Home > Training, Events and Conferences > Training Overview > Internal Audit Assistant Manager Role

Internal Audit Assistant Manager Role

IA Asst Manager profile

   Click on any of the below competency area to view the relevant courses


Competency Area The abilities I need to demonstrate in my role: The knowledge I need to attain to perform my role:
Business Acumen • Analyse the implications of global developments to business processes
• Analyse the implications of regulatory and legal framework within which the organisation operates
• Assess and consider how Infocomm Technology contributes to organisational objectives 
• Evaluate risk and potential impact of the adoption of Infocomm Technology 
• Industry specific knowledge relevant to the organisation
• Local and regional economic developments
• Regulatory and legal environment in which the organisation operates
• Technology trends and disruptors affecting businesses
Business Process Analysis • Review accuracy of documentation (narrative, flowcharts)
• Assess the effectiveness and efficiency of the internal control systems
• Review findings and design gaps identified against best practices
• Risks and controls analysis
• COSO Internal Controls Framework, ISO31000 or its equivalent (For internal audit only)
• COSO ERM Framework or its equivalent (For internal audit only)
• Working paper documentation
• Industry knowledge
Business Innovation and Improvement

Apply solution-focused methodologies to solve problems
Apply design principles in the organisation
Draw on logic, imagination and systematic reasoning to explore possibilities to transform and grow businesses
Identify problems, and plan targeted improvements and innovation 
Seek and justify opportunities for continuous improvement and innovation
• Apply agile methodology in projects

