IIA OnDemand Learning

• Identify the value proposition that stakeholders expect from the internal audit function.
• Identify the role of The IIA in the internal audit profession.
• Identify the various career opportunities in the internal audit field.
• Identify the structure and core elements of the International Professional Practices Framework® (IPPF®).
• Identify some of the frameworks used in the practice of internal auditing.
• Identify the main phases of the internal audit process.

Fundamentals

This course introduces you to the elements of the International Professional Practices Framework (IPPF), which facilitates consistent development, interpretation, and application of concepts, methodologies, and techniques useful to the profession of internal auditing.

This course highlights the IPPF’s authoritative mandatory guidance, including the Definition of Internal Auditing, the International Standards for the Professional Practice of Internal Auditing (Standards), the Core Principles for the Professional Practice of Internal Auditing, and the Code of Ethics. Conformance with the Standards is essential in meeting the responsibilities of internal auditors and the internal audit activity.

The IPPF also highlights recommended guidance, including Practice Guides and Global Technology Audit Guides (GTAGs).

• Express the importance of market risk in a financial services context.
• Describe the regulatory environment and requirements related to market risk.
• Recognize the risk governance and risk management processes surrounding market risk.
• Summarize the key components of market risk, including equity price risk, interest rate risk, and foreign exchange risk.
• Apply the International Professional Practices Framework (IPPF) and risk-based internal audit techniques to assess market risk and audit its underlying processes.

• Recognize the contribution the Standards and the Code of Ethics make.
• Assimilate the purpose and elements of the Standards.
• Describe the Standards that specifically apply to CAEs.
• Discern the Code of Ethics, including the Core Principles and Rules of Conduct.
• List criteria for assessing conformance with the Standards and Code of Ethics.
• Evaluate the importance of a Quality Assurance and Improvement Program (QAIP).
• Quantify the challenges to conforming with the Standards, and the strategies for enhancing conformance.

• Develop knowledge about the impact of culture and conduct in financial services organizations.
• Differentiate strong and weak organizational cultures.
• Recognize conduct risk and the regulatory environment.
• Identify risk frameworks associated with culture and conduct.
• Recognize a risk assessment process based on culture and conduct risk factors.
• Differentiate internal audit’s role in assessing and reporting on organizational culture and conduct.
• Differentiate considerations for culture and conduct during engagement planning, fieldwork, and outcomes.
• Define the integrated, targeted, and top-down approaches used in performing culture audits.

• Identify the definition of governance.
• Identify the different roles and responsibilities within governance.
• Identify the different enterprise-wide governance principles.
• Identify the changes in regulations and how governance has evolved into its present state.
• Identify the role of the internal audit function in the governance process.
• Identify where to find information about governance codes and regulations from countries around the world.

• Describe the importance of a code of ethics for internal auditors.
• Identify the principles of the IIA Code of Ethics.
• Summarize the rules of conduct of the IIA Code of Ethics.
• Express how to demonstrate individual conformance with the IIA Code of Ethics.

• Understand the purpose of the Code of Ethics and how it is applied in the financial services environment.
• Make situational decisions based on the four principles of the Code of Ethics.
• Describe the rules of conduct that aid in interpreting the four principles of the Code of Ethics.
• Differentiate how to apply the four principles and the rules of conduct in non-standard situations.

• Identify the purpose of the Code of Ethics.
• Identify the four principles of the Code of Ethics.
• Identify the rules that aid in interpreting each of the four principles.
• Identify how to apply the principles and rules outlined in the Code of Ethics, through provided scenarios.

• Summarize the purpose of the Code of Ethics.
• Make situational decisions based on the four principles of the Code of Ethics.
• Describe the rules of conduct that aid in interpreting each of the four principles.
• Differentiate the principles and the rules of conduct as outlined in the Code of Ethics.

• Identify the purpose of the Code of Ethics and how it applies from the technology and data perspective.
• Make situational decisions based on the four principles of the Code of Ethics as they relate to technology and data.
• Describe the rules of conduct that aid in interpreting each of the Code of Ethics’ four principles as they relate to technology and data.
• Differentiate how to apply the principles and the rules of conduct as outlined in the Code of Ethics in technology and data-related situations.

• Define IT change management.
• Identify types and sources of change.
• Summarize roles and responsibilities related to IT change management.
• Describe the change management process.
• Define the role of patches in the IT change management process.
• Describe preventative, detective, and corrective controls necessary for effective IT change management.
• Describe best practices for providing assurance over effective change management.

• Recognize the characteristics of big data.
• Describe the organizational benefits of big data.
• Discuss the elements of a big data program.
• Define the tools and technologies of a big data program.
• Define internal audit’s role in big data.
• Recognize the engagement planning steps to perform an audit of big data.
• List the key risks related to big data.
• List controls that should be tested while performing a big data audit engagement.

• Describe an insider threat.
• Differentiate between malicious and non-malicious threats.
• Discover the importance of having a corporate insider threat program.
• Identify the auditing practices necessary for evaluating an insider threat program.

• Recognize key infrastructure and network components.
• Determine the appropriateness of devices in the demilitarized zone (DMZ).
• Describe the required competencies of internal auditors performing infrastructure and networking audits.
• Identify common infrastructure and network terminology.
• Describe the seven layers of the Open Systems Interconnection (OSI) model and the layers of defense in depth.