Home > Training, Events and Conferences > Training Overview > Head of Internal Audit/ Chief Audit Executive Role
Head of Internal Audit/ Chief Audit Executive Role
Click on any of the competency areas to view the relevant courses
| Competency Area | The abilities I need to demonstrate in my role: | The knowledge I need to attain to perform my role: |
| Business Acumen | • Revise strategies as needed based on changes • Shape organisations’ business strategies with inputs related to business • Influence stakeholders to seek buy-in • Manage associated risks of new opportunities |
• Industry specific knowledge relevant to the organisation • Organisation strategies • Strategy development processes and considerations • Global economic developments • Regulatory and legal environment in which the organisation operates • Technology trends and disruptors affecting businesses |
| Business Process Analysis | • Review the quality of business process analysis and process improvement recommendations • Evaluate implications of process design improvement recommendations on organisation's strategic objectives • Obtain buy-in of process owners to accept recommendations |
• Committee of Sponsoring Organisations of the Treadway Commission (COSO) Internal Controls framework, ISO31000 or its equivalent • COSO ERM Framework or its equivalent • Industry best practices • Mission, vision, direction, strategic priorities and key initiatives of an organisation |
| Business Innovation and Improvement | • Create opportunities for improvement and innovation across the organisation • Evaluate proposed ideas and fine-tune messaging • Establish ways to implement changes across functional teams • Evaluate initiatives and decide on project continuation and/or implementation • Initiate and drive change management programmes across the accountancy function • Develop mind-set shifts by acting as an advisor and advocating intended benefits of change to management • Articulate needs for change and techniques to influence changes |
• Organisation and its business environment • Organisational behaviours that resist changes and techniques to manage resistances • Change management models • Evolving and emerging trends and developments in domain knowledge • Government policies and regulations |
| IA Engagement Execution | • Identify and escalate strategic implications to the organisation from audit engagement findings • Evaluate that significant risk exposures and control issues, including fraud risk and governance issues are covered in the final engagement communication • Resolve findings and issues with senior management • Communicate objectively audit engagement results to senior management and board |
• International Professional Practices Framework • Internal control and risk management frameworks such as Committee of Sponsoring Organisations of the Treadway Commission (COSO) Internal Control, COSO ERM Frameworks and ISO31000 • Economic, business and industry knowledge within which the organisation operates • Organisation strategies and priorities • Good control practices and industry best practices |
| IA Engagement Planning | • Evaluate completeness and relevance of risk assessments • Review and approve audit engagement plans • Evaluate the relevance and the prioritisation or focus of the audit plan and its alignment with IA and organisational strategies • Assess that audit plan sufficiently covers the scope, addresses key risks and considers expectations of Senior Management and Board • Establish key performance indicators to measure the progress and performance of each initiative against expectations |
• International Professional Practices Framework (IPPF) comprising definition of Internal Auditing, Code of Ethics, core principles and International Standards for the Professional Practice of Internal Auditing • Best practices in governance, risk and controls • Enterprise risk management framework, including setting risk appetite • Mission, vision, strategy and objectives of an organisation • Audit strategy, audit universe and audit cycle |
| IA Function Management | • Establish internal audit (IA) audit charter including IA terms of reference and service delivery approach • Review and adjust the internal audit team skills mix and diversity according to organisation's objectives and risks • Lead and assess annual risk analysis to formulate risk based audit plan. • Develop and implement a plan for professional and career development of IA staff • Determine an adequate budget to support IA planned activities • Establish clear performance standards for internal auditors and the internal audit function • Establish appropriate appraisal system and conduct performance appraisal of IA teams • Establish recruitment system that result in competent performers being hired • Manage board, audit committees and senior management |
• International Professional Practices Framework (IPPF), including Code of Ethics • The Institute of Internal Auditors (IIA) Global Internal Audit Competency Framework • Human resource management (including training and development, recruitment and retention, and performance appraisal) • Coaching and mentoring • Performance feedback and appraisal • Budgeting and forecasting • Success planning strategies • Audit strategy |
| IA Quality Assurance | • Review the results of the assessment • Establish a reporting structure for results of assessments that maintains appropriate credibility and objectivity • Communicate results of QAIP to senior management and the board |
