Home > Training, Events and Conferences > Training Overview > Internal Audit Manager/Senior Manager Role
Internal Audit Manager/Senior Manager Role
Click on any of the below competency areas to view the relevant courses.
| Competency Area | The abilities I need to demonstrate in my role: | The knowledge I need to attain to perform my role: |
| Business Acumen | • Evaluate the long-term sustainability of business models impacted by technology and other disruptors • Assess impact of changes • Update business plans to take advantage of new opportunities |
• Industry specific knowledge relevant to the organisation • Global economic developments • Regulatory and legal environment in which the organisation operates • Technology trends and disruptors affecting businesses |
| Business Process Analysis | • Assess the practicality of recommendations • Review the effectiveness and efficiency of the internal control systems |
• Risks and controls analysis • COSO Internal Controls Framework, ISO31000 or its equivalent (For internal audit only) • COSO ERM Framework (For internal audit only) • Industry best practices |
| Business Innovation and Improvement | • Provide direction on the overall business plans • Implement and communicate new processes and business innovations effectively • Establish and drive strategies and standards to grow the business • Analyse problems and review targeted improvements and innovations • Create opportunities for improvements and innovation across teams • Implement change management programmes • Develop mind-set shifts by creating an environment which enables staff to embrace and be receptive towards change |
• Updates on available, applicable and appropriate technologies • Design frameworks and models • Old and new business models |
| IA Engagement Execution | • Supervise teams to work within the agreed timeline • Manage and resolve conflicts with internal and external stakeholders • Review audit working papers to ensure that they sufficiently document information obtained, analysis made, and support conclusions • Determine sufficiency of audit work done and evidence collated to support the findings • Develop preliminary findings and formulate recommendations that deal with root causes of issues and impact to the organisation • Present and discuss findings with process owners • Apply and implement agile processes in engagement execution • Develop, implement and monitor project plans to ensure delivery in accordance with agreed timelines • Evaluate critically that audit evidence is reliable, relevant and sufficient • Evaluate root causes, findings identified and recommendations formulated |
• Internal Audit Framework or International Professional Practices Framework • Internal control and risk management frameworks such as Committee of Sponsoring Organisations of the Treadway Commission (COSO) Internal Control, COSO Enterprise Risk Management (ERM) Frameworks and ISO31000 • Economic, business and industry knowledge within which the organisation operates • Organisation, design and content of engagement working papers • Root cause analysis • Organisation, design and content of reports and deliverables • Good control practices and industry best practices • Agile methodology |
| IA Engagement Planning | • Develop and document risk-based audit plans, objectives, scope, timing and resource allocations • Identify sources of potential engagements through risk framework • Review audit engagement objectives and scope to ensure they address the risks identified • Review and approve audit engagement programs • Revise audit plans based on business rollout plans for new technology applications |
• International Professional Practices Framework (IPPF) comprising definition of Internal Auditing, Code of Ethics, core principles and International Standards for the Professional Practice of Internal Auditing • Organisation's risk management frameworks • Risk appetite levels set by management and/or own judgement of risks • Organisation audit strategies, audit universe and audit cycle • Business rollout plans for new technology applications |
| IA Function Management | • Deploy sufficient staff with appropriate competencies to achieve engagement objectives • Play a key role in annual audit planning process. • Delegate tasks in a constructive and supportive manner • Coach staff to enhance competence and professional development • Determine the appropriate continuing professional development necessary to keep staff effective in work • Conduct effective performance appraisal of IA teams against key performance indicators |
• International Professional Practices Framework (IPPF), including Code of Ethics • The Institute of Internal Auditors (IIA) Global Internal Audit Competency Framework • Human resource planning • Training needs analysis • Coaching and mentoring • Staff management • Performance feedback and appraisal of engagement team |
| IA Quality Assurance | • Assess efficiency and effectiveness of the internal audit activity and identify opportunities for improvement • Conduct assessment of the IA activity for conformance with International Professional Practices Framework (IPPF) • Recommend improvements and express opinion on the results |
• International Standards for the Professional Practice of Internal Auditing • Requirements and scope of QAIP (i.e. internal and external assessments) |
| Information Gathering and Analysis | • Review business insights and make recommendations for improvement • Use insights and recommendations to enhance planning and delivery of work outputs • Define areas of focus for data analysis in alignment with the objectives and priorities of the strategies and plans • Conceptualise new data collection, analysis and interpretation techniques and data and information sources |
• Competitive analysis of business and operating environment • Organisation's risks and controls environment • Data collection techniques |
| Project Execution and Control | • Prepare and analyse types of evaluation reports • Gather data and information in an efficient manner • Apply various evaluation methods on project plans |
• Organisation's business • Applicability of government schemes • Government schemes and policies (where applicable) • Government legal regulations • Evaluation methods and tools |
| Due Professional Care | • Monitor application of the "due professional care" Standard in performing audit activities • Manage effect on objectives, operations or resources because of risks • Communicate engagement results with stakeholders |
• Significant risks that might affect objectives, operations or resources • Needs and expectations of stakeholders, including the nature, timing and communication of engagement results • Relative complexity and extent of work needed to achieve the engagement's objectives • Cost of the consulting engagement in relation to potential benefits • Due professional care in the context of staffing the internal audit team |
| Enterprise Risk Management | • Assess the risk management and internal control systems are operational as intended • Review the completeness of management’s risk analysis and actions taken to remedy issues raised by risk management processes, and suggest improvements • Evaluate risk exposures relating to the organisation’s governance, operations and information systems • Communicate with senior management and Board on risk-related issues that may indicate weakness in risk management practices. • Facilitate review of strategic and business risk issues and assess risk governance framework |
