Practitioner

Overview

Those at practitioner level should have a developed understanding of what internal audit involves, including how to utilise essential audit tools. Your remit includes but is not limited to: documenting processes, and assessing/evaluating the effectiveness of governance, risk management and internal control within functions across an organisation. Your other development areas range from measuring effectiveness to building and strengthening relationships with senior managers and non-executive directors. 

Typical responsibilities

Knowledge

Skills

Behaviours

Auditing business functions

Got a question?


Typical responsibilities 

Practitioner-level auditors should have an intermediate grasp of the profession and be able to apply that knowledge to their roles. Your responsibilities will include but not be limited to: 

  • Researching the activities being audited by spending time with the area of the organisation being audited
  • Data gathering, analysis and interpretation through face to face, email and other forms of data gathering practices used in the organisation
  • Documenting the business process and control environment through process mapping, e.g. flow-charting, and validating the process via a ‘walkthrough’
  • Identifying and evaluating the associated governance, risks and controls through mapping against governance policy set out in the organisation
  • Reviewing the documented internal risk processes including any documented management controls in place as set out by the business
  • Performing tests and analyse to evaluate the effectiveness of controls (i.e. do the controls protect the organisation against potential risks, as identified by the organisation, management or internal control functions)
  • Identifying vulnerabilities and exposures
  • Communicating the results of their audit work to audit management

Knowledge

1. Commercial awareness

IA Practitioners will understand the internal and external environment of the organisation being audited.

Relevant guidance

IPPF elements 

Conducting an interview – top tips


2. Corporate governance and risk management

IA Practitioners will demonstrate an awareness of the characteristics of good corporate governance and risk management, and the role of internal audit, and will be able to assess the contribution they make to organisational effectiveness and assurance.

Relevant guidance

Auditing corporate governance

Legal and regulatory

Update to the UK’s Corporate Governance Code

What is good Corporate Governance

What every director should know 2015 – research report


3. Organisational business processes

IA Practitioners will have an understanding of their organisation’s strategy and success measures and be cognisant of how their work contributes to the success of the function/organisation’s industry.

Relevant guidance

Managers acknowledging risk

Consultancy engagements

Delivering internal audit findings

How to write in plain English

Effective risk-based auditing – you asked us

Following up recommendations/management actions

How to approach unfamiliar areas of work

How to gather and evaluate information

How to plan an audit engagement

Top-tips: engagement planning

Conducting an interview – top tips


4. Risk and control/audit methodology

IA Practitioners will know the different types of controls, management control techniques, and internal control framework characteristics. 

Relevant guidance

Control

IG2130 Control

Position paper: The three lines of defence

Organisational culture

Auditing culture

Models and tools

Practical examples

Research report: Culture

 

Top tips – making culture part of your audit DNA

Managing reputation risk

Processes

Risk maturity assessment 

 

Risk appetite – concept and theory

Risk appetite – the board’s role

Risk appetite – the role of internal audit

Risk based internal auditing

Production of the internal audit plan

Doing the audit

Benefits and drawbacks 

Standards for managing risks

 Writing about risk

Cyber risk

Cyber security

Managers acknowledging risk

IG2120 Risk management 


Skills

1. Building relationships

IA Practitioners will build sustainable relationships based on trust and respect, within their function and with stakeholders, on an audit by audit basis.

Relevant guidance

Difficult clients

Root cause analysis

Delivering internal audit findings

Communication skills

Risk appetite – concept and theory

Risk appetite – the board’s role

Risk appetite – the role of internal audit

Insight and internal audit

IG 1120 Individual objectivity

IG1200 Proficiency and due professional care


2. Communication

IA Practitioners will communicate clearly and succinctly both verbally and in writing.

