1. Internal Audit Operations |
||
A |
Describe policies and procedures for the planning, organising, directing, and monitoring of internal audit operations |
Basic |
B |
Interpret administrative activities (budgeting, resourcing, recruiting, staffing, etc.) of the internal audit activity |
Basic |
2. Establishing a Risk-based Internal Audit Plan |
||
A |
Identify sources of potential engagements (audit universe, audit cycle requirements, management requests, regulatory mandates, relevant market and industry trends, emerging issues, etc.) |
Basic |
B |
Identify a risk management framework to assess risks and prioritise audit engagements based on the results of a risk assessment |
Basic |
C |
Interpret the types of assurance engagements (risk and control assessments, audits of third parties and contract compliance, security and privacy, performance and quality audits, key performance indicators, operational audits, financial and regulatory compliance audits) |
Proficient |
D |
Interpret the types of consulting engagements (training, system design, system development, due diligence, privacy, benchmarking, internal control assessment, process mapping, etc.) designed to provide advice and insight |
Proficient |
E |
Describe coordination of internal audit efforts with the external auditor, regulatory oversight bodies, and other internal assurance functions, and potential reliance on other assurance providers |
Basic |
3. Communicating and Reporting to Senior Management and the Board |
||
A |
Recognise that the chief audit executive communicates the annual audit plan to senior management and the board and seeks the board's approval |
Basic |
B |
Identify significant risk exposures and control and governance issues for the chief audit executive to report to the board |
Basic |
C |
Recognise that the chief audit executive reports on the overall effectiveness of the organisation's internal control and risk management processes to senior management and the board |
Basic |
D |
Recognise internal audit key performance indicators that the chief audit executive communicates to senior management and the board periodically |
Basic |
1. Engagement Planning |
||
A |
Determine engagement objectives, evaluation criteria, and the scope of the engagement |
Proficient |
B |
Plan the engagement to assure identification of key risks and controls |
Proficient |
C |
Complete a detailed risk assessment of each audit area, including evaluating and prioritising risk and control factors |
Proficient |
D |
Determine engagement procedures and prepare the engagement work program |
Proficient |
E |
Determine the level of staff and resources needed for the engagement |
Proficient |
1. Information Gathering |
||
A |
Gather and examine relevant information (review previous audit reports and data, conduct walkthroughs and interviews, perform observations, etc.) as part of a preliminary survey of the engagement area |
Proficient |
B |
Develop checklists and risk-and-control questionnaires as part of a preliminary survey of the engagement area |
Proficient |
C |
Apply appropriate sampling (non-statistical, judgmental, discovery, etc.) and statistical analysis techniques |
Proficient |
2. Analysis and Evaluation |
||
A |
Use computerised audit tools and techniques (data mining and extraction, continuous monitoring, automated workpapers, embedded audit modules, etc.) |
Proficient |
B |
Evaluate the relevance, sufficiency, and reliability of potential sources of evidence |
Proficient |
C |
Apply appropriate analytical approaches and process mapping techniques (process identification, workflow analysis, process map generation and analysis, spaghetti maps, RACI diagrams, etc.) |
Proficient |
D |
Determine and apply analytical review techniques (ratio estimation, variance analysis, budget vs. actual, trend analysis, other reasonableness tests, benchmarking, etc.) |
Basic |
E |
Prepare workpapers and documentation of relevant information to support conclusions and engagement results |
Proficient |
F |
Summarise and develop engagement conclusions, including assessment of risks and controls |
Proficient |
3. Engagement Supervision |
||
A |
Identify key activities in supervising engagements (coordinate work assignments, review workpapers, evaluate auditors' performance, etc.) |
Basic |
1. Communicating Engagement Results and the Acceptance of Risk |
||
A |
Arrange preliminary communication with engagement clients |
Proficient |
B |
Demonstrate communication quality (accurate, objective, clear, concise, constructive, complete, and timely) and elements (objectives, scope, conclusions, recommendations, and action plan) |
Proficient |
C |
Prepare interim reporting on the engagement progress |
Proficient |
D |
Formulate recommendations to enhance and protect organisational value |
Proficient |
E |
Describe the audit engagement communication and reporting process, including holding the exit conference, developing the audit report (draft, review, approve, and distribute), and obtaining management's response |
Basic |
F |
Describe the chief audit executive's responsibility for assessing residual risk |
Basic |
G |
Describe the process for communicating risk acceptance (when management has accepted a level of risk that may be unacceptable to the organisation) |
Basic |
2. Monitoring Progress |
||
A |
Assess engagement outcomes, including the management action plan |
Proficient |
B |
Manage monitoring and follow-up of the disposition of audit engagement results communicated to management and the board |
Proficient |