• International Standards for the Professional Practice of Internal Auditing • Requirements and scope of QAIP (i.e. internal and external assessments) |
| Information Gathering and Analysis | • Evaluate business insights, assess the strategic implications and make appropriate recommendations • Communicate high risks areas with process owners, Senior Management and Board • Communicate opportunities to Senior Management and Board |
• Competitive analysis of business and operating environment • Organisation's risks and controls environment • Organisation's mission, vision, direction, strategic priorities and key initiatives • Data communication techniques |
| Due Professional Care | • Monitor application of the "due professional care" Standard in performing audit activities • Manage effect on objectives, operations or resources because of risks • Communicate engagement results with stakeholders |
• Significant risks that might affect objectives, operations or resources • Needs and expectations of stakeholders, including the nature, timing and communication of engagement results • Relative complexity and extent of work needed to achieve the engagement's objectives • Cost of the consulting engagement in relation to potential benefits • Due professional care in the context of staffing the internal audit team |
| Enterprise Risk Management | • Assess the risk management and internal control systems are operational as intended • Review the completeness of management’s risk analysis and actions taken to remedy issues raised by risk management processes, and suggest improvements • Evaluate risk exposures relating to the organisation’s governance, operations and information systems • Communicate with senior management and Board on risk-related issues that may indicate weakness in risk management practices. • Facilitate review of strategic and business risk issues and assess risk governance framework |
• Organisation’s risk profile • Organisational objectives and mission • Risk management framework, such as COSO ERM Framework or ISO30001 • Risk governance framework including setting of risk appetite and tolerance |
| Financial Statements Analysis | • Review characteristics of financial statements • Calculate key ratios from a company’s financial statements • Understand implications of key ratios from a company’s financial statements • Appreciate major components of a financial balance sheet |
• Relevant accounting terminology, treatment and standards • How key business processes relate to financial statements |
| Fraud RIsk Management | • Evaluate fraud detection and reporting tools and measures • Enhance staff’s appreciation and awareness of fraud detection and response strategy • Train staff on awareness of fraud risks • Evaluate adequacy of risk response strategy and practices to deter or prevent fraud • Evaluate adequacy of plans for monitoring fraud risk program • Support a culture of fraud risk awareness at all levels of the organisation • Communicate to senior management or Board if any additional action is necessary or whether an investigation should be recommended |
• Red flags indicating fraud • Types of fraud and common concealment activities • Elements of an effective fraud risk management programme • Organisation’s business, internal controls framework and financial processes • Assess adequacy of internal audit plan on fraud risk evaluation |
| Governance | • Engage the board and senior management on governance best practices and issues • Articulate the benefits of good governance structure to influence adoption by senior management and the board • Endorse the principles of governance and compliance in the organisation • Adhere to ethical codes of practice when endorsing governance principles and policies to ensure organisational compliance to governance requirements • Influence organisation’s compliance culture |
• Regulatory requirements and guidelines, including code of corporate governance, Companies Act, Singapore Exchange (SGX) listing manual • Governance framework • Best practices in corporate governance • Techniques to build a corporate compliance culture |
| Internal Controls | • Assess the internal control framework • Assess the adequacy and effectiveness of controls • Evaluate the implications of organisational changes, operational changes and changes in business strategy using appropriate internal control framework • Advise board and senior management on improvement initiatives to improve controls |
• Internal control framework • Organisation’s business and processes • Financial and operational information • Organisation’s strategic objectives |
| Cyber Security | • Associate potential cyber security risks and threats with area of work • Adhere to the organisation's policies and procedures to protect confidentiality and integrity of information • Set policies and procedures for when cyber security related issues require escalation to relevant team members • Articulate when additional cyber security resources are needed to mitigate risks |
• Organisation's cyber security policies and procedures • Areas prone to cyber security threats • Cyber security developments |
