Course Overview
This course is intended to establish a comprehensive understanding of compliance regulations both in the domestic U.S. and globally. This course will provide insights and essential tools for the participants to utilize at their organizations when performing internal audit activities against regulatory guidelines. This course is designed for internal auditors that are involved in assessing processes that require regulatory compliance, and need to know how to assess for accuracy, completeness, and currency of existing data collection, management, and reporting processes and those wishing to gain an understanding of the regulatory, financial, and reputational risks resulting in the the impact of inaccurate and/or incomplete data collection, data protection, and regulatory reporting.
Course Objectives
- Establish the importance of compliance and compliance reporting.
- Explore a suite of commonly encountered regulations impacting one or more industries focus on data collection, data protection, breach notification and compliance reporting requirements, current proposals, and recent changes.
- Review the suite of common risks and controls related to identifying and maintaining regulatory compliance in general.
- Discuss common U.S. and international data privacy regulations, and notable failure impacts.
- Evaluate common U.S. and international cybersecurity regulations, and notable failure impacts along with their impact on privacy regulations and the cryptocurrency industry.
- Identify challenges with maintaining compliance during rapidly shifting global work conditions, including: increased volume of remote work, shifts to company culture, and increased demand for employee mental health and well-being.
- Examine the impact of climate change, environmental, environmental, and governance (ESG) and diversity, equity, and inclusion (DEI).
- Articulate the importance of data protection regarding data and people analytics.
- Explore current regulatory environment related to blockchain frameworks, and associated audit activities.
- Apply common techniques for performing internal audit activities against common regulatory guidelines.
- Identify common indicators of compliance-related fraud and how to identify, validate, and report such fraud.
- Evaluate internal audit’s role in compliance.
Course Topics
Compliance Overview
- Importance of compliance and compliance reporting.
- Regulatory guideline discovery techniques.
- Review of common:
- Financial services regulations including cryptocurrency.
- Health and safety regulations.
- Critical infrastructure regulations.
- Public sector regulations.
- Retail regulations.
- Manufacturing regulations.
- Social media regulations.
General Regulatory Compliance Risk and Controls
- The impact of culture on regulatory compliance.
- Learning vs. blaming culture.
- Compliance vs. non-compliance culture.
- Risk-adverse vs. risk-aggressive culture.
- The role and duties of the compliance committee.
- The role of the board and audit committee.
- Common controls to improve regulatory compliance.
- Common risks that impede regulatory compliance.
Data Privacy Regulations
- History and purpose of establishing data privacy regulations and notable failures.
- Data privacy disclosure and reporting requirements.
- Current and emerging regulatory requirements.
- Risks of inadequate protection of non-public data and information.
- Controls to protect data privacy.
- Techniques for internal auditors to assess the effectiveness of controls to ensure compliance with data privacy regulations.
- Overview of EU GDPR.
- Documenting data flow including IT-controlled and end-user (shadow-IT) controlled input sources.
- Opportunities for data analysis and automation in GDPR testing.
- Understanding the difference between accidental actions, management overrides with unintentional negative consequences, and fraudulent activities.
Cybersecurity Regulations
- History and purpose of establishing cybersecurity regulations and notable failures.
- Impact of privacy and cryptocurrency regulations on cybersecurity and incident response.
- Impacts of supply chain and other third-party risks.
- Cybersecurity and third-party risk management requirements.
- Cyberattacks including data breach disclosure, and reporting requirements.
- Risks of inadequate cybersecurity protections.
- Controls to protect against cyber exploits.
- Techniques for internal auditors to assess the effectiveness of controls to ensure compliance with cybersecurity and cryptocurrency regulations.
Response to a Rapidly Shifting Global Work Environment
- Identify challenges with maintaining compliance during within a rapidly shifting global work environment, including:
- Increased volume of remote work.
- Shifts to company culture.
- Increased demand for employee mental health and well-being.
- Impacts of long-term shifts to remote work regarding maintaining regulatory compliance.
- Risks of inadequate protections and policies for telecommuting.
- Controls to protect data from inappropriate remote access and inappropriate data usage.
- Techniques for internal auditors to assess the effectiveness of controls to ensure compliance with regulations in a work-from-home/ remote-work environment.
Public Sector Regulations
- Overview of regulations relating to purchasing (supply chain), grants, taxes, and contracting.
- Current and emerging regulatory requirements.
- Documenting data flow including IT-controlled and end-user (shadow-IT) controlled input sources.
- Opportunities for data analysis and automation in regulatory compliance testing.
- Typical audit activities.
- Understand the difference between accidental actions, management overrides with unintentional negative consequences, and fraudulent activities.
- Strategies for identifying, investigating, and communicating suspicious activities.
Sarbanes-Oxley
- Overview of the regulation.
- Current and emerging regulatory requirements, including SOX for cybersecurity.
- Documenting data flow including IT-controlled and end-user (shadow-IT) controlled input sources.
- Opportunities for data analysis and automation in SOX testing.
- Typical audit activities.
- Understand the difference between accidental actions, management overrides with unintentional negative consequences, and fraudulent activities.
- Strategies for identifying, investigating, and communicating suspicious activities.
PCI-DSS
- Overview of the regulation.
- Current and emerging regulatory requirements.
- Documenting data flow including IT-controlled and end-user (shadow-IT) controlled input sources.
- Opportunities for data analysis and automation in PCI testing.
- Typical audit activities.
- Understanding the difference between accidental actions, management overrides with unintentional negative consequences, and. fraudulent activities.
- Strategies for identifying, investigating, and communicating suspicious activities.
HIPAA
- Overview of the regulation.
- Current and emerging regulatory requirements.
- Documenting data flow including IT-controlled and end-user (shadow-IT) controlled input sources.
- Opportunities for data analysis and automation in HIPAA testing.
- Typical audit activities.
- Understanding the difference between accidental actions, management overrides with unintentional negative consequences, and fraudulent activities.
- Strategies for identifying, investigating, and communicating suspicious activities.
GLBA and FINRA
- Overview of the regulations.
- Current and emerging regulatory requirements.
- Documenting data flow including IT-controlled and end-user (shadow-IT) controlled input sources.
- Opportunities for data analysis and automation in GLBA and FINRA testing.
- Typical audit activities.
- Understanding the difference between accidental actions, management overrides with unintentional negative consequences, and fraudulent activities.
- Strategies for identifying, investigating, and communicating suspicious activities.
Block Chain Technology
- Overview of current regulatory environment related to blockchain frameworks.
- Provide insight into regulatory trends related to cryptocurrencies, NFTs, Smart Contracts, etc.
- Discuss the use of blockchain technology in money transfer, IoT, personal identity security, healthcare, logistics, government, and media.
- Typical audit activities.
- Understanding the difference between accidental actions, management overrides with unintentional negative consequences, and fraudulent activities.
- Strategies for identifying, investigating, and communicating suspicious activities.
Expanding Public Reporting: ESG, DEI, and Beyond
- Illustrate the impact of environment, society, and governance (ESG) and diversity, equity, and inclusion (DEI), while ensuring regulatory compliance and reducing reputational, regulatory, and financial risks.
- Impacts of current and emerging requirements for ESG reporting.
- Risks of inadequately collecting, storing, and reporting ESG- data to regulators and other key stakeholders.
- Controls for collecting, managing, and reporting on ESG and DEI related activities.
- Techniques for internal auditors to assess the effectiveness of controls to ensure compliance with regulations and stakeholder expectations regarding ESG and DEI.
Prerequisites:
Tools for the New Auditor and/or previous internal audit experience.
Location: The venue will be decided prior to the course date
