Professional Documents
Culture Documents
The Institute of Internal Auditors (IIA) has developed this document to assist Certified Internal Auditor (CIA) program candidates in understanding the realignment of content from the current four-part exam to a three-part exam expected to launch mid-2013. The key below will be useful in understanding which content has transitioned to a new part, has been removed or added, or has changed knowledge level on the exam. Items in black have been transitioned to the new exam format within the same numbered part. Items that are no longer tested appear in red with a strike-through mark. Newly added items are indicated by blue font. P is used to indicate that the item is tested on the exam at the Proficiency knowledge level on the three-part exam. P* indicates that this item was previously tested at the Awareness knowledge level. Items colored in orange indicate the content has shifted to the new Part 1. Items colored in green indicate the content has shifted to the new Part 2. Items colored in purple indicate the content has shifted to the new Part 3. A is used to indicate that the item is tested on the exam at the Awareness knowledge level on the three-part exam. A* indicates that this item was previously tested at the Proficiency knowledge level.
2012 Part 1 The Internal Audit Activity's Role in Governance, Risk and Control
A. Comply with The IIA's Attribute Standards (15-25%)
1. Define purpose, authority, and responsibility of the internal audit activity a. Determine if the purpose, authority, and responsibility of the internal audit activity are clearly documented and approved b. Determine if the purpose, authority, and responsibility of the internal audit activity are communicated to the engagement clients c. Demonstrate an understanding of the purpose, authority, and responsibility of the internal audit activity Maintain independence and objectivity Foster independence 1) Understand organizational independence 2) Recognize the importance of organizational independence 3) Determine if the internal audit activity is properly aligned to achieve organizational independence b. Foster objectivity 1) Establish policies to promote objectivity 2) Assess individual objectivity 3) Maintain individual objectivity 4) Recognize and mitigate impairments to independence and objectivity Determine if the required knowledge, skills, and competencies are available a. Understand the knowledge, skills, and competencies that an internal auditor needs to possess b. Identify the knowledge, skills, and competencies required to fulfill the responsibilities of the internal audit activity Develop and/or procure necessary knowledge, skills and competencies collectively required by the internal audit activity Exercise due professional care Promote continuing professional development a. Develop and implement a plan for continuing professional development for internal audit staff b. Enhance individual competency through continuing professional development Promote quality assurance and improvement of the internal audit activity a. Establish and maintain a quality assurance and improvement program b. Monitor the effectiveness of the quality assurance and improvement program c. Report the results of the quality assurance and improvement program to the board or other governing body d. Conduct quality assurance procedures and recommend improvements to the performance of the internal audit activity Abide by and promote compliance with The IIA Code of Ethics a.
New Part
2.
3.
4. 5. 6.
7.
Part 2
8.
I I A
G l o b a l
H e a d q u a r t e r s / 2 4 7
M a i t l a n d
A v e n u e / A l t a m o n t e S p r i n g s , F L 3 2 7 0 1 / U S A w w w . g l o b a l i i a . o r g / c e r t i f i c a t i o n
Page 1
B. Establish a Risk-based Plan to Determine the Priorities of the Internal Audit Activity (15-25%)
1. 2. Establish a framework for assessing risk Use the framework to: a. Identify sources of potential engagements (e.g., audit universe, management request, regulatory mandate) b. Assess organization-wide risk c. Solicit potential engagement topics from various sources d. Collect and analyze data on proposed engagements e. Rank and validate risk priorities Identify internal audit resource requirements Coordinate the internal audit activity's efforts with: a. External auditor b. Regulatory oversight bodies c. Other internal assurance functions (e.g., health and safety department) Select engagements. a. Participate in the engagement selection process b. Select engagements c. Communicate and obtain approval of the engagement plan from board
New Part
Part 2 Part 2 Part 3 Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 Part 2
3. 4.
5.
New Part
Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 Removed Part 2 Part 2 Removed Removed Part 2 Part 2 Part 2 Part 2
P P A* P
New Part
2.
Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 Part 3 Part 3 Part 2 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3
3.
4.
I I A
G l o b a l
H e a d q u a r t e r s / 2 4 7
M a i t l a n d
A v e n u e / A l t a m o n t e S p r i n g s , F L 3 2 7 0 1 / U S A w w w . g l o b a l i i a . o r g / c e r t i f i c a t i o n
Page 2
New Part
New Part
Part 2
Removed
Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 Part 2 New New New
I I A
G l o b a l
H e a d q u a r t e r s / 2 4 7
M a i t l a n d
A v e n u e / A l t a m o n t e S p r i n g s , F L 3 2 7 0 1 / U S A w w w . g l o b a l i i a . o r g / c e r t i f i c a t i o n
Page 3
2.
