Root Cause Analysis & Culture – Training & Events

Current Open Course Dates:

Risk & Assurance Insights
quoteThank you so much for what has been an extremely valuable training course! The delivery of the training was exceptional and your generous and professional sharing of Pharma knowledge and experience made for a very enriching experience. You did a great job making the material relevant and keeping things interesting… we had multiple comments from participants about how much they enjoyed and found the course beneficial.


Course Details:

  • Auditing Culture

    Open and in-house

    Risk and control issues are increasingly attributed to cultural weaknesses. This course will examine what we mean by culture, how this differs from the control environment and behaviour, and how to approach culture in a practical way. However, auditors should understand this course will not “sell” a particular approach to auditing culture, but rather it will equip auditors to be able to think practically about how to think about cultural and behavioural issues.

    Who should attend?

    Heads of internal audit and audit managers.

    What will I learn?

    Upon completion you will be able to:

    • Understand the key elements of culture and the different foundations to assess this
    • Understand the difficulties in any assessment methodology including issues around sub-cultures and behaviours
    • Consider the way culture interacts with other governance, risk, assurance and compliance processes
    • Understand the different ways to approach a cultural audit
    • Understand robust ways to think about culture when auditing other matters
    • Rethink your approach to accountabilities and root cause analysis
    • Understand latest guidance from various sources in the UK and EU

    Course programme

    • Definitions
      • Definitions and models of culture – understanding that culture is not “soft”
    • Where does culture come from?
      • The psychology of decision making and how this may be influencing culture
      • Sub-cultures – country cultures and behaviours
      • Group dynamics and politics
      • Taking a systemic approach to understanding organisational levers that influence culture
      • Differences between the espoused and real culture – understanding defensive routines.
    • Why is culture hard to measure
      • Biases surrounding staff surveys of culture – question selection, responses and action planning
      • The link between risk appetite and risk culture and the problem of finding suitable criteria when looking into cultural issues.
    • Understand the IIA guidance on auditing culture (which James contributed to)
    • Practical approaches and good practices
      • Paying attention to audit behaviours and management attitude towards audits
      • Root cause analysis and culture
      • Thinking about the culture of the internal audit team and how it inter-relates with organisational culture
      • Thinking critically how to deal with external consultants
      • Practical first steps
    • Looking ahead
      • Recognising the limits of internal audit in this area – the risk of taking on a management role and of false assurance
      • Models of organisational effectiveness that can be used as a way of approaching cultural issues.

    For more information email James Paterson

  • Root Cause Analysis (RCA)

    Open and in-house

    This workshop is for experienced internal audit staff, managers and HIAs who want to look at best practices around analysing the root causes of their audit findings. Associated with this is the question of how to analyse themes from audit assignments in order to reveal key underlying problems in governance, risk and compliance that may need senior management or board attention.

    Who should attend?

    Experienced auditors, audit managers and heads of internal audit.

    What will I learn?

    Upon completion you will be able to:

    • Understand the real reasons for audit issues, not just the symptoms and recognise that there is no such thing as “one root cause”
    • Understand how to use a range of key Root cause analysis techniques – 5 whys, Fishbone, the Logic tree and Bowtie
    • Propose remediation that is likely to provide sustainable long-term improvements to governance, risk and compliance
    • Get a clearer sense of how audit methodology can be improved in order to deliver more robust and consistent root cause analysis, and recognise these enhancements will not purely arise in assignment execution, but also in assignment planning
    • Support writing shorter and more impactful reports – better root cause analysis is likely to reduce the number of findings in an audit report

    Course programme

    • Understand various IIA guidance on Root cause analysis (which James contributed to)
    • Four key RCA techniques and how they complement one another
    • Multiple case studies
    • Learn the latest on Root cause categories and how these can be used to better analyse audit trends – learn how many “common categories” are flawed and also understand how root cause themes often operate in pairs or trios (not purely on their own)
    • Practical action steps
    • Including leveraging Root cause analysis for assignment planning and reporting

    For more information email James Paterson

  • Bespoke in-house

    Seminar Focus and Features

    In this intensive, highly interactive three-day seminar you will review internal audit best practices and apply them to auditing in the pharmaceuticals sector. You will see for yourself how auditing in the pharmaceuticals sector can benefit from practices in other sectors, and identify the critical “hot spots” for pharmaceuticals risks and audit areas, including key sales and marketing compliance principles under EFPIA, US PhRMA, and FCPA. You will also learn where your audits need to be approached differently to meet other risk and regulatory requirements.

    Using case studies and practical examples, you will leverage your experience (whether in audit or elsewhere) and apply this to auditing in the pharmaceuticals environment. Throughout the seminar you will have the opportunity to develop a road map for improvement that will enable you to implement beneficial changes to existing practices in your organization.

