Training Catalog

Audit of internal governance using COSO ERM 2017 and COBIT 2019




The participants will be able to:

  • Explain and use the COSO framework and its relevance to internal governance auditing.

  • Describe and use the COBIT framework and its application in assessing internal governance controls.

  • Analyze the interdependencies and complementarity between COSO and COBIT in auditing internal governance processes.

  • Identify key risks and controls within the internal governance system.

  • Apply COSO and COBIT principles and methodologies to assess the effectiveness of internal governance controls and provide added-value recommendations.

  • Understand the importance of aligning internal governance with organizational objectives and strategic priorities.

  • Recognize the role of technology and information systems in supporting internal governance and apply COBIT principles to assess their effectiveness.

  •  Stay updated with the latest developments and emerging trends in internal governance auditing.


Introduction to COSO ERM 2017 (Enterprise Risk Management) Framework

  • Overview of the COSO ERM 2017 framework and its components

  • Applying the five COSO ERM 2017 components: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring

  • Linking COSO ERM 2017 principles to internal governance objectives

  • COSO ERM 2017 and specific topics ‘fraud, cyber-security, risk appetite

  • Case studies and practical exercises to apply COSO ERM 2017 principles in internal governance auditing.

Description of the COBIT 2019 Framework

  • The COBIT 2019 framework and its domains

  • Understanding the COBIT 2019 Core Principles and the Governance and Management Objectives cascade

  • Linking COBIT 2019 principles to internal governance objectives

  • Applying COBIT 2019 in assessing IT governance controls within the internal governance system

  • Practical exercises to apply COBIT 2019 principles in internal governance auditing.

Synergies Between COSO ERM 2017 and COBIT 2019

  • Exploring the overlaps and synergies between COSO and COBIT

  • Identifying how COSO and COBIT can be used together to enhance internal governance auditing

  • Case studies and group discussions on integrating COSO and COBIT in internal governance audits

  • Assessing the effectiveness of internal controls using a combined COSO-COBIT approach.

Advanced Techniques in Internal Governance Auditing

  • Risk identification and assessment techniques in internal governance auditing

  • Evaluating the design and operating effectiveness of internal controls

  • Analyzing control deficiencies and their impact on internal governance

  • Integrating COSO and COBIT in identifying control gaps and recommending improvements

  • Using data analytics and technology-assisted auditing techniques in internal governance audits

Emerging Trends and Best Practices in Internal Governance Auditing

  • Review of emerging trends and challenges in internal governance auditing

  • Exploring the impact of digital transformation and emerging technologies on internal governance

  • Case studies on innovative approaches to internal governance audits

  • Discussion on reporting and communicating audit findings to key stakeholders

  • Recap of the key concepts, techniques, and insights gained throughout the programme.

Case Study 1 - Control Environment Assessment: Apply COSO ERM 2017 and COBIT 2019 principles to assess the control environment within an organization and identify areas for improvement.

Case Study 2 - Risk Assessment and Control Activities: Utilize COSO ERM 2017 and COBIT 2019 methodologies to assess risk and control activities within an internal governance system.

Case Study 3 - Information and Communication Assessment: Apply COSO ERM 2017 and COBIT 2019 principles to assess information and communication processes within an internal governance system.


This training program will adopt a blended learning approach to ensure an interactive and engaging experience for participants. The program will include a combination of: 

  • Interactive lectures

  • Case studies

  • Group discussions and activities

  • Practical exercises

  • Q&A sessions

  • Continuous learning support.

The program is aligned with the IIA recommendations.

Target audience

We welcome Heads of Audit, Senior Auditors, Senior Risk Managers, Governance Bodies Members, CEOs, Heads of Business Implementation, Business Leaders and Department Managers with at least three years’ experience in audit and/or business control of bank’s processes, operations, procedures and organisation.


Course Material

Please note that for environmental reasons no paper version of the training material will be provided for your training. The course material can be downloaded free of charge via your portal before the start of the course (download the Client Portal User’s Guide here ). You will be able to view it on the screen of your mobile device or print it if necessary. If your registration has been made by a training manager of your company please contact him/her so that he/she can give you access to it or send it to you.


For further questions please contact our partner in your country


Audit of internal governance using COSO ERM 2017 and COBIT 2019

The idea to combine different audit frameworks is really a great idea, we will all try to put that into practice in our daily jobs. In our bank we use COSO and internal control, for me the purpose was to see more opportunities to combine COSO ERM and cobit. The purpose is meant, now I will use it.  

Nataliia BORUKH  -  Ukraine