3. 4. 5. 6. 7. 8. 9. 10. 11.
Part 1
12. 13.
New Part
I I A
G l o b a l
H e a d q u a r t e r s / 2 4 7
M a i t l a n d
A v e n u e / A l t a m o n t e S p r i n g s , F L 3 2 7 0 1 / U S A w w w . g l o b a l i i a . o r g / c e r t i f i c a t i o n
Page 4
b) Systems development methodology c) Change control d) End user computing 3) Data and network communications/connections (e.g., LAN, VAN, and WAN) 4) Voice communications 5) System security (e.g., firewalls, access control) 6) Contingency planning 7) Databases 8) Functional areas of IT operations (e.g., data center operations) 9) Web infrastructure 10) Software licensing 11) Electronic funds transfer (EFT)/Electronic data interchange (EDI) 12) e-Commerce 13) Information protection (e.g., viruses, privacy) 14) Encryption 15) Enterprise-wide resource planning (ERP) software (e.g., SAP R/3) l. Compliance audit engagements Conduct consulting engagements a. Internal control training b. Business process review c. Benchmarking d. Information technology (IT) and systems development e. Design of performance measurement systems
Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3
P P A* A* A* A* A* A* A* A* A* A* A* A* A* A* P P P P P P P
2.
New Part
New Part
Part 1
New Part
4.
5. 6. 7. 8.
Part 1 Part 1 Part 1 Part 1 Part 1 Part 1 Part 1 Part 1 Part 1 Part 1 Part 1 Part 1 Part 1 Removed Part 1 Part 1 Part 1 Part 1 Part 1
I I A
G l o b a l
H e a d q u a r t e r s / 2 4 7
M a i t l a n d
A v e n u e / A l t a m o n t e S p r i n g s , F L 3 2 7 0 1 / U S A w w w . g l o b a l i i a . o r g / c e r t i f i c a t i o n
Page 5
e. Automated work papers (e.g., Lotus Notes, Auditor Assistant) 9. Process mapping including flowcharting Build and maintain networking with other organization executives and the audit committee Organize and lead a team in mapping, analysis, and business process improvement Educate senior management and the board on best practices in governance, risk management, control, and compliance Assess the adequacy of the performance measurement system, achievement of corporate objective Formulate policies and procedures for the planning, organizing, directing, and monitoring of internal audit operations Direct administrative activities (e.g., budgeting, human resources) of the internal audit department Interview candidates for internal audit positions Report on the effectiveness of the internal control and risk management frameworks Plan engagement to assure identification of key risks & controls Construct audit staff schedule for effective use of time Direct / supervise individual engagements Nurture instrumental relations, build bonds, and work with others toward shared goals Coordinate work assignments among audit team members when serving as the auditor-in-charge of a project
Part 1 Part 1 New New New New New New New New New New New New New
P P P P P A P P P P P P P P P
I I A
G l o b a l
H e a d q u a r t e r s / 2 4 7
M a i t l a n d
A v e n u e / A l t a m o n t e S p r i n g s , F L 3 2 7 0 1 / U S A w w w . g l o b a l i i a . o r g / c e r t i f i c a t i o n
Page 6
A A*
Removed
New Part
New Part
New Part
Removed
I I A
G l o b a l
H e a d q u a r t e r s / 2 4 7
M a i t l a n d
A v e n u e / A l t a m o n t e S p r i n g s , F L 3 2 7 0 1 / U S A w w w . g l o b a l i i a . o r g / c e r t i f i c a t i o n
Page 7
New Part
Removed
I I A
G l o b a l
H e a d q u a r t e r s / 2 4 7
M a i t l a n d
A v e n u e / A l t a m o n t e S p r i n g s , F L 3 2 7 0 1 / U S A w w w . g l o b a l i i a . o r g / c e r t i f i c a t i o n
Page 8
2.
3.
4. 5.
Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Removed Removed
New Part
2.
Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 New Part
3. 4.
Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3
I I A
G l o b a l
H e a d q u a r t e r s / 2 4 7
M a i t l a n d
A v e n u e / A l t a m o n t e S p r i n g s , F L 3 2 7 0 1 / U S A w w w . g l o b a l i i a . o r g / c e r t i f i c a t i o n
Page 9
New Part
Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Part 3 Removed
E. Negotiating (5-15%)
1. 2. Conflict resolution a. Competitive/cooperative b. Compromise, forcing, smoothing, etc. Added-value negotiating a. Description b. Specific steps
New Part
I I A
G l o b a l
H e a d q u a r t e r s / 2 4 7
M a i t l a n d
A v e n u e / A l t a m o n t e S p r i n g s , F L 3 2 7 0 1 / U S A w w w . g l o b a l i i a . o r g / c e r t i f i c a t i o n
Page 10