IIA OnDemand Learning

• Describe the professional practice of internal auditing.
• Compare and contrast internal audit to external audit.
• Restate the concepts of governance, risk management, and control.
• Describe The IIA and the International Professional Practices Framework (IPPF).
• Describe the purpose, authority, and responsibility of the internal audit activity.
• Describe the purpose and the required and recommended elements of an internal audit charter.
• Distinguish between assurance and consulting services.

Fundamentals

This course introduces you to the elements of the International Professional Practices Framework (IPPF), which facilitates consistent development, interpretation, and application of concepts, methodologies, and techniques useful to the profession of internal auditing.

This course highlights the IPPF’s authoritative mandatory guidance, including the Definition of Internal Auditing, the International Standards for the Professional Practice of Internal Auditing (Standards), the Core Principles for the Professional Practice of Internal Auditing, and the Code of Ethics. Conformance with the Standards is essential in meeting the responsibilities of internal auditors and the internal audit activity.

The IPPF also highlights recommended guidance, including Practice Guides and Global Technology Audit Guides (GTAGs).

• Express the importance of market risk in a financial services context.
• Describe the regulatory environment and requirements related to market risk.
• Recognize the risk governance and risk management processes surrounding market risk.
• Summarize the key components of market risk, including equity price risk, interest rate risk, and foreign exchange risk.
• Apply the International Professional Practices Framework (IPPF) and risk-based internal audit techniques to assess market risk and audit its underlying processes.

• Recall the characteristics of agile internal auditing. 
• Compare and contrast agile internal auditing (Agile IA) methodologies to traditional internal auditing methodologies. 
• Describe the compatibility of agile internal auditing with the International Standards for the Professional Practice of Internal Auditing (Standards). 
• Identify Agile software development methodologies.

• Recognize the contribution the Standards and the Code of Ethics make.
• Assimilate the purpose and elements of the Standards.
• Describe the Standards that specifically apply to CAEs.
• Discern the Code of Ethics, including the Core Principles and Rules of Conduct.
• List criteria for assessing conformance with the Standards and Code of Ethics.
• Evaluate the importance of a Quality Assurance and Improvement Program (QAIP).
• Quantify the challenges to conforming with the Standards, and the strategies for enhancing conformance.

• Recognize the essence and implications of culture.
• Perceive the emerging mandate to audit culture.
• Differentiate effective strategies for auditing culture.
• Recognize practical considerations for internal audit.

• Identify the definition of governance.
• Identify the different roles and responsibilities within governance.
• Identify the different enterprise-wide governance principles.
• Identify the changes in regulations and how governance has evolved into its present state.
• Identify the role of the internal audit function in the governance process.
• Identify where to find information about governance codes and regulations from countries around the world.

• Describe the importance of a code of ethics for internal auditors.
• Identify the principles of the IIA Code of Ethics.
• Summarize the rules of conduct of the IIA Code of Ethics.
• Express how to demonstrate individual conformance with the IIA Code of Ethics.

• Understand the purpose of the Code of Ethics and how it is applied in the financial services environment.
• Make situational decisions based on the four principles of the Code of Ethics.
• Describe the rules of conduct that aid in interpreting the four principles of the Code of Ethics.
• Differentiate how to apply the four principles and the rules of conduct in non-standard situations.

• Identify the purpose of the Code of Ethics.
• Identify the four principles of the Code of Ethics.
• Identify the rules that aid in interpreting each of the four principles.
• Identify how to apply the principles and rules outlined in the Code of Ethics, through provided scenarios.

• Summarize the purpose of the Code of Ethics.
• Make situational decisions based on the four principles of the Code of Ethics.
• Describe the rules of conduct that aid in interpreting each of the four principles.
• Differentiate the principles and the rules of conduct as outlined in the Code of Ethics.

• Identify the purpose of the Code of Ethics and how it applies from the technology and data perspective.
• Make situational decisions based on the four principles of the Code of Ethics as they relate to technology and data.
• Describe the rules of conduct that aid in interpreting each of the Code of Ethics’ four principles as they relate to technology and data.
• Differentiate how to apply the principles and the rules of conduct as outlined in the Code of Ethics in technology and data-related situations.

• Define IT change management.
• Identify types and sources of change.
• Summarize roles and responsibilities related to IT change management.
• Describe the change management process.
• Define the role of patches in the IT change management process.
• Describe preventative, detective, and corrective controls necessary for effective IT change management.
• Describe best practices for providing assurance over effective change management.

• Recognize the characteristics of big data.
• Describe the organizational benefits of big data.
• Discuss the elements of a big data program.
• Define the tools and technologies of a big data program.
• Define internal audit’s role in big data.
• Recognize the engagement planning steps to perform an audit of big data.
• List the key risks related to big data.
• List controls that should be tested while performing a big data audit engagement.

• Describe an insider threat.
• Differentiate between malicious and non-malicious threats.
• Discover the importance of having a corporate insider threat program.
• Identify the auditing practices necessary for evaluating an insider threat program.

• Recognize key infrastructure and network components.
• Determine the appropriateness of devices in the demilitarized zone (DMZ).
• Describe the required competencies of internal auditors performing infrastructure and networking audits.
• Identify common infrastructure and network terminology.
• Describe the seven layers of the Open Systems Interconnection (OSI) model and the layers of defense in depth.