Internal Auditing Practice
| Exam | Short | Domain | Focus | % | Themes | Topic | Details |
|---|---|---|---|---|---|---|---|
| Internal Audit Practice | Practice | 1 | Managing the Internal Audit Function | 40-50 | Strategic Role of Internal Audit | 1. Initiate, manage, be a change catalyst, and cope with change 2. Build and maintain networking with other organization executives and the audit committee 3. Organize and lead a team in mapping, analysis, and business process improvement 4. Assess and foster the ethical climate of the board and management 5. Educate senior management and the board on best practices in governance, risk management, control, and compliance 6. Communicate internal audit key performance indicators to senior management and the board on a regular basis 7. Coordinate IA efforts with external auditor, regulatory oversight bodies and other internal assurance functions 8. Assess the adequacy of the performance measurement system, achievement of corporate objective – Awareness Level (A) |
- - - - - Investigate and recommend resolution for ethics/compliance complaints, and determine disposition of ethics violations - Maintain and administer business conduct policy (e.g., conflict of interest), and report on compliance - - - |
| Operational Role of Internal Audit | 1. Formulate policies and procedures for the planning, organizing, directing, and monitoring of internal audit operations 2. Review the role of the internal audit function within the risk management framework 3. Direct administrative activities (e.g., budgeting, human resources) of the internal audit department 4. Interview candidates for internal audit positions 5. Report on the effectiveness of corporate risk management processes to senior management and the board 6. Report on the effectiveness of the internal control and risk management frameworks 7. Maintain effective Quality Assurance Improvement Program |
||||||
| Establish Risk-Based Internal Audit Plan | 1. Use market, product, and industry knowledge to identify new internal audit engagement opportunities | - | |||||
| 2. Use a risk framework to identify sources of potential engagements (e.g., audit universe, audit cycle requirements, management requests, regulatory mandates) | - | ||||||
| 3. Establish a framework for assessing risk | - | ||||||
| 4. Rank and validate risk priorities to prioritize engagements in the audit plan | - | ||||||
| 5. Identify internal audit resource requirements for annual IA plan | - | ||||||
| 6. Communicate areas of significant risk and obtain approval from the board for the annual engagement plan | - | ||||||
| 7. Types of engagements | a. Conduct assurance engagements a.1 Risk and control self-assessments a) Facilitated approach (1) Client-facilitated (2) Audit-facilitated b) Questionnaire approach c) Self-certification approach a.2 Audits of third parties and contract auditing a.3 Quality audit engagements a.4 Due diligence audit engagements a.5 Security audit engagements a.6 Privacy audit engagements a.7 Performance audit engagements (key performance indicators) a.8 Operational audit engagements (efficiency and effectiveness) a.9 Financial audit engagements b. Compliance audit engagements c. Consulting engagements c.1 Internal control training c.2 Business process mapping c.3 Benchmarking c.4 System development reviews c.5 Design of performance measurement systems |
||||||
| 2 | Managing Individual Engagement | 40-50 | Plan Engagement | 1. Establish engagement objectives/criteria and finalize the scope of the engagement 2. Plan engagement to assure identification of key risks and controls 3. Complete a detailed risk assessment of each audit area (prioritize or evaluate risk/control factors) 4. Determine engagement procedures and prepare engagement work program 5. Determine the level of staff and resources needed for the engagement 6. Construct audit staff schedule for effective use of time |
- | ||
| Supervise Engagement | 1. Direct / supervise individual engagements 2. Nurture instrumental relations, build bonds, and work with others toward shared goals 3. Coordinate work assignments among audit team members when serving as the auditor-in-charge of a project 4. Review work papers 5. Conduct exit conference 6. Complete performance appraisals of engagement staff |
- | |||||
| Communicate Engegement Results | 1. Initiate preliminary communication with engagement clients 2. Communicate interim progress 3. Develop recommendations when appropriate 4. Prepare report or other communication 5. Approve engagement report 6. Determine distribution of the report 7. Obtain management response to the report 8. Report outcomes to appropriate parties |
- | |||||
| Monitor Engagement Outcomes | 1. Identify appropriate method to monitor engagement outcomes 2. Monitor engagement outcomes and conduct appropriate follow-up by the internal audit activity 3. Conduct follow-up and report on management's response to internal audit recommendations 4. Report significant audit issues to senior management and the board periodically |
- | |||||
| 3 | Fraud Risks and Controls | 5-15 | Potential Fraud Risk | Consider the potential for fraud risks and identify common types of fraud associated with the engagement area during the engagement planning process | |||
| Fraud Consideration | Determine if fraud risks require special consideration when conducting an engagement | ||||||
| Fraud Investigation Consideration | Determine if any suspected fraud merits investigation | ||||||
| Control to Prevent Fraud | Complete a process review to improve controls to prevent fraud and recommend changes | ||||||
| Detect Fraud with Audit | Employ audit tests to detect fraud | ||||||
| Fraud Awareness | Support a culture of fraud awareness, and encourage the reporting of improprieties | ||||||
| Interrogation/Investigation | Interrogation/investigative techniques – Awareness Level (A) | ||||||
| Forensic Auditing | Forensic auditing – Awareness Level (A) |
See also: