Part 2 syllabus

Domain I: Managing the Internal Audit Activity (20%)

1. Internal Audit Operations

A

Describe policies and procedures for the planning, organising, directing, and monitoring of internal audit operations

Basic

B

Interpret administrative activities (budgeting, resourcing, recruiting, staffing, etc.) of the internal audit activity

Basic

2. Establishing a Risk-based Internal Audit Plan

A

Identify sources of potential engagements (audit universe, audit cycle requirements, management requests, regulatory mandates, relevant market and industry trends, emerging issues, etc.)

Basic

B

Identify a risk management framework to assess risks and prioritise audit engagements based on the results of a risk assessment

Basic

C

Interpret the types of assurance engagements (risk and control assessments, audits of third parties and contract compliance, security and privacy, performance and quality audits, key performance indicators, operational audits, financial and regulatory compliance audits)

Proficient

D

Interpret the types of consulting engagements (training, system design, system development, due diligence, privacy, benchmarking, internal control assessment, process mapping, etc.) designed to provide advice and insight

Proficient

E

Describe coordination of internal audit efforts with the external auditor, regulatory oversight bodies, and other internal assurance functions, and potential reliance on other assurance providers

Basic

3. Communicating and Reporting to Senior Management and the Board

A

Recognise that the chief audit executive communicates the annual audit plan to senior management and the board and seeks the board's approval

Basic

B

Identify significant risk exposures and control and governance issues for the chief audit executive to report to the board

Basic

C

Recognise that the chief audit executive reports on the overall effectiveness of the organisation's internal control and risk management processes to senior management and the board

Basic

D

Recognise internal audit key performance indicators that the chief audit executive communicates to senior management and the board periodically

Basic

Domain II: Planning the Engagement (20%)

1. Engagement Planning

A

Determine engagement objectives, evaluation criteria, and the scope of the engagement

Proficient

B

Plan the engagement to assure identification of key risks and controls

Proficient

C

Complete a detailed risk assessment of each audit area, including evaluating and prioritising risk and control factors

Proficient

D

Determine engagement procedures and prepare the engagement work program

Proficient

E

Determine the level of staff and resources needed for the engagement

Proficient

Domain III. Performing the Engagement (40%)

1. Information Gathering

A

Gather and examine relevant information (review previous audit reports and data, conduct walkthroughs and interviews, perform observations, etc.) as part of a preliminary survey of the engagement area

Proficient

B

Develop checklists and risk-and-control questionnaires as part of a preliminary survey of the engagement area

Proficient

C

Apply appropriate sampling (non-statistical, judgmental, discovery, etc.) and statistical analysis techniques

Proficient

2. Analysis and Evaluation

A

Use computerised audit tools and techniques (data mining and extraction, continuous monitoring, automated workpapers, embedded audit modules, etc.)

Proficient

B

Evaluate the relevance, sufficiency, and reliability of potential sources of evidence

Proficient

C

Apply appropriate analytical approaches and process mapping techniques (process identification, workflow analysis, process map generation and analysis, spaghetti maps, RACI diagrams, etc.)

Proficient

D

Determine and apply analytical review techniques (ratio estimation, variance analysis, budget vs. actual, trend analysis, other reasonableness tests, benchmarking, etc.)

Basic

E

Prepare workpapers and documentation of relevant information to support conclusions and engagement results

Proficient

F

Summarise and develop engagement conclusions, including assessment of risks and controls

Proficient

3. Engagement Supervision

A

Identify key activities in supervising engagements (coordinate work assignments, review workpapers, evaluate auditors' performance, etc.)

Basic

Domain IV. Communicating Engagement Results and Monitoring Progress (20%)

1. Communicating Engagement Results and the Acceptance of Risk

A

Arrange preliminary communication with engagement clients

Proficient

B

Demonstrate communication quality (accurate, objective, clear, concise, constructive, complete, and timely) and elements (objectives, scope, conclusions, recommendations, and action plan)

Proficient

C

Prepare interim reporting on the engagement progress

Proficient

D

Formulate recommendations to enhance and protect organisational value

Proficient

E

Describe the audit engagement communication and reporting process, including holding the exit conference, developing the audit report (draft, review, approve, and distribute), and obtaining management's response

Basic

F

Describe the chief audit executive's responsibility for assessing residual risk

Basic

G

Describe the process for communicating risk acceptance (when management has accepted a level of risk that may be unacceptable to the organisation)

Basic

2. Monitoring Progress

A

Assess engagement outcomes, including the management action plan

Proficient

B

Manage monitoring and follow-up of the disposition of audit engagement results communicated to management and the board

Proficient