Home > Training, Events and Conferences > Training Overview > Internal Auditor/Senior Internal Auditor Job Role
Internal Auditor/Senior Internal Auditor Job Role
Click on any of the below competency area to view the relevant courses
Competency Area | The abilities I need to demonstrate in my role: | The knowledge I need to attain to perform my role: |
Business Acumen |
• Assess the relevance of global developments on business processes
• Assess the relevance of regulatory and legal requirements to business processes • Identify risks associated with Infocomm Technology |
• Industry specific knowledge relevant to the organisation • Markets, competitors and business models in the industry • Regulatory and legal environment in which the organisation operates • Latest global developments, regulatory and legal requirements |
Business Process Analysis |
• Document the business processes using narrative and flowcharts |
• Risks and controls analysis • Industry knowledge • Working paper documentation |
Business Innovation and Improvement | • Apply solution-focused methodologies to solve problems • Apply design principles in the organisation • Draw on logic, imagination and systematic reasoning to explore possibilities to transform and grow businesses • Identify problems, and plan targeted improvements and innovation • Seek and justify opportunities for continuous improvement and innovation • Apply agile methodology in projects |
• Updates on available, applicable and appropriate technologies • Design frameworks and models • Tools for continuous innovation and process improvement • Concepts, competencies for continuous innovation and process improvement • Agile methodology |
IA Engagement Execution | • Apply audit procedures according to the audit engagement plan • Apply audit methodologies and carry out audit procedures • Apply due professional care in execution of audit procedures • Ensure that engagement deadlines and objectives are met • Select and apply the appropriate tools and techniques to information gathering and analysis • Obtain reliable, relevant and sufficient evidence • Develop working papers that truly reflect all activities performed during the audit engagement • Identify preliminary key observations, findings, risk responses and recommendations in clear and concise manner |
• Internal Audit Framework or International Professional Practices Framework • Types of controls and controls assessment techniques • Risks and risks responses to mitigate risks • Internal control and risk management frameworks such as Committee of Sponsoring Organisations of the Treadway Commission (COSO) Internal Control, COSO Enterprise Risk Management (ERM) Frameworks and ISO31000 • Industry knowledge specific to the engagement or organisation • Organisation, design and content of engagement working papers • Root cause analysis • Good control practices and industry best practices |
IA Engagement Planning | • Conduct preliminary survey and risk assessment to understand the audit environment, including key business risks and controls • Determine audit areas to address the risks identified • Develop work programmes • Revise audit programmes based on risks identified |
• International Professional Practices Framework (IPPF) comprising definitions of Internal Auditing, Code of Ethics, core principles and International Standards for the Professional Practice of Internal Auditing • Organisation's significant risks, objectives, resources, operations, businesses and structure • Internal audit methodology and procedures of the organisation • Risk identification and assessment techniques |
Information Gathering and Analysis | • Use data analysis in the planning process to provide insights to better design tests to address risks in the process • Use analytics to identify trends, exceptions and insight • Interpret findings to obtain business insights • Present insights of business performance and trends for business considerations |
• Data mining and analytics • Data Governance • Statistical analysis • Business intelligence tools • Organisation's business and environment • Risk and control environment |
Project Execution and Control |
• Apply appropriate costing methods to the projects
• Prepare analyses and reports to manage costs and inform decision-making • Prepare analyses and reports to aid in risk management |
• Organisation's business
• Costing methods • Risk assessment and management |
Due Professional Care | • Apply due professional care in conduct of audit • Identify the extent of work needed to achieve the engagement’s objectives, including consideration of the relative complexity, materiality and significance of the matters concerned • Apply professional scepticism in the conduct of audits • Identify conditions and circumstances that may indicate possible fraud • Identify conditions and circumstances that may suggest the need for additional procedures |
• International Professional Practices Framework (IPPF) • Due professional care considerations and requirements • Extent of work needed to achieve engagement's objectives • Probability of significant errors, irregularities, or non-compliance • Relative complexity, materiality or significance of matters to which assurance procedures are applied • Professional scepticism |
Enterprise Risk Management | • Identify risks that the organisation is exposed on aspects of governance, operations and information systems • Obtain information on business strategies, risk management philosophy and methodology, appetite for risk, and acceptance of risks • Conduct interviews with management to determine business unit objectives, related risks, risk mitigation and control monitoring activities • Identify the reporting lines for risk monitoring activities and timeliness of reporting of risk management results |
• Organisational objectives and mission • Risk management framework, such as COSO ERM Framework or ISO30001 |
