Risk management and internal audit

Base Knowledge

Not applicable

Teaching Methodologies

Lecture, resolution of exercises and application and discussion of case studies.

Learning Results

Provide students with theoretical and practical knowledge of management systems in the public sector, through risk-based thinking and a systematic approach to the assessment of risk management, control and governance processes.

To provide risk management tools and methodologies that will articulate with the function of monitoring the management systems, the internal audit, making it possible to face the legal requirements and the new paradigm of public management. Recognize and evangelize that Internal Audit, as an integral part of the PDCA cycle, assumes a decisive role in favor of transparency and accountability in public management.

It also aims to provide a sustained basis of study for internal auditors who intend to apply for the IIA’s CIA (Certified Internal Auditor) and CRMA (Certification in Risk Management Assurance) professional certification.


1 – Corporate governance in the Public Sector and the framework for risk management and internal auditing.

2 – Risk management in Management systems and the pillar of risk-based thinking: references, models, systems and tools (FERMA/ERM and ISO): Concept, objective, processes and system; Risk types and identification and analysis techniques; Monitoring and reporting.

3 – The importance of KRI’s (Key Risk Indicators) and action plans.

4 – Framework of Internal Audit in a Public entity and as a monitoring function that is part of the PDCA cycle: (Concept, objective, Evolution and types)

5 – Guiding principles for the practice of internal audit (Code of Ethics and Standards)

Auditor profile, training and professional certification

6- Creation, organization and certification of the internal audit function

7 – The internal audit and COSO´frameworks

8 – Internal audit in an anti-fraud policy in conjunction with the Risk Management Plans.

9 – The AI ​​process: IT for the audit; the risk in Internal Audit; the planning, execution and communication of results; Follow-up and AI assessment: KPI’s (Key Performance Indicators)

10 – Internal Audit by areas / processes of a public entity

Curricular Unit Teachers




MORAIS, Georgina e MARTINS, Isabel (2013), Auditoria Interna – Função e processo, 4ª edição, Lisboa, Áreas Editora
COSO (2017), ERM Framework Update – Enterprise Risk Management – Integrated Framework; 2017
Committee of Sponsoring Organizations of the Treadway Commission (COSO); Internal Control- Integrated Framework; 2013
IIA, (2019), International Profesional Pratices Framework (IPPF), IIA, Janeiro de 2019,
IPQ, (2019), NP EN 31000 – Gestão do risco: Princípios e linhas de orientação
IPQ, (2016) NP EN 31010 – Gestão do risco: Técnicas de apreciação do risco
FERMA-Federation of European Risk Management Associations (2003), A norma de Gestão de Risco
CPC, Recomendações do CPC- Conselho de Prevenção de Corrupção
IPQ , (Normas 9001 e 14001 dos Sistemas de Gestão da Qualidade e Ambiente)
Chambers, Richard; (2020); The Speed of Risk: Lessons Learned on the Audit Trail, 2ND EDITION; IIA
Sobel, P.; (2018); Managing Risk in Uncertain Times: Leveraging COSO’S New ERM Framework; IIA
BRASILIANO, António C.R., (2015), Gestão de Risco de fraude, São Paulo, Sicurezza Editora
MOELLER, R.R., (2015) Brink’s Modern Internal Auditing: A Common Body of Knowledge: Seventh Edition, Wiley & Sons, Ltd
PICKETT, K.H. Spencer, (2015), Audit Planning: A Risk-Based Approach, Wiley & Sons, Ltd
SOBEL, Paul J. (2015), Auditor’s Risk Management Guide: Integrating Auditing and ERM