SAQA

All qualifications and part qualifications registered on the National Qualifications Framework are public property. Thus the only payment that can be made for them is for service and reproduction. It is illegal to sell this material for profit. If the material is reproduced or quoted, the South African Qualifications Authority (SAQA) should be acknowledged as the source.

SOUTH AFRICAN QUALIFICATIONS AUTHORITY

REGISTERED QUALIFICATION:

Occupational Certificate: Internal Auditor (ICT Internal Auditor)

SAQA QUAL ID	QUALIFICATION TITLE
101405	Occupational Certificate: Internal Auditor (ICT Internal Auditor)
ORIGINATOR
The Institute of Internal Auditors SA
PRIMARY OR DELEGATED QUALITY ASSURANCE FUNCTIONARY			NQF SUB-FRAMEWORK
-			OQSF - Occupational Qualifications Sub-framework
QUALIFICATION TYPE	FIELD		SUBFIELD
Occupational Certificate	Field 03 - Business, Commerce and Management Studies		Finance, Economics and Accounting
ABET BAND	MINIMUM CREDITS	PRE-2009 NQF LEVEL	NQF LEVEL	QUAL CLASS
Undefined	130	Not Applicable	NQF Level 07	Regular-ELOAC
REGISTRATION STATUS		SAQA DECISION NUMBER	REGISTRATION START DATE	REGISTRATION END DATE
Reregistered		EXCO 0425/24	2018-07-01	2025-12-30
LAST DATE FOR ENROLMENT		LAST DATE FOR ACHIEVEMENT
2026-12-30		2029-12-30

In all of the tables in this document, both the pre-2009 NQF Level and the NQF Level is shown. In the text (purpose statements, qualification rules, etc), any references to NQF Levels are to the pre-2009 levels unless specifically stated otherwise.

This qualification does not replace any other qualification and is not replaced by any other qualification.

PURPOSE AND RATIONALE OF THE QUALIFICATION

Purpose:
The purpose of this qualification is to prepare a learner to operate as an Information and Communication Technology (ICT) Internal Auditor. An ICT Internal Auditor executes ICT engagements under supervision of an Internal Audit Professional in accordance with the International Professional Practices Framework (IPPF) and Information Systems Audit and Control Association (ISACA) Standards in order to meet specific engagement objectives. The objective of Information Communications Technology (ICT) auditing is to collect and evaluate evidence in order to ascertain whether an information system safeguards assets, maintains data integrity, achieves organisation goals effectively and consumes resources in an efficient manner.

A qualified learner will be able to:

Provide ICT audit services.

Provide assurance regarding ICT governance and management.

Provide assurance regarding the integrity of information systems acquisition, development and implementation processes.

Provide assurance regarding the integrity of ICT operations maintenance and support, and protection of ICT assets.

Rationale:
Information and Communication Technology (ICT) is increasingly dictating organisational performance. In the future all internal auditors will be required to have the capability to audit the ICT processes.

The Internal Audit function is acknowledged worldwide as an intrinsic part of good corporate governance in organisations, entities and government departments. In South Africa, legislation requires the establishment of an internal audit function in every public sector entity. A cornerstone of the South African National Development plan is clean government and zero tolerance for corruption and fraud. Over and above this requirement organisational efficiency is paramount to the success of our economy. The internal audit profession is critical for achieving this.

This Occupational Certificate will assist in providing the required number of people able to fulfil the internal audit role thereby helping government departments meet their legislative requirement in this regard and will contribute to the National economic development strategies. This qualification will enhance the existing qualifications and it will provide the required structure in practical and workplace learning. This Occupational Certificate will enable people working in internal audit to develop the required competencies to plan, implement, manage and advise on internal audits.

The qualification will acknowledge that a successful learner has attained the skills, knowledge and competencies equal to those of the highest and most prestigious, globally recognized internal audit certification. This qualification is confirmation to the market (the body of employers in all sectors), that the holder has attained globally recognised competencies which are based on the mastery of academic knowledge and its application in practical work situations.