Financial Statement Analysis | • Review characteristics of financial statements • Calculate key ratios from a company’s financial statements • Understand implications of key ratios from a company’s financial statements • Appreciate major components of a financial balance sheet |
• Relevant accounting terminology, treatment and standards • How key business processes relate to financial statements |
Fraud Risk Management | • Identify red flags indicating that fraud may have been committed | • Red flags indicating fraud • Types of fraud and common concealment activities |
Governance | • Identify the governance processes, i.e. processes and structures implemented by the board to inform, direct, manage and monitor the activities of the organisation • Identify the relationships among governance, risk, and control |
• Regulatory requirements and guidelines, including code of corporate governance • Governance framework • Best corporate governance practices |
Internal Controls | • Obtain sufficient evidence about major control processes operating across the organisation • Identify key controls and conduct tests for operating effectiveness of key controls within the processes under review • Identify control gaps and significant discrepancies or weaknesses not addressed |
• Concepts of risks and internal controls • Organisation’s business and processes • Financial and operational information • Objectives of individual control steps |
Cybersecurity | • Identify potential risks and threats associated with cyber security, such as viruses, hacking, and identity theft • Protect personal and business information from cyber security threats • Interpret cyber security threats that require escalation to relevant team members |
• Cyber security threats • Areas prone to cyber security threats • Best practices to safeguard against threats |
Data Analytics | • Generate reports on trends to aid management decision making • Generate reports on risks to aid management decision making • Distil data to determine patterns, provide information and anticipate future outcomes • Support data-driven tactical and strategic decision-making • Align the outputs or reports of corporate information systems with the changing needs of those reading and using the reports, to improve support of activities such as benchmarking, decision-making and planning • Use business intelligence tools • Define research objectives for data analytic activities • Review data to ensure that planning parameter are captured in extracted datasets |
• Data management cycle • Data governance • Data sources and extraction methods • Data analytics and business intelligence tools • Data interpretation tools and trend analysis techniques • Gaps between needs and existing data models |
Infocomm Security and Data Privacy | • Identify potential risks and threats associated with IT systems, information security and data privacy • Identify and conduct testing of IT general controls • Identify tasks with conflict of interest that need to be segregated • Review organisation structure to highlight weakness |
• Concepts of IT security and data privacy • Linkage between IT risks and controls • Objectives of general and application controls. • Organisation’s data protection policies and frameworks • IT, information security and data privacy threats • Areas prone to IT, information security and data privacy threats • Best practices to safeguard against threats |
Risk Management | • Analyse risks and uncertainties contributing to risk assessment • Define, develop and implement proportionate risk management policies, guidelines, and procedures • Identify potential risks arising from social and digital platforms including social media reputational risks |
• Organisation’s risk management policies • Organisation’s risk management guidelines • Organisation’s risk management procedures • Social and digital platforms |
Auditor Independence | • Identify risk of threats which may impair independence • Apply the conceptual framework approach to maintain independence |
• Relevant ethics pronouncements or code of professional conduct and ethics • Conceptual framework approach to independence • Ethical threats |
Professional and Business Ethics | • Uphold and comply with relevant ethics pronouncements or code of professional conduct and ethics during performance of individual duties and responsibilities • Identify threats to compliance with the principles of the relevant code of professional conduct and ethics • Resolve ethical dilemmas through understanding of ethical principles when engaging clients • Demonstrate sound judgment in applying and upholding high ethical standards expected of accountancy practitioners |
• Ethics frameworks • Ethical principles • Relevant ethics pronouncements • Relevant code of professional conduct and ethics |
Professional Standards | • Identify professional standards relevant to scope of work • Comply with the relevant professional standards during performance of individual duties and responsibilities |
• Department and organisational policies governing professional standards • Current developments in practice and legislation • Emerging trends and developments of the profession |
Communication |
Comply with the relevant professional standards during performance of individual duties and responsibilities |
|
Digital Literacy | Use available software features to create and edit documents, customise templates and reports and evaluate online information. | |
Interpersonal Skills |
Detect and decipher emotions of others to manage interpersonal relationships in social situations. |
|
Sense Making | Identify relationships and linkages within different components of data. | |
Teamwork | Contribute to a positive and cooperative working environment by fulfilling own responsibilities and providing support to co-workers to achieve team goals. |