Home > Training, Events and Conferences > Training Overview > Internal Audit Manager/Senior Manager Role

Internal Audit Manager/Senior Manager Role

IA Mgr profile
Click on any of the below competency areas to view the relevant courses.


Competency Area The abilities I need to demonstrate in my role: The knowledge I need to attain to perform my role:
Business Acumen • Evaluate the long-term sustainability of business models impacted by technology and other disruptors
• Assess impact of changes 
• Update business plans to take advantage of new opportunities
• Industry specific knowledge relevant to the organisation
• Global economic developments
• Regulatory and legal environment in which the organisation operates
• Technology trends and disruptors affecting businesses
Business Process Analysis • Assess the practicality of recommendations
• Review the effectiveness and efficiency of the internal control systems
• Risks and controls analysis
• COSO Internal Controls Framework, ISO31000 or its equivalent (For internal audit only)
• COSO ERM Framework (For internal audit only)
• Industry best practices
Business Innovation and Improvement • Provide direction on the overall business plans 
• Implement and communicate new processes and business innovations effectively
• Establish and drive strategies and standards to grow the business
• Analyse problems and review targeted improvements and innovations
• Create opportunities for improvements and innovation across teams
• Implement change management programmes 
• Develop mind-set shifts by creating an environment which enables staff to embrace and be receptive towards change
• Updates on available, applicable and appropriate technologies
• Design frameworks and models
• Old and new business models
IA Engagement Execution • Supervise teams to work within the agreed timeline
• Manage and resolve conflicts with internal and external stakeholders 
• Review audit working papers to ensure that they sufficiently document information obtained, analysis made, and support conclusions
• Determine sufficiency of audit work done and evidence collated to support the findings
• Develop preliminary findings and formulate recommendations that deal with root causes of issues and impact to the organisation
• Present and discuss findings with process owners
• Apply and implement agile processes in engagement execution
• Develop, implement and monitor project plans to ensure delivery in accordance with agreed timelines
• Evaluate critically that audit evidence is reliable, relevant and sufficient
• Evaluate root causes, findings identified and recommendations formulated
• Internal Audit Framework or International Professional Practices Framework
• Internal control and risk management frameworks such as Committee of Sponsoring Organisations of the Treadway Commission (COSO) Internal Control, COSO Enterprise Risk Management (ERM) Frameworks and ISO31000
• Economic, business and industry knowledge within which the organisation operates
• Organisation, design and content of engagement working papers
• Root cause analysis 
• Organisation, design and content of reports and deliverables
• Good control practices and industry best practices
• Agile methodology
IA Engagement Planning • Develop and document risk-based audit plans, objectives, scope, timing and resource allocations
• Identify sources of potential engagements through risk framework
• Review audit engagement objectives and scope to ensure they address the risks identified 
• Review and approve audit engagement programs
• Revise audit plans based on business rollout plans for new technology applications
• International  Professional Practices Framework (IPPF) comprising definition of Internal Auditing, Code of Ethics, core principles and International Standards for the Professional Practice of Internal Auditing 
• Organisation's risk management frameworks
• Risk appetite levels set by management and/or own judgement of risks
• Organisation audit strategies, audit universe and audit cycle 
• Business rollout plans for new technology applications
IA Function Management • Deploy sufficient staff with appropriate competencies to achieve engagement objectives
• Play a key role in annual audit planning process.
• Delegate tasks in a constructive and supportive manner
• Coach staff to enhance competence and professional development
• Determine the appropriate continuing professional development necessary to keep staff effective in work
• Conduct effective performance appraisal of IA teams against key performance indicators
• International  Professional Practices Framework (IPPF), including Code of Ethics
• The Institute of Internal Auditors (IIA) Global Internal Audit Competency Framework
• Human resource planning
• Training needs analysis
• Coaching and mentoring
• Staff management
• Performance feedback and appraisal of engagement team
IA Quality Assurance • Assess efficiency and effectiveness of the internal audit activity and identify opportunities for improvement
• Conduct assessment of the IA activity for conformance with International  Professional Practices Framework (IPPF)
• Recommend improvements and express opinion on the results
• International Standards for the Professional Practice of Internal Auditing
• Requirements and scope of QAIP (i.e. internal and external assessments)
Information Gathering and Analysis • Review business insights and make recommendations for improvement 
• Use insights and recommendations to enhance planning and delivery of work outputs
• Define areas of focus for data analysis in alignment with the objectives and priorities of the strategies and plans
• Conceptualise new data collection, analysis and interpretation techniques and data and information sources
• Competitive analysis of business and operating environment
• Organisation's risks and controls environment
• Data collection techniques
Project Execution and Control Prepare and analyse types of evaluation reports
Gather data and information in an efficient manner
Apply various evaluation methods on project plans
Organisation's business
Applicability of government schemes 
Government schemes and policies (where applicable)
Government legal regulations
Evaluation methods and tools
Due Professional Care • Monitor application of the "due professional care" Standard in performing audit activities
• Manage effect on objectives, operations or resources because of risks 
• Communicate engagement results with stakeholders
• Significant risks that might affect objectives, operations or resources
• Needs and expectations of stakeholders, including the nature, timing and communication of engagement results
• Relative complexity and extent of work needed to achieve the engagement's objectives
• Cost of the consulting engagement in relation to potential benefits
• Due professional care in the context of staffing the internal audit team
Enterprise Risk Management • Assess the risk management and internal control systems are operational as intended
• Review the completeness of management’s risk analysis and actions taken to remedy issues raised by risk management processes, and suggest improvements
• Evaluate risk exposures relating to the organisation’s governance, operations and information systems
• Communicate with senior management and Board on risk-related issues that may indicate weakness in risk management practices.
• Facilitate review of strategic and business risk issues and assess risk governance framework
• Organisation’s risk profile
• Organisational objectives and mission
