Why This Course?

RBIA methodology and approach should constantly evolve in tandem with the changes taking place in and around the corporation we serve as the preferred assurance partner. The increasing demand for higher standard of assurance practices further fuel the needs to re-examine the thoroughness and adequacy of the RBIA approach adopted to yield the desired assurance outcome from our stakeholders.


One crucial aspect of the RBIA approach is to assess the design and implementation of controls against risks identified. In this regard, the challenge remains whether the right controls are being identified and scrutinized. Could there be any blind-spots in the effectiveness of oversight, competency of management, change management practices or other soft controls that were not adequately reviewed or reported?


This course aims at introducing the concept of RBIA to new and aspiring auditors coming into the Assurance profession. The auditors will be trained to recognize key risks that exist at the organizational (entity) and business activity level. More importantly, internal controls from the design and implementation for risk mitigation and compliance purposes will also be taught to ensure they are able to carry out audit fieldwork and testing effectively.

Learning Outcomes

Explore the best practices in audit methodology and approach

Be convinced with the benefits for adopting RBIA for a world-class audit function

Deep-dive into the application technique for Audit Planning ,Testing and Reporting  

Take-away the simple and practical secret to identify risk

Understand the many forms of internal controls against risks


Introduction to RBIA: The Concept of RBIA & Traditional and Compliance Audit versus RBIA

IIA’s Position on RBIA

Embracing RBIA : 5 Compelling Reasons for Adopting RBIA

Fitting RBIA Methodology into the Larger Picture of Assurance Today

Case Illustration: Risk-based Thinking in Real Corporate Situations

Issues and Challenges in Adopting RBIA Approach

Knowing the Difference between RBIA VS Enterprise Risk Management (ERM)

Overview and Phases of the RBIA Methodology: Audit Planning and Engagement Planning; Audit Fieldwork & Audit Reporting

RBIA : Annual Audit Plan (“AAP”) and Engagement Planning (“EP”): The Purpose

Having The End Product/ Deliverable in Mind : The AAP

What is AAP? & What is ORC? Recording of ORC using Risk and Control Matrix (RCM)

Risk Defined: Scoring of Risks (Likelihood and Impact)

Inherent and Residual Risk Identification

Vital Risk Assessment Approach and Technique & Prioritizing Area of Focus in AAP

What is EP? Key EP Performing Steps & Deliverables

RBA: Audit Fieldwork: The Purpose & Having The End in Mind for Audit Fieldwork Phase : Audit Testing & Evidence Review and Recording

Opening Meeting: Sharing of ORC and Audit Concerns & Approach

Audit Evidence (IPPF Guidance)

Completion of RCM and Controls Gap Identification

Concept of Audit Sampling and Testing Approach

Closing Meeting: Sharing of Assurance’s View in relation to the Business and Governance Practices

RBA: Audit Reporting: The Purpose & Having The End in Mind for Audit Reporting Phase: The Balanced Audit Reporting and Report

Meaning of Audit Finding and Audit Issue

Key Business and Governance Related Concerns/ Considerations

Develop Impactful and Value Adding Audit Issues

Root Cause: Definition and Approach to Identify Root Cause

Risk and Impact: Quantifying and Justifying Audit Issues to Convince The Board Audit Committee, Management/ Process Owners

Rendering Effective Audit Recommendation and Solution


Introductory Price Plan

On-Demand Animated Learning


  • Animated videos (Special link to access)
  • Reading materials (pre-course)
  • Learning reinforcement for individual modules
  • Quizzes and tests (post-course)
  • FOC LIVE Q&A session with the trainer (post-course) 
  • Summary report for quizzes and tests (post-course)
  • Course completion certificate
Individual: RM

Live Webinar


  • Live Webinar session (including case studies and Q&A session)
  • Reading materials (pre-course)
  • Learning reinforcement for individual modules
  • Quizzes and tests (post-course)
  • Summary report for quizzes and tests (post-course)
  • Course completion certification

*There will be short breaks and lunch allocated at appropriate intervals

Individual: RM



  • Face-to-face learning (including case studies and Q&A session)
  • Reading materials
  • Learning reinforcement for individual modules
  • Quizzes and Tests 
  • Summary report for quizzes and tests (post-course)
  • Course completion certificate
Individual: RM
Individual RM RM RM
Group Price Structure
No. of Participants Fee Per Participants
(On-Demand Animated Learning)
Fee Per Participants
(Live Webinar)
Fee Per Participants (Classroom)

For groups more than 20 person, please email us at hello.learninghub@centegy.com.my

Trainer's Profile

Steven Yee is a professional member of the IIA (Institution of Internal Audit) Malaysia and MICPA (Malaysian Institute of Certified Public Accountants). He obtained his professional training in the Assurance and Business Advisory unit of PwC Malaysia from 1993–2003. He is the founder and Managing Director in Centegy Governance Consulting Group, a boutique consulting firm that provides a range of Governance, Risk & Control (GRC) Assurance services to corporations in the ASEAN region.

Steven has headed various IA, Risk and Compliance functions in different industries with reporting lines to Board Audit & Risk Management Committees and CEOs over the past 15 years. Through his practical experience and passion, he brings an appreciation of the disciplined approach and innovation required to deliver consistent and insightful assurance results to the clients. Steven is also a seasoned and enthusiastic trainer on GRC related subjects in the region and is a panel trainer with the IIA Malaysia since 2005.

Related Courses

Enrolment Form

Risk Based Internal Auditing for Beginning Auditors

    Please Select:

    Participant Enrolment

    Participant 1:

    Participant 2:

    Participant 3:

    Participant 4:

    Participant 5:

    Participant 6:

    Participant 7:

    Participant 8:

    Participant 9:

    Participant 10:

    For groups more than 10, please email to hello.learninghub@centegy.com.my

    HR/ Training Personnel Details (mandatory)

    Terms and Conditions by relating to the training.

    Terms and Conditions

    Enrolment and Fee

    Malayan Banking Berhad (3813-K)

    Ground Floor, Wisma Sime Darby, Jalan Raja Laut

    50350 Kuala Lumpur, Malaysia (SWIFT CODE: MBBEMYKL)

    Bank a/c no: 5142 9913 1738 (Centegy Governance Advisory Sdn Bhd) 


    HRDF Claimants


    Cancellation and Replacement


    Data Protection



    The organiser reserves the right to make any amendments that it deems to be in the interest of the event without any notice.