting Audit Activities 

• Preparing and Distributing Audit Report 

• Completing Audit 

• Conducting Audit Follow-Up 

By the end of the course, you will be able to: 

• Understand ISO 31000 and its relevance in internal auditing  

• Plan and conduct internal audits of risk management systems  

• Identify and report on areas of nonconformity or improvement  

• Apply ISO 19011 techniques for effective internal audits  

• Support continual improvement of risk frameworks within your organisation 

To achieve the ISO 31000 Internal Auditor Certification, candidates will need to sit for an examination. The exam format is as follows:  

• Question Type: Multiple Choice  

• Total Questions: 30  

• Total Marks: 30 Marks  

• Pass Mark: 50%, or 15/30 Marks  

• Duration: 40 Minutes