LEARNING ASSUMED TO BE IN PLACE AND RECOGNITION OF PRIOR LEARNING

Recognition of Prior Learning (RPL):
RPL for access to the external integrated summative assessment: Accredited providers and approved workplaces must apply the internal assessment criteria specified in the related curriculum document to establish and confirm prior learning. Accredited providers and workplaces must confirm prior learning by issuing a statement of result or certifying a work experience record.

RPL for access to the qualification: Accredited providers and approved workplaces may recognise prior learning against the relevant access requirements.

Entry Requirements:
Occupational Certificate: Internal Auditor, Level 7.

RECOGNISE PREVIOUS LEARNING?

QUALIFICATION RULES

This qualification is made up of the following compulsory Knowledge and Practical Skill Modules:

Knowledge Modules:

242211001-KM-01, ICT Audit Practice, Level 7, 41 Credits.
Total number of credits for Knowledge Modules: 41.

Practical Skill Modules:

242211001-PM-01, Plan and execute a risk-based Information and Communication Technology (ICT) audit in compliance with relevant audit standards to ensure that key audit areas are included, Level 7, 6 Credits.

242211001-PM-02, Provide assurance that the enterprise has the structure, policies, accountability mechanisms and monitoring practices in place to achieve the requirements of corporate governance of ICT, Level 7, 8 Credits.

242211001-PM-03, Provide assurance that the practices for the acquisition, development, testing and implementation of information systems meet the enterprises strategies and objectives, Level 7, 6 Credits.

242211001-PM-04, Provide assurance that the Information Technology (IT) service management practices will ensure the delivery of the level of services required to meet the enterprises objectives, Level 7, 24 Credits.
Total number of credits for Practical Skill Modules: 44.

This qualification also requires the following Work Experience Modules:

242211001-WM-01, Evaluate the process of providing ICT audit services, Level 7, 45 Credits.
Total number of credits for Work Experience Modules: 45.

EXIT LEVEL OUTCOMES

1. Conduct Information and Communication Technology (ICT) operational process efficiency audits covering the key ICT processes.
2. Audit ICT project management processes.
3. Interpret the ICT environment in relation to the organisational governance structures and report on the quality and adequacy of the ICT governance.
4. Draft ICT audit reports.

ASSOCIATED ASSESSMENT CRITERIA

Associated Assessment Criteria for Exit Level Outcome 1:

Maps/flowcharts of the operational processes are accurate and demonstrate all the processes and elements of the operation.

Working papers meet the international internal audit standards and cover all risks and weaknesses.

Reports and recommendations are feasible, relevant, and practical and will mitigate the identified risks in the short, medium and long term.

Associated Assessment Criteria for Exit Level Outcome 2:

The validity of the Information and Communication Technology (ICT) business case is described.

The level of alignment of the ICT project with the business case indicates all aspects of the project and measures the alignment with the business case.

Analysis of the project management philosophy indicates its relevance to the actual business environment.

The project progress is mapped against the environment.

All project deviations are identified and appropriate actions are defined to ensure that the project achieves overall objectives.

Associated Assessment Criteria for Exit Level Outcome 3:

Organisational environment is described accurately and reflects the current and potential operational dynamics.

All governance structures are described in terms of the quantity and quality of governance required.

All governance aspects are explained in terms of the relevant legislative requirements.

Organisational environment is described accurately and reflects the current and potential operational dynamics.

The root causes of all weaknesses are accurately defined.

Organisational strengths and leading practices are defined and accurately described.

Associated Assessment Criteria for Exit Level Outcome 4:

Report structure complies with International Professional Practices Framework (IPPF) requirements.

Evidence of all defects are listed and analysed.

Report is written in a language that is understandable to non-technical decision makers.

Recommendations are feasible, practical and relevant to the priority issues identified.

