Section A. Engagement Planning (50%)

• Determine engagement objectives and scope
• May include but is not limited to:
  • Recognize how to apply Topical Requirements when determining objectives and scope
  • Recognize elements to be considered in the development of engagement objectives, including regulatory requirements; the organization’s strategy and objectives; governance, risk management, and control processes; risk appetite and tolerance; internal policies; previous audit reports; work of other assurance providers; and whether the engagement is intended to provide assurance or advisory services
  • Identify and document relevant scope limitations during planning
  • Evaluate approaches for managing and documenting stakeholder requests
  • Identify effective methods for addressing changes in objectives and scope
• Determine evaluation criteria based on relevant information gathered
• May include but is not limited to:
  • Identify the most relevant criteria for evaluating the activity under review
  • Determine whether a set of evaluation criteria is specific, practical, relevant, aligned with the objectives of the organization and the activity under review, and produces reliable comparisons
• Plan the engagement to assess key risks and controls
• May include but is not limited to:
  • Recognize how to apply Topical Requirements when planning an engagement
  • When planning an engagement, recognize the strategic objectives of the activity under review and their integration with risk management, business performance measures, and performance management techniques
  • When planning an engagement, recognize existing and emerging cybersecurity risks, common information security and IT controls, IT general controls, the purpose and benefits of using an IT control framework, principles of data privacy, and data security policies and practices
  • When planning an engagement, recognize business continuity and disaster recovery readiness concepts such as business resilience, incident management, business impact analysis, and backup and recovery testing
  • When planning an engagement, recognize finance and accounting concepts related to the activity under review such as current and fixed assets, short-term and long-term liabilities, capital, and investments
  • When planning an engagement, recognize key risks and controls related to common business processes such as asset management, supply chain management, inventory management, accounts payable, procurement, compliance, third-party processes, customer relationship management systems, enterprise resource planning systems, and governance, risk, and compliance systems
• Determine the appropriate approach for an engagement
• May include but is not limited to:
  • Evaluate various approaches such as agile, traditional, integrated, and remote auditing to determine the most suitable approach
  • Describe project management concepts as they relate to planning and conducting an engagement
• Complete a detailed risk assessment of each activity under review
• May include but is not limited to:
  • Recognize how to apply Topical Requirements when completing a risk assessment
  • Recognize the pervasive financial, operational, IT, cybersecurity, and regulatory risks as they relate to the activity under review
  • Recognize the impact of emerging risks on the organization
  • Determine appropriate methods and criteria to evaluate and prioritize identified risks and controls
  • Recognize the impacts of change of people, processes, and systems on risk
  • Recognize the impact of different organizational structures and environments on the risk assessment, including centralized versus decentralized, flat versus traditional, and in-person versus remote work
  • Recognize the impact of organizational culture on the control environment, including individual and group behaviours and tone at the top
• Determine engagement procedures and prepare the engagement work program
• May include but is not limited to:
  • Determine procedures to evaluate control design
  • Identify procedures to test the effectiveness of controls
  • Identify procedures to test the efficiency of controls
  • Evaluate the adequacy of the engagement work program
  • Identify testing methodologies for an engagement that includes accounting, finance, IT systems, business operations, or cybersecurity

• Determine the level of resources and skills needed for the engagement
• May include but is not limited to:
  • Determine financial resources required for the engagement
  • Determine human resources required for the engagement
  • Determine technological resources required for the engagement
  • Evaluate implications of resource limitations
  • Demonstrate an individual internal auditor’s competency through continuing professional development

  Section B. Information Gathering, Analysis, and Evaluation (40%)

• Identify sources of information to support engagement objectives and procedures
• May include but is not limited to:
  • Determine suitable methods for obtaining information, including interviews, observations, walk-throughs, and data analyses
  • Determine suitable documents for obtaining information, including policies, checklists, risk and control questionnaires, and self- assessment surveys
• Evaluate the relevance, sufficiency, and reliability of evidence gathered to support engagement objectives
• May include but is not limited to:
  • Apply suitable criteria in evaluating the quality of evidence
  • Recognize factors that impact the reliability of evidence, such as obtaining the evidence directly from an independent source, obtaining corroborated evidence, and gathering evidence from a system with effective governance, risk management, and control processes
  • Describe evidence that would allow an informed and competent person to reach the same conclusions as the internal auditor
• Evaluate technology options that internal auditors may use to develop and support engagement findings and conclusions
• May include but is not limited to:
  • Recognize efficient and effective solutions, including artificial intelligence, machine learning, robotic process automation, continuous monitoring, dashboards, and embedded audit modules
• Apply appropriate analytical approaches and process mapping techniques
• May include but is not limited to:
  • Define process workflow segments
  • Analyze process workflows through process mapping, walk-throughs, and responsibility assignment matrices
  • Explain data types, including structured and non-structured
  • Explain data analytics processes, including defining objectives, obtaining relevant data, normalizing data, analyzing data, and communicating results
  • Determine when to use various data analysis methods, such as diagnostic analysis, prescriptive analysis, predictive analysis, anomaly detection, and text analysis
• Apply analytical review techniques
• May include but is not limited to:
  • Analyze ratios, variances, trends, financial and nonfinancial information, and benchmarking results
  • Determine appropriate analytical techniques to achieve engagement objectives
• Determine whether there is a difference between evaluation criteria and existing conditions and evaluate the significance of each finding
• May include but is not limited to:
  • Analyze existing conditions and compare to evaluation criteria
  • Identify root causes and potential effects of deviations from evaluation criteria
  • Appraise factors to establish the significance of findings
• Prepare workpapers, including relevant information to support conclusions and engagement results
• May include but is not limited to:
  • Organize information in workpapers
  • Identify elements of workpapers that are complete and include sufficient evidence
  • Analyze the link between workpapers and the engagement results
  • Determine factors to be considered when organizing and retaining engagement documentation, including regulatory requirements and internal policies
• Summarize and develop engagement conclusions
• May include but is not limited to:
  • Determine the significance of aggregated findings by applying professional judgement
  • Determine elements to be considered when developing engagement conclusions, such as the effectiveness of governance, risk management, and control processes

  Section C. Engagement Supervision and Communication (10%)

• Apply appropriate supervision throughout the engagement
• May include but is not limited to:
  • Describe how supervision applies throughout engagements, including during engagement planning
  • Describe supervisor responsibilities related to coordinating work assignments
  • Describe supervisor responsibilities related to reviewing workpapers and engagement conclusions
  • Describe supervisor responsibilities related to evaluating auditors' performance
• Apply appropriate communication with stakeholders throughout the engagement
• May include but is not limited to:
  • Determine effective communication methods (formal or informal, written or oral) during planning, fieldwork, and reporting
  • Identify situations that require escalation
  • Determine appropriate stakeholders for engagement communication

Who should attend?

All CIA Candidates

Please be advised of the event terms and conditions.
Delegates are also requested to review the content and the levels of the courses presented before booking, to ensure they are attending the right course.