    What You Will Learn

    • Key General Governance, Internal Audit, Risk and Compliance Developments
      • learning from the financial crisis
      • key Pharma issues in recent years
    • Overseeing the universe of risks through a value-Chain Approach
      • understanding value-chain principles
      • applying these principles to Pharma
    • Where Auditing Pharma Is the Same as Other Sectors and Where It Is Different
    • Risk Hot Spots in Pharma and Elsewhere: Considering Best-Practices Risk and Control Solutions
      • sales and marketing practices
      • GXP risk areas
      • corporate functions and reputation management
      • Case study: Mapping these considerations to your organization
    • Implications for Audit Planning
      • hallmarks of a good audit plan
      • key areas to cover in Pharma and how to present them to key stakeholders
    • Assignment Management: Translating Key Risks into Assignment Specifics Without Losing Focus
    • Sales and Marketing Compliance
      • key principles within major codes: EEPIA, US PhRMA, FCPA
      • the elements of an effective compliance program
      • best-practice approaches
      • current hot spots
    • Working with Compliance Functions
      • working with compliance functions to share information
      • the importance of role clarity between these functions
    • Tips for Auditing Overseas Units
      • compliance and risk governance in overseas units
      • cultural differences
    • Tips for Interfacing with GCP and GMP Functions
      • best-practice thinking on roles between audit and compliance
      • how to coordinate assurance/assurance mapping
      • critical building blocks
      • joined-up planning
    • Risks and Controls in Research and Development
      • portfolio management: clinical, regulatory compliance
      • headline risk areas and processes
      • potential hot spots
      • auditing tips
    • Manufacturing
      • supply chain management: outsourcing and third-party
      • business continuity
      • safety, health and environmental risk management
      • risk areas and processes
      • hot spot review
    • IS/IT Privacy and Information Security
      • IS/IT: an increasingly important bedrock for control
      • risk governance challenges and best practices: including the appropriate role for Internal Audit
      • risk hot spots: including privacy and information security
    • Finance, Including Shared Service Centers
      • best practice risk and control mapping
      • finance and audit role boundaries
    • Corporate Functions, including Legal, Investor Relations, HR and PR 
      • excluding HR, functions that IA generally does not review in depth.
      • considering key risks
      • auditing tips

    Dates on request UK, Europe or US
    For more information email James Paterson

  • Strategy and Strategic Risks – How to manage and assure these

    Bespoke in-house

    This 1-2 day workshop, running since 2015, is for managers, risk professionals and audit and assurance professionals who want to look afresh at the way strategic risks are being managed and how to effectively assure these will deliver. This course has been delivered in Belgium, Norway, Sweden and Mauritius.

    This workshop provides an ideal introduction to the complex subject of the management of strategic risks and how to assure / audit key strategic risks.

    Topics include:

    • Definitions of strategy and types of strategy
    • Why the management of strategic risks is so important
    • Some of the key ways that the management of strategic risks can go wrong
    • Strategic decision making biases
    • Behavioural risk
    • Problems with monitoring strategy
    • How to assure / audit strategic risks
      • Uncovering the unintended effects of strategic choices
      • Developing appropriate criteria for assurance and audit work to enable action to be generated

    For more information email James Paterson

  • Risk Based Internal Auditing

    Open and in-house

    This 1-3 day workshop, running since 2012, that will be useful for any audit or assurance staff who want to better focus their audit efforts on the things that matter and properly implement required IIA ways of working.

    This workshop has been delivered for various local authorities in England and Scotland, as well as in the financial industry.

    It covers:

    • Key principles of risk based auditing and how to apply this in practice
    • Using risk management information and advise management on the identification, mitigation and control of risks
    • How to improve the scoping of audit and assurance assignments
    • How best to use risk control frameworks to deliver “reasonable assurance”
    • Calibrating observations so they are in tune with the key risks and concerns of management
    • Upcoming courses 5-6 April 2017 IIA Bulgaria in Sofia

    For more information email James Paterson

  • Audit Best practices and the IIA (Professional Practices Framework) PPF 2017

    Open and in-house

    This new 2-3 day workshop is aimed at senior auditors, audit managers and heads of audit and allows the opportunity to review the new IIA PPF, as well as to look at key areas of good and leading practice, particularly around audit co-ordination and the selection and use of GRC and Audit tools.

    Topics covered include:

    • An overview of the new IIA PPF
    • Adding value and advisory assignments
    • Audit planning – based on risks and assurances
    • Assurance co-ordination and reliance on the work of others
    • Selecting and implementing GRC tools (such as BWise, Metric-stream etc.)
    • Driving audit assignment productivity and the selection and use of audit software (such as TeamMate, Galileo, MK Insight)
    • Best practice reporting, including trend analysis
    • 2-day workshop for IIA Latvia in Riga 8-9 February 2017
    • 2-day workshop for the IIA Norway Oslo 22-23 March 2017

    For more information email James Paterson

Join our mailing list

We will keep you updated with news and events.


Contact and appointments:

Risk & Assurance Insights
T: +44 (0)7802 868914

Please also use our contact form