• Organisation’s risk profile • Organisational objectives and mission • Risk management framework, such as COSO ERM Framework or ISO30001 • Risk governance framework including setting of risk appetite and tolerance |
| Financial Statements Analysis | • Review characteristics of financial statements • Calculate key ratios from a company’s financial statements • Understand implications of key ratios from a company’s financial statements • Appreciate major components of a financial balance sheet |
• Relevant accounting terminology, treatment and standards • How key business processes relate to financial statements |
| Fraud Risk Management | • Evaluate situations that increase probability of fraud occurrence • Coach staff to be alert to opportunities that could allow fraud, such as control deficiencies • Evaluate whether management is actively overseeing the fraud risk management programs |
• Red flags indicating fraud • Types of fraud and common concealment activities • Elements of an effective fraud risk management programme • Organisation’s business, internal controls framework and financial processes |
| Governance | • Evaluate design and operational effectiveness of governance framework for addressing governance risks • Engage the board and senior management on governance best practices and issues. • Articulate the benefits of good governance structure to influence adoption by senior management and the board |
• Regulatory requirements and guidelines, including code of corporate governance, companies act, Singapore Exchange (SGX) listing manual • Governance framework • Best corporate governance practices |
| Internal Controls | • Assess the internal control framework • Assess the adequacy and effectiveness of controls • Evaluate the implications of organisational changes, operational changes and changes in business strategy using appropriate internal control framework • Advise board and senior management on improvement initiatives to improve controls |
• Internal control framework • Organisation’s business and processes • Financial and operational information • Organisation’s strategic objectives |
| Cyber Security | • Associate potential cyber security risks and threats with area of work • Adhere to the organisation's policies and procedures to protect confidentiality and integrity of information • Set policies and procedures for when cyber security related issues require escalation to relevant team members • Articulate when additional cyber security resources are needed to mitigate risks |
• Organisation's cyber security policies and procedures • Areas prone to cyber security threats • Cyber security developments |
| Digital Technology Environment Scanning | • Analyse the operating needs of the organisation • Identify suitable IT solutions for the organisation • Identify emerging IT trends • Assess the level of impact of IT developments on the organisation and the overall disruption to the industry |
• Technological developments and trends • Emerging technological trends such as block chain, machine learning, artificial intelligence, robotic process automation, and digital currency • Relevant current regulations and any impending legislative changes |
| Data Analytics | • Lead the implementation of the data science strategy, procedures and metrics to support requirements • Analyse and interpret financial and non-financial data, including big data • Identify and evaluate significant features of performance, including both financial and non-financial relevant performance indicators • Synthesise critical findings and insights within the business context to make inferences and business decisions • Highlight inconsistencies in information through analysis and the application of knowledge • Exploit technologies, such as big data tools, cloud resources, and smart software, to improve backward-looking and forward-looking analysis |
• Data management cycle • Data governance • Industry best practices and successful case studies • Evolving field of analytics and its potential to support business growth • Predictive analytics as an enabler to forecast future performance and perform stress testing on business lines • Visual analytics tools |
| Infocomm Security and Data Privacy | • Review sufficiency of control testing performed and evidence collated to support the findings • Assess the effectiveness of the IT governance frameworks • Assess the adequacy and timeliness of significant risk items being escalated to senior management |
• IT governance frameworks • Information management systems and processes • Global Technology Audit Guide (GTAG) • Organisation’s IT, information security and data privacy policies and procedures |
| Risk Management | • Analyse a range of risks, which can be qualitative, semi-quantitative or quantitative • Recommend mitigating strategies and implement structures and processes to control risks • Articulate the impact of cultural differences on risk appetite and risk management strategies • Assess uncertainties that remained after controls are implemented • Act as an integrator and navigator for the organisation by applying a systems thinking approaches to implementing governance processes • Implement effective management and information systems to support governance and risk infrastructures |
• Enterprise risk management • Evolving methodologies for risk management which should be incorporated into risk and control function |
| Auditor Independence | • Ascertain effectiveness of safeguards applied and ensure that risk of threats are reduced to an acceptable level such that independence is not compromised. • Evaluate that the organisation maintains independence in appearance and of mind |
• Relevant ethics pronouncements or code of professional conduct and ethics • Conceptual framework approach to independence • Ethical threats • Safeguards against risks of ethical threats |
| Professional and Business Ethics | • Promote ethics and values within the organisation • Demonstrate compliance and application of ethical values as role model • Assess effectiveness of safeguards applied to eliminate or reduce identified threats of unethical behaviour • Advise on additional safeguards applied to support ethical climate • Exercise due professional care • Investigate ethical issues and propose measures for resolution |
• Role of accounting and accountants in providing information about the social and environmental performance of an organisation • Ethical threat risk mitigation strategies |
| Professional Standards | • Ensure the department complies with the relevant professional standards • Implement procedures to maintain confidentiality and independence where applicable • Review professional conduct of personnel within the department to identify breaches in professional standards |
• Department policies and procedures for reviewing and reporting on adherence to professional standards • Relevant professional standard |
| Decision Making | Make decision in a complex setting to achieve intended goals using a structured process and multiple sources of available information. | |
| Developing People | Provide coaching to others to develop their skills and knowledge on their jobs to enhance performance. | |
| Leadership | Lead by example at organisational level. Inspire, motivate and guide others to adopt a point of view, make changes or take action. Cultivate an open, cooperative and collaborative learning culture for the organisation. | |
| Resource Management |
Establish strategies for the allocation and deployment of resources efficiently and effectively. |
|
| Sense Making | Analyse data relationships, patterns and trends to gain important insights and make informed decisions. |
