Internal Auditor of Fraud Control Management Systems (ISO 37003, ISO 19011)

This online course provides the essential knowledge and skills required to conduct internal audits of Fraud Control Management Systems (FCMS) in line with the ISO 37003:2025 guidance and ISO 19011:2018.

Participants will gain insight into the key components of an FCMS, including: organizational context, fraud risk management, policies and procedures, leadership, documentation, fraud indicators, response measures, and continual improvement. Special emphasis is placed on the role of internal auditors in planning, conducting, and documenting audits, preparing reports, and monitoring corrective actions. Case studies and sample documents will enable participants to apply theoretical knowledge in practice. The training content is divided into modules, ensuring a structured and effective learning process.

Course program
Application

Duration

36 hours

Language

English/Ukrainian

Format

100% online

Course objective

The aim of the course “Internal Auditor of Fraud Control Management Systems (ISO 37003, ISO 19011)” is to provide knowledge and practical skills for performing effective internal audits. The course combines the ISO 37003:2025 guidance on developing and assessing fraud control systems with the ISO 19011:2018 requirements for audit planning, execution, reporting, and follow-up.

Participants will work with standard provisions, case studies, document samples, and practical tools that enhance system effectiveness and reinforce a culture of integrity within the organization. They will acquire hands-on skills to conduct internal audits as a key mechanism for system improvement.

Learning Outcomes

  • Understand the purpose and content of ISO 37003 as a framework for systematic fraud prevention, detection, and response.
  • Differentiate between internal, external, and organizational fraud risks, and assess their impact on the company.
  • Conduct internal reviews: prepare interview questions, analyze documents, and identify fraud indicators.
  • Apply risk-based and evidence-based approaches to audit planning and execution.
  • Plan and conduct internal audits in line with ISO 19011 requirements, tailored to the FCMS.
  • Prepare audit reports, identify nonconformities, and initiate corrective actions to strengthen the system.

Target audience

  • Compliance officers and FCMS managers — responsible for maintaining the system and reporting to top management.
  • Internal auditors — who evaluate the effectiveness of processes, policies, and procedures.
  • Risk management, security, and internal control specialists — who integrate control measures into business processes.
  • Top management and legal/compliance functions — who make decisions on corrective actions and enforce a “zero tolerance” policy.

Document on completion

Upon completion, participants will receive an Internal Auditor of FCMS Certificate, registered in the International SIC Register.

Thematic plan

The course program includes 2 modules:

Module I — Fraud Control Management System (ISO 37003)

Module II — Internal Audit (ISO 19011)

Duration (approx.): 36 hours

 

Objectives

Module 1 Compliance management systems (ISO 37301)
Module I — Fraud Control Management System (ISO 37003)
# Content hours
1

Introduction

  • Types of fraud
  • ISO 37003 as a systemic anti-fraud solution
  • Standard structure and terminology
 1
2

Organizational Context as a Fundamental Basis of the SSM

  • Definition and Analysis of the Internal and External Environments and Stakeholders
  • Scope of the System
  • Fraud Risk Assessment (Early Indicators and Controls)
 2
3

Leadership is the driving force of the system

  • The role of the governing body in the SMP
  • What should the policy be? Comparing approaches
  • Roles in the system: fraud control, information security and internal audit functions
 1
4

Risk-Based Planning

  • Managing Compliance Risks and Opportunities
  • Setting IMS Objectives
  • Planning for Change
 2
5

Support — SMPSH resource base

  • Finance and IT solutions
  • Providing competence
  • Awareness of staff, business partners, contractors
  • Levels of communication in SMPSH
  • Creation, updating and control of documents
 2
6

Operational activities – practical mechanisms for combating fraud

  • Identification and assessment of fraud risks
  • Prevention and control measures
  • Identification of incidents and suspicious transactions
  • Responding to fraud cases (immediate action, investigation, disciplinary measures)
  • External and internal reporting, records and analysis
  • Consideration of impact on stakeholders and improvement of controls
 6
8

Performance review – does the system really work?

  • Measurement and monitoring of performance indicators
  • Internal audits of the SMP (program, implementation)
  • External audits and interaction with independent auditors
  • Management review: inputs, results, decisions
 2
9

System Improvement – Anti-Fraud Culture

  • Continuous Improvement
  • Non-Conformance and Corrective Action
 1
10 Testing 1
 
Module II — Internal Audit (ISO 19011)
# Content hours
1

Classification and objectives of an audit

  • Types of audits: internal, external, certification, supervisory
  • Objectives of an internal audit: confirmation of the system’s compliance with standards and internal policies; assessment of the effectiveness of processes and procedures; identification of areas for improvement
  • Practical aspects
 3
2

Audit terminology and principles

  • Key concepts according to ISO 19011 (evidence, criteria, conclusions)
  • Audit principles: impartiality, competence, systematicity
  • Ethical aspects and confidentiality
 4
3

Audit Program Management

  • Audit Program Planning
  • Selection and Prioritization
  • Audit Sampling
  • Assignment of Roles and Resources for Audits
 3
4

Audit Conduction and Reporting

  • Preparation of Audit Plan
  • Information Collection Methods (Interviews, Document Review, Observations)
  • Formulation of Conclusions and Recommendations
  • Structure and Requirements for the Audit Report
 4
5

Competence and personal qualities of an auditor

  • Professional knowledge and skills for an auditor
  • Personal qualities: objectivity, criticality, sociability
  • Development of competencies: training, experience, continuous improvement
 2
6 Testing 1
7 Case review 1