Relevant guidance

Difficult clients

Presentation skills – top tips

Meeting stakeholder expectations – top tips

Conducting an interview – top tips

Insight and internal audit

Communication skills

Risk maturity assessment

Working papers - top tips

Delivering internal audit findings

Writing in plain English

Writing about risk


3. Collaboration

IA Practitioners will collaborate effectively with other audit colleagues to gain understanding and insights to inform audits and gather data to deliver results and will be team players.

Relevant guidance

Position paper: Internal audit’s relationship with external audit

How internal audit works with the audit committee

How to gather and evaluate information

Working with stakeholders

Meeting stakeholder expectations – top tips


4. Data analysis

With guidance, IA Practitioners will select and use tools/techniques to obtain relevant data/information for specific audit assignments.

Relevant guidance

Root cause analysis

Audit universe

How to derive an IT audit universe

Cloud computing

Cyber security

Computer assisted audit techniques (CAATs)

Data analytics, data mining and big data

Sampling


5. Time management

IA Practitioners will manage their time effectively to deliver high quality work within appropriate timelines to deliver their audit assignments and other work requirements.

Relevant guidance

Lean auditing

Why audits take longer than the time allocated?


6. Systems and IT skills

IA Practitioners will be proficient in the use appropriate business systems and software e.g. sending emails, using word processing and spreadsheet software, documenting workpapers using an organisation’s appropriate audit systems etc.

Relevant guidance

Using internal audit software – top tips

Research report: Data analytics

Computer assisted audit techniques (CAATs)

Audit universe

How to derive an IT audit universe

Auditing spreadsheets

Cloud computing

Cyber security

Data analytics, data mining and big data

Impact of digitisation on the internal audit activity

Social engineering


7. Business acumen

IA Practitioners interpret/articulate key risks impacting organisation/wider industry.

Relevant guidance 

Risk appetite – concept and theory

Risk appetite – the board’s role

Risk appetite – the role of internal audit

Risk maturity assessment

Production of the internal audit risk-based plan

Coordination of assurance services

Effective risk-based auditing – you asked us

 


Behaviours

1. Ethics and integrity

IA Practitioners will act with integrity to their profession and the ethical code of conduct of their organisation/auditee.

Relevant guidance

Accepting gifts and hospitality 

Anti-money laundering 

Bribery Act 2010

UK Bribery Act – adequate procedures

Modern Slavery Act 2015

Modern Slavery and Human Trafficking annual statements 


2. Adding value/continuous improvement

IA Practitioners will add value to the organisation/department they are auditing by proactively sharing issues identified during their audit work with their line manager.

Relevant guidance

Position paper: Independence and objectivity

Position paper: Internal audit and corrupt practices

Internal audit document retention

Internal audit manual – you asked us

Insight and internal audit

Consultancy engagements

Delivering internal audit findings

Following up recommendations/management actions

Developing audit competencies


3. Professional development

IA Practitioners will take responsibility for their own professional development by seeking out opportunities to learn and grow.

Relevant guidance

Operational responsibilities – you asked us

IG1230 Continuing professional development

IG1210 Proficiency


4. Proactive and adaptable

IA Practitioners will demonstrate drive and energy to get the job done and an open mindset in all their audit work, able to adapt in changing circumstances.

Relevant guidance

Effective risk-based auditing – you asked us

Lean auditing

IG2200  Engagement planning

IG2201  Planning considerations

IG2210  Engagement objectives

IG2220  Engagement scope


5. Professional scepticism

IA Practitioners will demonstrate an attitude that includes a questioning mind and being alert to conditions that may indicate possible misstatement of information due to error or fraud.

Relevant guidance

How to gather and evaluate information

Insight and internal audit

Position Paper: the three lines of defence

Communication skills

Whistleblowing


Auditing business functions

In addition to specific guidance to meet the needs of internal auditors at the various stages of their career, there is a generic range of functions and subject areas that inform all levels of our competence framework.

Read more


Got a question?

Our technical team are on-hand to answers any questions you may have, whether that be in relation to your skill-level or a specific piece of guidance.

Get in touch

Content reviewed: 19 August 2019