Integrated Assessment
Integrated Formative Assessment:
The skills development provider will use the curriculum to guide them on the stipulated internal assessment criteria and weighting. They will also apply the scope of practical skills and applied knowledge as stipulated by the internal assessment criteria. This formative assessment leads to entrance into the integrated external summative assessment.

Integrated Summative Assessment:
An external integrated summative assessment, conducted through the relevant Quality Council for Trades and Occupations (QCTO) Assessment Quality Partner is required for the issuing of this qualification. The external integrated summative assessment will focus on the Exit Level Outcomes and Associated Assessment Criteria.

INTERNATIONAL COMPARABILITY

The Certified Internal Auditor (CIA) is a globally recognised certification for internal auditors. It is the mark of competency and professionalism in internal auditing and over 140,000 people have been awarded the designation since its launch in 1973.

The content of the examinations and expected outcomes is set by the global structures of Institute of Internal Auditors (IIA) Incorporated United States of America (USA), and administered by affiliate organisations in more than 120 countries including South Africa.

The Institute for Internal Auditors in South Africa (IIA SA) designations are based on the IIA Inc. International Framework of Education developed by the Institute of Internal Auditors, Inc. in the USA. This framework is globally acknowledged in 98 countries. In the various participating countries programmes and/or qualifications are developed to deal with the uniqueness of the specific environments.

The Occupational Certificate: Internal Auditor (ICT) was compared to the unique programmes in the United Kingdom (UK) and USA.

United Kingdom:
To register for the certification and take exams, you must hold ONE of the following:

A Degree:
> Two years' post-secondary education (such as A-levels) and two years' experience in internal audit.
> Four years' experience in internal audit.

Upon registration for the CIA examination learners are issued with learning material and they can also participate in online programmes and short courses and seminars.

In the UK there are currently no formal qualifications for Internal Auditors.

United States of America (USA):
The USA follows the same pattern as in the UK and the rest of the world. Institutions require work experience and then provide tuition and coaching in order to complete the CIA examination.

Conclusion:
South Africa seems to be the only country where formal qualifications for internal auditing have been crafted. The content of the Occupational Certificate: Internal Auditor, covers all the learning required for the CIA examination and additional content has been included to ensure that learners with a wide range of backgrounds can be fast tracked through the qualification. There are no internationally comparable qualifications for the ICT Auditor. In the rest of the world people with an ICT background and the CIA qualification is used for this purpose.

ARTICULATION OPTIONS

Horizontal articulation is possible to:

Advanced Diploma in Business Management, Level 7, SAQA ID 67689.

Vertical Articulation:

Certificate: General Internal Auditing, Level 8, SAQA ID 20359.

MODERATION OPTIONS

N/A

CRITERIA FOR THE REGISTRATION OF ASSESSORS

N/A

NOTES

Qualifying for external assessment:
In order to qualify for an external assessment, learners must provide proof of completion of all required modules by means of statements of results and work experience.

Additional legal or physical entry requirements:
None.

Criteria for the accreditation of providers:
Accreditation of providers will be done against the criteria as reflected in the relevant curriculum on the Quality Council for Trades and Occupations (QCTO) website.

The curriculum title and code is: ICT Internal Auditor, 242211001.

This qualification encompasses the following trades as recorded on the NLRD:

This is not a trade qualification.

Part Qualifications:
None.

LEARNING PROGRAMMES RECORDED AGAINST THIS QUALIFICATION:

NONE

PROVIDERS CURRENTLY ACCREDITED TO OFFER THIS QUALIFICATION:

This information shows the current accreditations (i.e. those not past their accreditation end dates), and is the most complete record available to SAQA as of today. Some Primary or Delegated Quality Assurance Functionaries have a lag in their recording systems for provider accreditation, in turn leading to a lag in notifying SAQA of all the providers that they have accredited to offer qualifications and unit standards, as well as any extensions to accreditation end dates. The relevant Primary or Delegated Quality Assurance Functionary should be notified if a record appears to be missing from here.

NONE