| Competency Area |
The abilities I need to demonstrate in my role: |
The knowledge I need to attain to perform my role: |
| Business Acumen |
- Assess the relevance of global developments on business processes
- Assess the relevance of regulatory and legal requirements to business processes
- Identify risks associated with Infocomm Technology
|
- Industry specific knowledge relevant to the organisation
- Markets, competitors and business models in the industry
- Regulatory and legal environment in which the organisation operates
- Latest global developments, regulatory and legal requirements
|
| Business Process Analysis |
- Document the business processes using narrative and flowcharts
- Identify gaps in design of the business processes
- Communicate gaps to business process owner and provide suggestions for improvements
|
- Risks and controls analysis
- Industry knowledge
- Working paper documentation
|
| Business Innovation and Improvement |
- Apply solution-focused methodologies to solve problems
- Apply design principles in the organisation
- Draw on logic, imagination and systematic reasoning to explore possibilities to transform and grow businesses
- Identify problems, and plan targeted improvements and innovation
- Seek and justify opportunities for continuous improvement and innovation
- Apply agile methodology in projects
|
- Updates on available, applicable and appropriate technologies
- Design frameworks and models
- Tools for continuous innovation and process improvement
- Concepts, competencies for continuous innovation and process improvement
- Agile methodology
|
| IA Engagement Execution |
- Apply audit procedures according to the audit engagement plan
- Apply audit methodologies and carry out audit procedures
- Apply due professional care in execution of audit procedures
- Ensure that engagement deadlines and objectives are met
- Select and apply the appropriate tools and techniques to information gathering and analysis
- Obtain reliable, relevant and sufficient evidence
- Develop working papers that truly reflect all activities performed during the audit engagement
- Identify preliminary key observations, findings, risk responses and recommendations in clear and concise manner
|
- Internal Audit Framework or International Professional Practices Framework
- Types of controls and controls assessment techniques
- Risks and risks responses to mitigate risks
- Internal control and risk management frameworks such as Committee of Sponsoring Organisations of the Treadway Commission (COSO) Internal Control, COSO Enterprise Risk Management (ERM) Frameworks and ISO31000
- Industry knowledge specific to the engagement or organisation
- Organisation, design and content of engagement working papers
- Root cause analysis
- Good control practices and industry best practices
|
| IA Engagement Planning |
- Conduct preliminary survey and risk assessment to understand the audit environment, including key business risks and controls
- Determine audit areas to address the risks identified
- Develop work programmes
- Revise audit programmes based on risks identified
|
- International Professional Practices Framework (IPPF) comprising definitions of Internal Auditing, Code of Ethics, core principles and International Standards for the Professional Practice of Internal Auditing
- Organisation's significant risks, objectives, resources, operations, businesses and structure
- Internal audit methodology and procedures of the organisation
- Risk identification and assessment techniques
|
| Information Gathering and Analysis |
- Use data analysis in the planning process to provide insights to better design tests to address risks in the process
- Use analytics to identify trends, exceptions and insight
- Interpret findings to obtain business insights
- Present insights of business performance and trends for business considerations
|
- Data mining and analytics
- Data Governance
- Statistical analysis
- Business intelligence tools
- Organisation's business and environment
- Risk and control environment
|
| Project Execution and Control |
- Apply appropriate costing methods to the projects
- Prepare analyses and reports to manage costs and inform decision-making
- Prepare analyses and reports to aid in risk management
|
- Organisation's business
- Costing methods
- Risk assessment and management
|
| Due Professional Care |
- Apply due professional care in conduct of audit
- Identify the extent of work needed to achieve the engagement’s objectives, including consideration of the relative complexity, materiality and significance of the matters concerned
- Apply professional scepticism in the conduct of audits
- Identify conditions and circumstances that may indicate possible fraud
- Identify conditions and circumstances that may suggest the need for additional procedures
|
- International Professional Practices Framework (IPPF)
- Due professional care considerations and requirements
- Extent of work needed to achieve engagement's objectives
- Probability of significant errors, irregularities, or non-compliance
- Relative complexity, materiality or significance of matters to which assurance procedures are applied
- Professional scepticism
|
| Enterprise Risk Management |
- Identify risks that the organisation is exposed on aspects of governance, operations and information systems
- Obtain information on business strategies, risk management philosophy and methodology, appetite for risk, and acceptance of risks
- Conduct interviews with management to determine business unit objectives, related risks, risk mitigation and control monitoring activities
- Identify the reporting lines for risk monitoring activities and timeliness of reporting of risk management results
|
- Organisational objectives and mission
- Risk management framework, such as COSO ERM Framework or ISO30001
|