• Updates on available, applicable and appropriate technologies • Design frameworks and models
Tools for continuous innovation and process improvement 
Concepts, competencies for continuous innovation and process improvement
Agile methodology 
IA Engagement Execution • Supervise teams to work within the agreed timeline
• Manage and resolve conflicts with internal and external stakeholders 
• Review audit working papers to ensure that they sufficiently document information obtained, analysis made, and support conclusions
• Determine sufficiency of audit work done and evidence collated to support the findings
• Develop preliminary findings and formulate recommendations that deal with root causes of issues and impact to the organisation
• Present and discuss findings with process owners
• Apply and implement agile processes in engagement execution
• Develop, implement and monitor project plans to ensure delivery in accordance with agreed timelines
• Evaluate critically that audit evidence is reliable, relevant and sufficient
• Evaluate root causes, findings identified and recommendations formulated
• Internal Audit Framework or International Professional Practices Framework
• Internal control and risk management frameworks such as Committee of Sponsoring Organisations of the Treadway Commission (COSO) Internal Control, COSO Enterprise Risk Management (ERM) Frameworks and ISO31000
• Economic, business and industry knowledge within which the organisation operates
• Organisation, design and content of engagement working papers
• Root cause analysis 
• Organisation, design and content of reports and deliverables
• Good control practices and industry best practices
• Agile methodology
IA Engagement Planning • Conduct preliminary survey and risk assessment to understand the audit environment, including key business risks and controls
• Determine audit areas to address the risks identified 
• Develop work programmes
• Revise audit programmes based on risks identified 
• International Professional Practices Framework (IPPF) comprising definitions of Internal Auditing, Code of Ethics, core principles and International Standards for the Professional Practice of Internal Auditing 
• Organisation's significant risks, objectives, resources, operations, businesses and structure
• Internal audit methodology and procedures of the organisation
• Risk identification and assessment techniques
IA Function Management • Analyse own strengths and weaknesses to maximise personal contribution to the team
• Contribute effectively in audit assignments as an individual contributor as well as team member
• International  Professional Practices Framework (IPPF) comprising definition of Internal Auditing, Code of Ethics, core principles and International Standards for the Professional Practice of Internal Auditing
• The IIA Global Internal Audit Competency Framework 
IA Quality Assurance • Assess efficiency and effectiveness of the internal audit (IA) activities
• Conduct assessment of the IA activity for conformance with IPPF
• International Standards for the Professional Practice of Internal Auditing
• Requirements and scope of Quality Assurance and Improvement Programme (QAIP)
• Quality Assurance review plan
• International Professional Practices Framework (IPPF)
Project Execution and Control • Put in place controls and procedures to drive project
• Review and make decisions in lieu of changing business environment or various scenario analysis
• Assess and manage risks
• Organisation's business
• Resource availability and management
• Government schemes and policies (where applicable)
• Government legal regulations
Information Gathering and Analysis • Use data analysis in the planning process to provide insights to better design tests to address risks in the process
• Use analytics to identify trends, exceptions and insight
• Interpret findings to obtain business insights
• Present insights of business performance and trends for audit considerations
• Data mining and analytics
Statistical analysis 
Business intelligence tools
Organisation's business and environment 
Risk and control environment
Due Professional Care • Apply due professional care in conduct of audit
• Identify the extent of work needed to achieve the engagement’s objectives, including consideration of the relative complexity, materiality and significance of the matters concerned
• Apply professional scepticism in the conduct of audits 
• Identify conditions and circumstances that may indicate possible fraud 
• Identify conditions and circumstances that may suggest the need for additional procedures
• International Professional Practices Framework (IPPF)
• Due professional care considerations and requirements
• Extent of work needed to achieve engagement's objectives
• Probability of significant errors, irregularities, or non-compliance
• Relative complexity, materiality or significance of matters to which assurance procedures are applied
• Professional scepticism 
Enterprise Risk Management • Evaluate the effectiveness of risk mitigation, monitoring, and communication of risks and associated control activities
• Assess appropriateness of reporting lines for risk monitoring activities
• Review the adequacy and timeliness of reporting on risk management results
• Assess risk exposures relating to the organisation’s governance, operations and information systems
• Organisation’s risk profile and risk appetite
• Organisational objectives and mission
• Risk reporting structure
• Risk management framework, such as COSO ERM Framework or ISO30001
Financial Statement Analysis • Review characteristics of financial statements
• Calculate key ratios from a company’s financial statements
• Understand implications of key ratios from a company’s financial statements
• Appreciate major components of a financial balance sheet
• Relevant accounting terminology, treatment and standards
• How key business processes relate to financial statements
Fraud Risk Management • Identify situations that increase probability of fraud occurrence
• Consider the potential for fraud risks in the assessment of control design
• Determine audit procedures for evaluating potential for occurrence of fraud
• Red flags indicating fraud
• Types of fraud and common concealment activities
• Organisation’s business, internal controls framework and financial processes
Governance • Assess the design and operational effectiveness of governance structure against best practices and information from different sources, including internal audit assignments, audits of specific governance processes and findings from external auditors
• Identify opportunities to improve effectiveness and efficiencies of governance framework to address governance risk
• Regulatory requirements and guidelines, including code of corporate governance, companies act, Singapore Exchange (SGX) listing manual
• Governance framework
• Best corporate governance practices
Internal Controls • Review the adequacy and effectiveness of controls
• Assess the effectiveness of processes to monitor compliance of controls
• Review results of control gaps from evidence collected and proposals made for improvement
• Assess residual risks after taking into consideration of mitigating controls
• Internal control framework
• Organisation’s business and processes
• Financial and operational information
• Objectives of key controls
Cyber Security • Associate potential cyber security risks and threats with area of work
• Adhere to the organisation's policies and procedures to protect confidentiality and integrity of information
• Set policies and procedures for when cyber security related issues require escalation to relevant team members
• Articulate when additional cyber security resources are needed to mitigate risks
• Organisation's cyber security policies and procedures
• Areas prone to cyber security threats
• Cyber security developments
Digital Technology Environment Scanning • Keep abreast of latest IT solutions
• Keep abreast of latest technology regulations
• Gather information on the operating needs of the organisation
• Identify IT solutions that will streamline the organisation’s processe
• Emerging technological trends
• Emerging technological trends such as block chain, machine learning, artificial intelligence, robotic process automation, and digital currency
• Relevant current regulations and any impending legislative changes
• Organisation’s processes
Data Analytics • Generate reports on trends to aid management decision making
• Generate reports on risks to aid management decision making
• Distil data to determine patterns, provide information and anticipate future outcomes
• Support data-driven tactical and strategic decision-making
• Align the outputs or reports of corporate information systems with the changing needs of those reading and using the reports, to improve support of activities such as benchmarking, decision-making and planning
• Use business intelligence tools
• Define research objectives for data analytic activities
• Review data to ensure that planning parameter are captured in extracted datasets
• Data management cycle 
• Data governance
• Data sources and extraction methods
• Data analytics and business intelligence tools
• Data interpretation tools and trend analysis techniques
• Gaps between needs and existing data models
Infocomm Security and Data Privacy • Review sufficiency of control testing performed and evidence collated to support the findings
• Assess the effectiveness of the IT governance framework
• Assess the adequacy and timeliness of significant risk items being escalated to senior management
• IT governance frameworks such as COBIT
• Information management systems and processes (i.e. security, application development and infrastructure)
• Global Technology Audit Guide (GTAG)
Risk Management • Quantify risks to make decisions on the actions to be taken for each risk
• Make decisions under conditions of uncertainty
• Assess suitability of risk and potential for risk transfer
• Deploy corporate governance practices and risk assessment processes with integrated risk management and control systems
• Identify potential mitigation strategies to deal with issues arising from social and digital platforms  
• Different risk management techniques available and their impacts on businesses
• Decision trees
• Bayes Theorem
• Probabilistic models and interpretation of distribution of project outcomes
• Risk Transfer
• Social and digital platforms risk mitigations
Auditor Independence • Apply safeguards against risks of threats which may impair independence
• Assess that the team maintains independence in appearance and of mind
• Relevant ethics pronouncements or code of professional conduct and ethics
• Conceptual framework approach to independence
• Ethical threats 
• Safeguards against risks of ethical threats
Professional and Business Ethics • Support and uphold a culture of appropriate ethics and values within relevant team 
• Apply safeguards to deter situations that may result in unethical behaviours
• Identify situations which may give rise to ethical conflicts in accordance with the principles of relevant code of professional conduct and ethics
• Develop plans to negate occurrence of ethical breaches
• Organisation’s ethical culture 
• Ethical threats and safeguards
• Ethical principles and market practices 
• Role of self and team in adhering to Code of Ethics
Professional Standards • Guide the team on professional standards relevant to scope of work
• Ensure the team complies with the relevant professional standards
• Current developments in practice and legislation
• Emerging trends and developments of the profession
• Team management
Communication Articulate and discuss ideas and persuade others to achieve common outcomes.  
Digital Literacy Use available software features to enhance documents, analyse and manipulate data  and use ICT to organise, share and communicate information clearly and coherently.   
Interpersonal Skills Detect and decipher emotions of others to manage interpersonal relationships in social situations.  
Problem Solving Identify less perceivable problems and use problem solving tools and techniques to solve the problems.  
Teamwork Facilitate work team activities, provide assistance and support needed by team members and promote ownership and commitment among team members to work goals to improve team performance.  


Back to Training Overview