Part 3 syllabus

Domain I. Business Acumen (35%)

1. Organisational Objectives, Behavior, and Performance

A

Describe the strategic planning process and key activities (objective setting, globalisation and competitive considerations, alignment to the organisation's mission and values, etc.)

Basic

B

Examine common performance measures (financial, operational, qualitative vs. quantitative, productivity, quality, efficiency, effectiveness, etc.)

Proficient

C

Explain organisational behavior (individuals in organisations, groups, and how organisations behave, etc.) and different performance management techniques (traits, organisational politics, motivation, job design, rewards, work schedules, etc.)

Basic

D

Describe management’s effectiveness to lead, mentor, guide people, build organisational commitment, and demonstrate entrepreneurial ability

Basic

2. Organisational Structure and Business Processes

A

Appraise the risk and control implications of different organisational configuration structures (centralised vs. decentralised, flat structure vs. traditional, etc.)

Basic

B

Examine the risk and control implications of common business processes (human resources, procurement, product development, sales, marketing, logistics, management of outsourced processes, etc.)

Proficient

C

Identify project management techniques (project plan and scope, time/team/resources/cost management, change management, etc.)

Basic

D

Recognise the various forms and elements of contracts (formality, consideration, unilateral, bilateral, etc.)

Basic

3. Data Analytics

A

Describe data analytics, data types, data governance, and the value of using data analytics in internal auditing

Basic

B

Explain the data analytics process (define questions, obtain relevant data, clean/normalise data, analyse data, communicate results)

Basic

C

Recognise the application of data analytics methods in internal auditing (anomaly detection, diagnostic analysis, predictive analysis, network analysis, text analysis, etc.)

Basic

Domain II. Information Security (25%)

1. Information Security

A

Differentiate types of common physical security controls (cards, keys, biometrics, etc.)

Basic

B

Differentiate the various forms of user authentication and authorisation controls (password, two-level authentication, biometrics, digital signatures, etc.) and identify potential risks

Basic

C

Explain the purpose and use of various information security controls (encryption, firewalls, antivirus, etc.)

Basic

D

Recognise data privacy laws and their potential impact on data security policies and practices

Basic

E

Recognise emerging technology practices and their impact on security (bring your own device [BYOD], smart devices, internet of things [IoT], etc.)

Basic

F

Recognise existing and emerging cybersecurity risks (hacking, piracy, tampering, ransomware attacks, phishing attacks, etc.)

Basic

G

Describe cybersecurity and information security-related policies

Basic

Domain III. Information Technology (20%)

1. Application and System Software

A

Recognise core activities in the systems development lifecycle and delivery (requirements definition, design, developing, testing, debugging, deployment, maintenance, etc.) and the importance of change controls throughout the process

Basic

B

Explain basic database terms (data, database, record, object, field, schema, etc.) and internet terms (HTML, HTTP, URL, domain name, browser, click-through, electronic data interchange [EDI], cookies, etc.)

Basic

C

Identify key characteristics of software systems (customer relationship management [CRM] systems; enterprise resource planning [ERP] systems; and governance, risk, and compliance [GRC] systems; etc.)

Basic

2. IT Infrastructure and IT Control Frameworks

A

Explain basic IT infrastructure and network concepts (server, mainframe, client-server configuration, gateways, routers, LAN, WAN, VPN, etc.) and identify potential risks

Basic

B

Define the operational roles of a network administrator, database administrator, and help desk

Basic

C

Recognise the purpose and applications of IT control frameworks (COBIT, ISO 27000, ITIL, etc.) and basic IT controls

Basic

3. Disaster Recovery

A

Explain disaster recovery planning site concepts (hot, warm, cold, etc.)

Basic

B

Explain the purpose of systems and data backup

Basic

C

Explain the purpose of systems and data recovery procedures

Basic

Domain IV. Financial Management (20%)

1. Financial Accounting and Finance

A

Identify concepts and underlying principles of financial accounting (types of financial statements and terminologies such as bonds, leases, pensions, intangible assets, research and development, etc.)

 

B

Recognise advanced and emerging financial accounting concepts (consolidation, investments, fair value, partnerships, foreign currency transactions, etc.)

 

C

Interpret financial analysis (horizontal and vertical analysis and ratios related to activity, profitability, liquidity, leverage, etc.)

 

D

Describe revenue cycle, current asset management activities and accounting, and supply chain management (including inventory valuation and accounts payable)

 

E

Describe capital budgeting, capital structure, basic taxation, and transfer pricing

 

2. Managerial Accounting

A

Explain general concepts of managerial accounting (cost-volume-profit analysis, budgeting, expense allocation, cost- benefit analysis, etc.)

 

B

Differentiate costing systems (absorption, variable, fixed, activity-based, standard, etc.)

 

C

Distinguish various costs (relevant and irrelevant costs, incremental costs, etc.) and their use in decision making