Internal Audit is a critical function that supports top management by providing a systematic approach to evaluating and improving the effectiveness of the organisation.
The world is changing and becoming increasingly data centric so Internal Audit needs to adapt too. New macro level controls that evaluate effectiveness of data related policies, strategies and architecture are required. Enhanced micro level controls that evaluate detailed compliance of functions and systems are required.
Internet, electronic trading, social media and mobile usage has transformed the world, generated huge growth of data and made its management a Board level issue.
Data lies at the heart of the organisation.
Laws and internal practices need to catch up to be relevant and effective.
With respect to personal data, the General Data Protection Regulation (GDPR) is the EU’s initiative to overhaul privacy laws to create an effective legislative framework. It will have a huge impact and will demand extensive self-regulation.
Internal Audit (IA) is a crucial, independent, objective assessment and assurance activity designed to de-risk and add value to an organisation. IA needs to adapt:
- To fulfil the self-regulation aspects of GDPR (and many other regulations)- To enhance the audit framework to reflect the significance of data to the organisation
The purpose of this course is to describe macro (big picture) and micro (the devil is in the detail) level enhancements to empower IA to ensure the organisation has an effective and powerful agenda for managing data for GDPR and beyond.
An understanding of the strengths and limitations of the macro level data controls
- Architecture and taxonomies
- Policies and strategies
- Governance and controls
An understanding of the strengths and limitations of the micro level data controls:
- System audits and data quality management, lineage etc.
An ability to analyse issues at different levels of management
An ability to understand data usage across the organisation and make insightful recommendations for adding value or reducing cost
Effective monitoring, feedback and improvement of macro level data controls leading to long term systems, process, risk management and organisational improvements
Effective monitoring, feedback and improvement of micro level data controls leading to long term systems, process, risk management and organisational improvements
Creation of an effective catalyst for change in today's data driven world
One eLearning course segmented into three modules. The contents of the three modules are described in Course Contents below.
- A one day seminar/workshop, highly interactive with case study exercises and feedback
- An eLearning self-paced module on the General Data Protection Regulation to provide background on GDPR and managing data about people
- An eLearning module on BCBS 239, Risk data management regulation to provide background on approaches to managing data and providing effective governance
The workshop is a full day from 9-5pm.
Each eLearning module has an approximate duration of 1 hour.
The workshop has a certificate of completion.
The eLearning modules both have optional certification tests.
The test consists of multiple choice, matching pair and true/false questions. Test questions are randomised.
The test should take approximately 15 minutes. There is a time limit of 30 minutes.
The delegate must answer all questions correctly.
On the eLearning modules there are self-assessments in each module that you can take as many times as you like.
This is confidential and does not form part of your test score.
The course modules and certification test are globally available without restriction.
They can be accessed 24/7.
The cost of the course for one delegate is GBP 650 includes the workshop and two eLearning courses (approx value GBP 200.00) (plus VAT where applicable).
If you would like to pay against an invoice then please email us with Purchase Order details at sales@edmworks.com.
If you are interested in making a bulk corporate order, please email sales@edmworks.com for more information.
- The workshop and eLearning Courses
- A recognised certificate
- Entries in the EDMworks Register
- The option to make this record public for job requirements
- A brief history of internal audit
- Underlying principles, purpose and intent
- Independence and advisory roles
- Processes, data, systems, quality, controls, reporting, assets
- Policies, Risk, Governance and Compliance
- Audit prioritisation, planning and control
- Scope, objectives, principles and rights
- Obligations, roles and accountabilities
- Transfers and contracts
- Liabilities and penalties
- Privacy by design and default
- Privacy Impact Assessments
- Breach Incident Management
- Self regulatory aspects and liaison with supervisors
- Examples of other self-regulatory regulations
- Data at the heart. Interaction with process and management
- Data flows or data stores?
- Fit for purpose data architecture
- Fit for purpose data strategy
- Fit for purpose data quality
- Critical architectural components
- Taxonomies
- Organisation models for data ownership and accountability
- Governance and control processes
- Data flows, lineage and controls
- Enterprise data dictionary and inventory
- Privacy and consent management
- Magic triangles: Architecture, Audit and Governance
- System/process reviews
- Policy compliance
- Strategy compliance
- Architecture compliance
- Data mapping and transformation control
