Define the purpose, authority and responsibility of the internal audit activity.
Maintain independence and objectivity.
Determine if the required knowledge, skills and competencies are available for an assignment.
Develop or acquire the necessary knowledge and skills.
Exercise due professional care.
Promote continuing professional development.
Promote of quality assurance methods, activities and standards and an improvement in the internal audit activity.
Abide by and promote, The IIA Code of Ethics.
Establish and apply a framework for assessing risk in an organisation.
Identify internal audit resource requirements.
Coordinate Internal Audit activities with the external auditors, regulatory oversight bodies and internal assurance functions.
Obtain approval of the audit charter by the board.
Communicating the plan of engagements.
Report and discuss significant audit issues.
Communicate regularly with and report to the board on key performance indicators.
Support the board in enterprise-wide-risk assessment.
Review the positioning of the Internal Audit function within the risk management framework of the organization.
Monitor compliance with the corporate code of conduct/business practices.
Report on the effectiveness of the control framework.
Assist the board in assessing the independence of the external auditor.
Assess the ethical climate of the board and organization.
Assess compliance in specific areas, and the organization's reporting mechanisms to the board.
Conduct follow-up and report on management response to regulatory body reviews.
Conduct follow-up and report on management response to external audit.
Assess the adequacy of the performance management system and achievement of corporate objectives.
Support a culture of fraud awareness and the reporting of improprieties.
Promote, administer, implement and ensure compliance processes for ethics in the organization.
Develop and implement enterprise-wide risk and control frameworks, coordinate assessment, report to the board, and review the business continuity planning process.
Determine privacy and security vulnerabilities and report on compliance.
Understand, use and apply risk vocabulary, concepts, risk/control implications of different organizational structures, and risk management techniques.
Understand and use management control techniques and the various types of control - preventive, detective, input, output.
Understand corporate governance principles and alternative control frameworks.
Understand the risk/control implications of different leadership styles.
Understand change and conflict management.
Conduct of preliminary communication with the client.
Conduct a comprehensive survey of the area of engagement.
Plan implementation processes for the engagement.
Complete a detailed risk assessment.
Coordinate the engagement process with external audit and regulatory oversight bodies.
Establish/refine engagement objectives and scope.
Identify and/or develop criteria for assurance engagements.
Identify potential areas of fraud, red flag issues, types of fraud common to the area of engagement, and whether fraud risk requires special attention in the engagement.
Determine engagement procedures.
Determine the level of staff and other resources needed for the engagement.
Plan and supervise the engagement.
Compile the engagement work program.
Integrated assessment is performed on a continuous basis using a combination of formative and summative assessment techniques and tools both in the workplace and in the formal learning situation. A range of formative and summative assessment methods will be used to assess the ability of learners to apply theory and to combine theory and practice. The focus of assessment is on applied competence.
Assessment or recognition of the relevant workplace experience is by way of certificates of service or letters from employers confirming length and extent of relevant experience. Summative Assessment is done through a four-part examination conducted by the IIA Inc. (USA).
"Professional recognition credit" - exemption from Part 4 of the CIA examination - is accorded to holders of certain recognized professional qualifications such as ACCA and Chartered Accountants.