Anton Golikov's Audit at fingertips - RCM and testing strategies

In this lecture, we explore the Risk Control Matrix (RCM) and its role in audit planning, control assessment, and testing program development.

The session explains how an RCM connects processes, risks, controls, control owners, assigned auditors, assessment results, testing programs, testing conclusions, and exceptions. We also look at why the RCM is often considered the heart of the audit file and how it supports both Design Effectiveness Assessment (DEA) and Operating Effectiveness Testing (OET).

You will also learn:

The purpose and structure of a Risk Control Matrix
How risks are mapped to controls
What information is typically included in an RCM
How RCMs support audit planning and walkthroughs
The link between risk scenarios and testing programs
Why auditors should only test scenarios that can potentially lead to an issue
Practical examples of control and testing logic

This lecture is designed for internal auditors, risk and control professionals, compliance specialists, and anyone learning how audit workpapers and testing programs are structured in practice.

📌 By the end, you will understand how to:

Use an RCM to organize audit work
Connect risks, controls, testing, and exceptions
Develop meaningful risk scenarios
Build testing programs that support clear audit conclusions

🔗 Learn More About Anton:
Anton Golikov CIA, CISA, CISSP, CRMA, CRISC
Connect with Anton on LinkedIn: https://www.linkedin.com/in/anton-golikov-33488951/

🔔 Don't forget to like, comment, and subscribe for more insights on risk management and process optimization.

Видео Anton Golikov's Audit at fingertips - RCM and testing strategies канала Anton Golikov