| Financial Statement Analysis |
- Review characteristics of financial statements
- Calculate key ratios from a company’s financial statements
- Understand implications of key ratios from a company’s financial statements
- Appreciate major components of a financial balance sheet
|
- Relevant accounting terminology, treatment and standards
- How key business processes relate to financial statements
|
| Fraud Risk Management |
- Identify red flags indicating that fraud may have been committed
|
- Red flags indicating fraud
- Types of fraud and common concealment activities
|
| Governance |
- Identify the governance processes, i.e. processes and structures implemented by the board to inform, direct, manage and monitor the activities of the organisation
- Identify the relationships among governance, risk, and control
|
- Regulatory requirements and guidelines, including code of corporate governance
- Governance framework
- Best corporate governance practices
|
| Internal Controls |
- Obtain sufficient evidence about major control processes operating across the organisation
- Identify key controls and conduct tests for operating effectiveness of key controls within the processes under review
- Identify control gaps and significant discrepancies or weaknesses not addressed
|
- Regulatory requirements and guidelines, including code of corporate governance
- Governance framework
- Best corporate governance practices
|
| Cybersecurity |
- Identify potential risks and threats associated with cyber security, such as viruses, hacking, and identity theft
- Protect personal and business information from cyber security threats
- Interpret cyber security threats that require escalation to relevant team members
|
- Cyber security threats
- Areas prone to cyber security threats
- Best practices to safeguard against threats
|
| Data Analytics |
- Generate reports on trends to aid management decision making
- Generate reports on risks to aid management decision making
- Distil data to determine patterns, provide information and anticipate future outcomes
- Support data-driven tactical and strategic decision-making
- Align the outputs or reports of corporate information systems with the changing needs of those reading and using the reports, to improve support of activities such as benchmarking, decision-making and planning
- Use business intelligence tools
- Define research objectives for data analytic activities
- Review data to ensure that planning parameter are captured in extracted datasets
|
- Data management cycle
- Data governance
- Data sources and extraction methods
- Data analytics and business intelligence tools
- Data interpretation tools and trend analysis techniques
- Gaps between needs and existing data models
|
| Infocomm Security and Data Privacy |
- Identify potential risks and threats associated with IT systems, information security and data privacy
- Identify and conduct testing of IT general controls
- Identify tasks with conflict of interest that need to be segregated
- Review organisation structure to highlight weakness
|
- Concepts of IT security and data privacy
- Linkage between IT risks and controls
- Objectives of general and application controls.
- Organisation’s data protection policies and frameworks
- IT, information security and data privacy threats
- Areas prone to IT, information security and data privacy threats
- Best practices to safeguard against threats
|
| Risk Management |
- Analyse risks and uncertainties contributing to risk assessment
- Define, develop and implement proportionate risk management policies, guidelines, and procedures
- Identify potential risks arising from social and digital platforms including social media reputational risks
|
- Organisation’s risk management policies
- Organisation’s risk management guidelines
- Organisation’s risk management procedures
- Social and digital platforms
|
| Auditor Independence |
- Identify risk of threats which may impair independence
- Apply the conceptual framework approach to maintain independence
|
- Relevant ethics pronouncements or code of professional conduct and ethics
- Conceptual framework approach to independence
- Ethical threats
|
| Professional and Business Ethics |
- Uphold and comply with relevant ethics pronouncements or code of professional conduct and ethics during performance of individual duties and responsibilities
- Identify threats to compliance with the principles of the relevant code of professional conduct and ethics
- Resolve ethical dilemmas through understanding of ethical principles when engaging clients
- Demonstrate sound judgment in applying and upholding high ethical standards expected of accountancy practitioners
|
- Ethics frameworks
- Ethical principles
- Relevant ethics pronouncements
- Relevant code of professional conduct and ethics
|
| Professional Standards |
- Identify professional standards relevant to scope of work
- Comply with the relevant professional standards during performance of individual duties and responsibilities
|
- Department and organisational policies governing professional standards
- Current developments in practice and legislation
- Emerging trends and developments of the profession
|
| Communication |
Comply with the relevant professional standards during performance of individual duties and responsibilities |
|
| Digital Literacy |
Use available software features to create and edit documents, customise templates and reports and evaluate online information. |
|
| Interpersonal Skills |
Detect and decipher emotions of others to manage interpersonal relationships in social situations. |
|
| Sense Making |
Identify relationships and linkages within different components of data. |
|
| Teamwork |
Contribute to a positive and cooperative working environment by fulfilling own responsibilities and providing support to co-workers to achieve team goals. |
|
