A. Conduct Engagements (25-35%) (P)

  1. Research and apply appropriate standards: 
    a.  IIA Professional Practices Framework (Code of Ethics, Standards, 
         Practice Advisories)
    b.  Other professional, legal, and regulatory standards
  2. Maintain an awareness of the potential for fraud when conducting an engagement
    a.  Notice indicators or symptoms of fraud
    b.  Design appropriate engagement steps to address significant risk
         of fraud
    c.  Employ audit tests to detect fraud
    d.  Determine if any suspected fraud merits investigation
  3. Collect data
  4. Evaluate the relevance, sufficiency, and competence of evidence
  5. Analyze and interpret data
  6. Develop work papers
  7. Review work papers
  8. Communicate interim progress
  9. Draw conclusions
  10. Develop recommendations when appropriate
  11. Report engagement results
    a.  Conduct exit conference
    b.  Prepare report or other communication
    c.  Approve engagement report
    d.  Determine distribution of report
    e.  Obtain management response to report
  12. Conduct client satisfaction survey
  13. Complete performance appraisals of engagement staff
 
B. Conduct Specific Engagements (25-35%) (P)
  1. Conduct assurance engagements
    a.  Fraud investigation
         1)  Determine appropriate parties to be involved with investigation
         2)  Establish facts and extent of fraud (e.g., interviews, interrogations
              and data analysis)
         3)  Report outcomes to appropriate parties
         4)  Complete a process review to improve controls to prevent fraud
              and recommend changes
    b.  Risk and control self-assessment
         1)  Facilitated approach
              (a)  Client-facilitated
              (b)  Audit-facilitated
         2)  Questionnaire approach
         3)  Self-certification approach
    c.  Audits of third parties and contract auditing
    d.  Quality audit engagements
    e.  Due diligence audit engagements
    f.   Security audit engagements
    g.   Privacy audit engagements
    h.   Performance (key performance indicators) audit engagements
    i.   Operational (efficiency and effectiveness) audit engagements
    j.   Financial audit engagements
    k.   Information technology (IT) audit engagements
          1)  Operating systems
               (a)  Mainframe
               (b)  Workstations
               (c)  Server
          2)  Application development
               (a)  Application authentication
               (b)  Systems development methodology
               (c)  Change control
               (d)  End user computing
          3)  Data and network communications/connections (e.g., LAN, VAN,
               and WAN)
          4)  Voice communications
          5)  System security (e.g., firewalls, access control)
          6)  Contingency planning
          7)  Databases
          8)  Functional areas of IT operations (e.g., data center operations)
          9)  Web infrastructure
          10) Software licensing
          11) Electronic funds transfer (EFT)/Electronic data interchange (EDI)
          12) e-Commerce
          13) Information protection (e.g., viruses, privacy)
          14) Encryption
          15) Enterprise-wide resource planning (ERP) software (e.g., SAP R/3)
    l.  Compliance audit engagements
  2. Conduct consulting engagements
     a.  Internal control training
     b.  Business process review
     c.  Benchmarking
     d.  Information technology (IT) and systems development
     e.  Design of performance measurement systems 
 
C. Monitor Engagement Outcomes (5-15%) (P)
  1. Determine appropriate follow-up activity by the internal audit activity
  2. Identify appropriate method to monitor engagement outcomes
  3. Conduct follow-up activity
  4. Communicate monitoring plan and results
 
D. Fraud Knowledge Elements (5-15%)
  1. Discovery sampling (A)
  2. Interrogation techniques (A)
  3. Forensic auditing (A)
  4. Use of computers in analyzing data (P)
  5. Red flag (P)
  6. Types of fraud (P)
 
E. Engagement Tools (15-25%)
  1. Sampling (A)
    a.  Nonstatistical (judgmental)
    b.  Statistical 
  2. Statistical analyses (process control techniques) (A)
  3. Data gathering tools (P)
    a.  Interviewing
    b. Questionnaires
    c. Checklists
  4. Analytical review techniques (P)
    a.  Ratio estimation
    b.  Variance analysis (e.g., budget vs. actual)
    c.  Other reasonableness tests
  5. Observation (P)
  6. Problem solving (P)
  7. Risk and control self-assessment (CSA) (A)
  8. Computerized audit tools and techniques (P)
    a.  Embedded audit modules
    b.  Data extraction techniques
    c.  Generalized audit software (e.g., ACL, IDEA)
    d.  Spreadsheet analysis
    e.  Automated work papers (e.g., Lotus Notes, Auditor Assistant)
  9. Process mapping including flowcharting (P)
P=Candidates must exhibit proficiency (thorough understanding and ability to apply concepts) in these topic areas.
A=Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these topic areas.
 
© 2011 The Institute of Internal Auditors / 247 Maitland Avenue Altamonte Springs, FL. 32701-4201 USA / +1-407-937-1100 / FAX +1-407-937-1101 • www.theiia.org