| Data Analytics | • Lead the implementation of the data science strategy, procedures and metrics to support requirements • Analyse and interpret financial and non-financial data, including big data • Identify and evaluate significant features of performance, including both financial and non-financial relevant performance indicators • Synthesise critical findings and insights within the business context to make inferences and business decisions • Highlight inconsistencies in information through analysis and the application of knowledge • Exploit technologies, such as big data tools, cloud resources, and smart software, to improve backward-looking and forward-looking analysis |
• Data management cycle • Data governance • Industry best practices and successful case studies • Evolving field of analytics and its potential to support business growth • Predictive analytics as an enabler to forecast future performance and perform stress testing on business lines • Visual analytics tools |
| Digital Technology Environment Scanning | • Match macro trends to the needs of the organisation • Identify and leverage new digital technologies, such as cloud and mobile, to create technology-enabled finance functions and deliver insights and value to the business • Deliver analytics-driven insights through technologies to create competitive advantage • Embrace technological transformations for finance and the overall business, and encourage the team to do the same • Assess IT environment against business and department strategies • Review technological trends and assess the level of impact on the organisation and the disruption to the industry |
• Technological developments and trends • Industry best practices • Emerging technological trends such as block chain, machine learning, artificial intelligence robotic process automation, and digital currency |
| Infocomm Security and Data Privacy | • Evaluate the effectiveness of IT governance frameworks in supporting the organisation’s strategies and objectives • Determine the effectiveness of IT risks, security and data privacy policies and procedures • Develop policies and procedures in alignment with current practices and legislations • Communicate to the board and senior management the assessments of the IT risks, security and data privacy policies and procedures |
• Organisation’s strategies and objectives • Information management systems and processes • Strategic implications of IT on the organisation’s strategies and to gain a competitive advantage • IT risks, security and data privacy procedures and policies • Emerging trends and developments in IT risks, security and data privacy |
| Risk Management | • Analyse a range of risks in highly complex situations, which can be qualitative, semi-quantitative or quantitative • Recommend mitigating strategies and implement structures and processes to control risks • Articulate the impact of cultural differences on risk appetite and risk management strategies • Lead organisation's governance and risk infrastructures • Act as an integrator and navigator for the organisation by applying a systems thinking approach to implementing governance processes • Balance the responsibilities of stewardship with business partnership |
• Enterprise risk management • Evolving methodologies for risk management which should be incorporated into risk and control functions |
| Auditor Independence | • Develop safeguards to maintain auditor’s independence • Evaluate effectiveness of safeguards in maintaining auditor’s independence • Maintain independence in the development and execution of internal audit plans for the organisation |
• Industry best practices on safeguards against risks of threats to independence • Common causes of independence being breached |
| Professional and Business Ethics | • Advocate board and management to establish ethics and values within the organisation and tone at the top • Demonstrate compliance and application of ethical values as role model • Evaluate effectiveness of safeguards applied to eliminate or reduce identified threats of unethical behaviour • Exercise due professional care • Review adequacy of measures proposed for resolution of ethical issues identified • Foster ethical climate of the organisation |
• Organisation’s code of conduct or code of ethics • The Institute of Internal Auditor’s Code of Ethics • Ethics framework • Interrelation between governance and ethical culture |
| Professional Standards | • Ensure the organisation complies with the relevant professional standards • Contribute in shaping development of professional standards • Deepen stakeholder engagement and promote confidence in professional standards |
• Current developments in practice and legislation • Emerging trends and developments of the profession |
| Communication | Negotiate with others to address issues and achieve mutual consensus. | |
| Decision Making | Make decision in a volatile and ambiguous setting using a structured process and limited sources of available information to achieve intended goals. | |
| Developing People | Provide mentorship to help others to develop their professional and personal development to improve performance and further their careers. | |
| Interpersonal Skills | Influence, guide and handle others’ emotions to build instrumental relationships and manage conflicts and disagreements. | |
| Leadership | Lead by example at organisational level. Inspire, motivate and guide others to adopt a point of view, make changes or take action. Cultivate an open, cooperative and collaborative learning culture for the organisation. |
