Section A. Internal Audit Operations (25%)

• Describe methodologies for the planning, organizing, directing, and monitoring of internal audit operations
• May include but is not limited to:
  • Describe methods for managing external providers of internal audit services
  • Describe methods for monitoring internal audit operations
  • Describe methods for balancing assurance and advisory engagements
  • Identify the conditions that warrant the review and possible revision of internal audit methodologies
• Describe key activities for managing financial, human, and IT resources within the internal audit function
• May include but is not limited to:
  • Outline the key steps and considerations of the budgeting process
  • Recognize the steps and considerations involved in recruiting resources
  • Identify the roles and responsibilities of various internal audit team members
  • Describe strategies to train, develop, and retain internal auditors
  • Describe the internal audit function’s performance management techniques
  • Explain key considerations for technological resources to perform engagements
  • Recognize behavioural and management techniques that would enhance the internal audit function, including job design, rewards, work schedules, mentoring, coaching, and constructive feedback
• Describe the key elements required to align internal audit strategy to stakeholder expectations
• May include but is not limited to:
  • Describe how internal audit strategy supports the organization’s business strategy and risk management practices
  • Explain the purpose of the internal audit function’s mission and vision statements
  • Describe how internal audit resource planning is aligned with the internal audit strategy
  • Identify the conditions that warrant the review and revision of internal audit strategy

  Section B. Internal Audit Plan (15%)

• Identify sources of potential engagements
• May include but is not limited to:
  • Describe the process for defining the audit universe
  • Identify key components of the audit universe
  • Recognize applicability of Topical Requirements
  • Describe the process for considering board and management requests
  • Describe the process for identifying applicable laws and regulatory mandates
  • Describe the process for identifying relevant market and industry trends, organizational changes, emerging issues, and emerging technologies such as the internet of things, artificial intelligence, blockchain, digital currency and assets, and robotic process automation
  • Explain the reasons for audit cycle requirements
• Describe the processes to develop a risk-based audit plan
• May include but is not limited to:
  • Describe the risk assessment methodology and risk prioritization
  • Describe the process for maintaining the audit plan’s alignment with the organization's strategy, the internal audit strategy, and stakeholder expectations
  • Recognize circumstances that may trigger the need to make timely updates to maintain a dynamic audit plan
• Recognize the importance for internal auditors to coordinate with other assurance providers and leverage their work
• May include but is not limited to:
  • Identify internal and external assurance providers
  • Identify examples of, and methods for, coordinating assurance coverage
  • Identify the criteria for evaluating assurance providers to determine the ability to rely on their work

  Section C. Quality of the Internal Audit Function (15%)

• Describe the required elements of the quality assurance and improvement program
• May include but is not limited to:
  • Recognize the key components of quality assurance
  • Recognize the applicability of Topical Requirements
  • Explain the purpose of a quality assurance and improvement program
  • Recognize the chief audit executive’s responsibility for communicating to the board the results of the quality assurance and improvement program
  • Compare the elements of internal and external assessments
  • Recognize acceptable qualifications of quality assessors
  • Describe key components of ongoing monitoring and periodic self- assessments
• Identify appropriate disclosure of nonconformance with The IIA's Global Internal Audit Standards
• May include but is not limited to:
  • Identify the information that must be communicated, such as the circumstances, actions taken, impact, and rationale for nonconformance
  • Describe the key steps for communicating nonconformance to senior management and the board

• Recognize practical methods for establishing internal audit key performance indicators or scorecard metrics that the chief audit executive communicates to senior management and the board
• May include but is not limited to:
  • Identify the objectives of key performance indicators
  • Identify key considerations when establishing performance indicators and the need to establish the target
  • Recognize the merit of both qualitative and quantitative performance indicators
  • Analyze the internal audit function’s performance measures, including financial, operational, quality, productivity, efficiency, and effectiveness

  Section D. Engagement Results and Monitoring (45%)

• Recognize attributes of effective engagement results communication
• May include but is not limited to:
  • Define the following terms in the context of final results communication: accurate, objective, clear, concise, constructive, complete, and timely
  • Recognize application of these attributes in the communication of engagement results
  • Identify effective communication methodologies
• Demonstrate effective communication of engagement results
• May include but is not limited to:
  • Describe the key components of audit reports, including objectives, scope, conclusions, recommendations, and action plans
  • Recognize when it is acceptable to include “conducted in accordance with the Global Internal Audit Standards” in the final communication of engagement results
  • Identify when it is necessary to document scope limitation
• Determine whether to develop recommendations, request action plans from management, or collaborate with management to agree on actions
• May include but is not limited to:
  • Recognize the appropriate protocol for internal auditors when there are disagreements with management about engagement findings or action plans
  • Recognize the purpose of recommendations and action plans, including cost-benefit considerations
  • Determine whether the action plan adequately addresses the root cause of a finding
• Describe the engagement closing communication and reporting process
• May include but is not limited to:
  • Describe the purpose and parties involved in the closing communication (exit conference)
  • Recognize the chief audit executive’s responsibility for distributing the final communication and reporting to stakeholders
  • Recognize the various purposes of communicating with different
• stakeholders, such as management of the activity under review, senior management, the board, the risk management function, external auditors, regulators, and the general public
  • Recognize the appropriate protocol for reporting on a finding that management has already resolved
  • Describe the chief audit executive’s responsibility and protocol for correcting significant errors and omissions in the final communication
• Describe the chief audit executive's responsibility for assessing residual risk for the engagement
• May include but is not limited to:
  • Recognize methodologies to assess the existing controls for design adequacy and effectiveness and determine the level of residual risk
  • Describe the purpose of aggregating and prioritizing findings
  • Describe the purpose of using a rating scale to reflect the overall assessment of controls for the engagement
• Describe the process for communicating risk acceptance (when management has accepted a level of risk that may be unacceptable to the organization)
• May include but is not limited to:
  • Recognize the method for determining whether a risk is unacceptable to the organization
  • Recognize the appropriate parties involved in communicating risk acceptance
  • Recognize the proper sequence of steps for communicating risk acceptance
• Describe the process for monitoring and confirming the implementation of management action plans
• May include but is not limited to:
  • Recognize the internal audit function’s responsibility for follow-up and tracking of management actions
  • Distinguish the key steps for monitoring and confirming management action plans
• Describe the escalation process if management has not adequately implemented an action plan
• May include but is not limited to:
  • Recognize the appropriate parties involved in the escalation process
  • Recognize the proper sequence of steps for the escalation process

Who should Attend:

All CIA Candidates

Please be advised of the event terms and conditions.
Delegates are also requested to review the content and the levels of the courses presented before booking, to ensure they are attending the right course.