• Risk management framework, such as COSO ERM Framework or ISO30001
• Risk governance framework including setting of risk appetite and tolerance
Financial Statements Analysis  Review characteristics of financial statements
 Calculate key ratios from a company’s financial statements
 Understand implications of key ratios from a company’s financial statements
 Appreciate major components of a financial balance sheet
• Relevant accounting terminology, treatment and standards
• How key business processes relate to financial statements
Fraud Risk Management • Evaluate situations that increase probability of fraud occurrence
• Coach staff to be alert to opportunities that could allow fraud, such as control deficiencies
• Evaluate whether management is actively overseeing the fraud risk management programs
• Red flags indicating fraud
• Types of fraud and common concealment activities
• Elements of an effective fraud risk management programme
• Organisation’s business, internal controls framework and financial processes
Governance • Evaluate design and operational effectiveness of governance framework for addressing governance risks
• Engage the board and senior management on governance best practices and issues.
• Articulate the benefits of good governance structure to influence adoption by senior management and the board
• Regulatory requirements and guidelines, including code of corporate governance, companies act, Singapore Exchange (SGX) listing manual
• Governance framework
• Best corporate governance practices
Internal Controls • Assess the internal control framework
• Assess the adequacy and effectiveness of controls
• Evaluate the implications of organisational changes, operational changes and changes in business strategy using appropriate internal control framework
• Advise board and senior management on improvement initiatives to improve controls
• Internal control framework
• Organisation’s business and processes
• Financial and operational information
• Organisation’s strategic objectives
Cyber Security • Associate potential cyber security risks and threats with area of work
• Adhere to the organisation's policies and procedures to protect confidentiality and integrity of information
• Set policies and procedures for when cyber security related issues require escalation to relevant team members
• Articulate when additional cyber security resources are needed to mitigate risks
• Organisation's cyber security policies and procedures
• Areas prone to cyber security threats
• Cyber security developments
Digital Technology Environment Scanning • Analyse the operating needs of the organisation 
• Identify suitable IT solutions for the organisation
• Identify emerging IT trends
• Assess the level of impact of IT developments on the organisation and the overall disruption to the industry 
• Technological developments and trends
• Emerging technological trends such as block chain, machine learning, artificial intelligence, robotic process automation, and digital currency 
• Relevant current regulations and any impending legislative changes
Data Analytics • Lead the implementation of the data science strategy, procedures and metrics to support requirements
• Analyse and interpret financial and non-financial data, including big data
• Identify and evaluate significant features of performance, including both financial and non-financial relevant performance indicators
• Synthesise critical findings and insights within the business context to make inferences and business decisions
• Highlight inconsistencies in information through analysis and the application of knowledge
• Exploit technologies, such as big data tools, cloud resources, and smart software, to improve backward-looking and forward-looking analysis
• Data management cycle 
• Data governance
• Industry best practices and successful case studies
• Evolving field of analytics and its potential to support business growth
• Predictive analytics as an enabler to forecast future performance and perform stress testing on business lines
• Visual analytics tools 
Infocomm Security and Data Privacy • Review sufficiency of control testing performed and evidence collated to support the findings 
• Assess the effectiveness of the IT governance frameworks
• Assess the adequacy and timeliness of significant risk items being escalated to senior management
• IT governance frameworks
• Information management systems and processes 
• Global Technology Audit Guide (GTAG)
• Organisation’s IT, information security and data privacy policies and procedures
Risk Management • Analyse a range of risks, which can be qualitative, semi-quantitative or quantitative
Recommend mitigating strategies and implement structures and processes to control risks
Articulate the impact of cultural differences on risk appetite and risk management strategies
Assess uncertainties that remained after controls are implemented
Act as an integrator and navigator for the organisation by applying a systems thinking approaches to implementing governance processes
Implement effective management and information systems to support governance and risk infrastructures
• Enterprise risk management
• Evolving methodologies for risk management which should be incorporated into risk and control function
Auditor Independence • Ascertain effectiveness of safeguards applied and ensure that risk of threats are reduced to an acceptable level such that independence is not compromised.
• Evaluate that the organisation maintains independence in appearance and of mind
• Relevant ethics pronouncements or code of professional conduct and ethics
• Conceptual framework approach to independence
• Ethical threats 
• Safeguards against risks of ethical threats
Professional and Business Ethics • Promote ethics and values within the organisation
• Demonstrate compliance and application of ethical values as role model
• Assess effectiveness of safeguards applied to eliminate or reduce identified threats of unethical behaviour
• Advise on additional safeguards applied to support ethical climate
• Exercise due professional care
• Investigate ethical issues and propose measures for resolution
• Role of accounting and accountants in providing information about the social and environmental performance of an organisation 
• Ethical threat risk mitigation strategies
Professional Standards • Ensure the department complies with the relevant professional standards
• Implement procedures to maintain confidentiality and independence where applicable 
• Review professional conduct of personnel within the department to identify breaches in professional standards
• Department policies and procedures for reviewing and reporting on adherence to professional standards
• Relevant professional standard
Decision Making Make decision in a complex setting to achieve intended goals using a structured process and multiple sources of available information.  
Developing People Provide coaching to others to develop their skills and knowledge on their jobs to enhance performance.  
Leadership Lead by example at organisational level. Inspire, motivate and guide others to adopt a point of view, make changes or take action. Cultivate an open, cooperative and collaborative learning culture for the organisation.  
Resource Management

Establish strategies for the allocation and deployment of resources efficiently and effectively.

Sense Making Analyse data relationships, patterns and trends to gain important insights and make informed decisions.  


Back to Training Roadmap