What competencies does The IIA standards require of every internal auditor?

Competency Area The abilities I need to demonstrate in my role: The knowledge I need to attain to perform my role: Business Acumen • Revise strategies as needed based on changes
• Shape organisations’ business strategies with inputs related to business
• Influence stakeholders to seek buy-in
• Manage associated risks of new opportunities  • Industry specific knowledge relevant to the organisation
• Organisation strategies
• Strategy development processes and considerations
• Global economic developments
• Regulatory and legal environment in which the organisation operates
• Technology trends and disruptors affecting businesses Business Process Analysis • Review the quality of business process analysis and process improvement recommendations
• Evaluate implications of process design improvement recommendations on organisation's strategic objectives
• Obtain buy-in of process owners to accept recommendations •  Committee of Sponsoring Organisations of the Treadway Commission (COSO)  Internal Controls framework, ISO31000 or its equivalent
• COSO ERM Framework or its equivalent
• Industry best practices
• Mission, vision, direction, strategic priorities and key initiatives of an organisation Business Innovation and Improvement • Create opportunities for improvement and innovation across the organisation
• Evaluate proposed ideas and fine-tune messaging
• Establish ways to implement changes across functional teams
• Evaluate initiatives and decide on project continuation and/or implementation
• Initiate and drive change management programmes across the accountancy function
• Develop mind-set shifts by acting as an advisor and advocating intended benefits of change to management
• Articulate needs for change and techniques to influence changes • Organisation and its business environment
• Organisational behaviours that resist changes and techniques to manage resistances
• Change management models
• Evolving and emerging trends and developments in domain knowledge
• Government policies and regulations IA Engagement Execution • Identify and escalate strategic implications to the organisation from audit engagement findings
• Evaluate that significant risk exposures and control issues, including fraud risk and governance issues are covered in the final engagement communication
• Resolve findings and issues with senior management
• Communicate objectively audit engagement results to senior management and board • International Professional Practices Framework
• Internal control and risk management frameworks such as Committee of Sponsoring Organisations of the Treadway Commission (COSO) Internal Control, COSO ERM Frameworks and ISO31000
• Economic, business and industry knowledge within which the organisation operates
• Organisation strategies and priorities
• Good control practices and industry best practices IA Engagement Planning • Evaluate completeness and relevance of risk assessments
• Review and approve audit engagement plans
• Evaluate the relevance and the prioritisation or focus of the audit plan and its alignment with IA and organisational strategies
• Assess that audit plan sufficiently covers the scope, addresses key risks and considers expectations of Senior Management and Board
• Establish key performance indicators to measure the progress and performance of each initiative against expectations • International  Professional Practices Framework (IPPF) comprising definition of Internal Auditing, Code of Ethics, core principles and International Standards for the Professional Practice of Internal Auditing
• Best practices in governance, risk and controls
• Enterprise risk management framework, including setting risk appetite
• Mission, vision, strategy and objectives of an organisation
• Audit strategy, audit universe and audit cycle IA Function Management • Establish internal audit (IA) audit charter including IA terms of reference and service delivery approach
• Review and adjust the internal audit team skills mix and diversity according to organisation's objectives and risks
• Lead and assess annual risk analysis to formulate risk based audit plan.
• Develop and implement a plan for professional and career development of IA staff
• Determine an adequate budget to support IA planned activities
• Establish clear performance standards for internal auditors and the internal audit function
• Establish appropriate appraisal system and conduct performance appraisal of IA teams
• Establish recruitment system that result in competent performers being hired
• Manage board, audit committees and senior management • International  Professional Practices Framework (IPPF), including Code of Ethics
• The Institute of Internal Auditors (IIA) Global Internal Audit Competency Framework
• Human resource management (including training and development, recruitment and retention, and performance appraisal)
• Coaching and mentoring
• Performance feedback and appraisal
• Budgeting and forecasting
• Success planning strategies
• Audit strategy IA Quality Assurance • Review the results of the assessment
• Establish a reporting structure for results of assessments that maintains appropriate credibility and objectivity
• Communicate results of QAIP to senior management and the board • International Standards for the Professional Practice of Internal Auditing
• Requirements and scope of QAIP (i.e. internal and external assessments) Information Gathering and Analysis • Evaluate business insights, assess the strategic implications and make appropriate recommendations
• Communicate high risks areas with process owners, Senior Management and Board
• Communicate opportunities to Senior Management and Board • Competitive analysis of business and operating environment
• Organisation's risks and controls environment
• Organisation's mission, vision, direction, strategic priorities and key initiatives
• Data communication techniques Due Professional Care • Monitor application of the "due professional care" Standard in performing audit activities
• Manage effect on objectives, operations or resources because of risks
• Communicate engagement results with stakeholders • Significant risks that might affect objectives, operations or resources
• Needs and expectations of stakeholders, including the nature, timing and communication of engagement results
• Relative complexity and extent of work needed to achieve the engagement's objectives
• Cost of the consulting engagement in relation to potential benefits
• Due professional care in the context of staffing the internal audit team Enterprise Risk Management • Assess the risk management and internal control systems are operational as intended
• Review the completeness of management’s risk analysis and actions taken to remedy issues raised by risk management processes, and suggest improvements
• Evaluate risk exposures relating to the organisation’s governance, operations and information systems
• Communicate with senior management and Board on risk-related issues that may indicate weakness in risk management practices.
• Facilitate review of strategic and business risk issues and assess risk governance framework • Organisation’s risk profile
• Organisational objectives and mission
• Risk management framework, such as COSO ERM Framework or ISO30001
• Risk governance framework including setting of risk appetite and tolerance Financial Statements Analysis • Review characteristics of financial statements
• Calculate key ratios from a company’s financial statements
• Understand implications of key ratios from a company’s financial statements
• Appreciate major components of a financial balance sheet • Relevant accounting terminology, treatment and standards
• How key business processes relate to financial statements Fraud RIsk Management • Evaluate fraud detection and reporting tools and measures
• Enhance staff’s appreciation and awareness of fraud detection and response strategy
• Train staff on awareness of fraud risks
• Evaluate adequacy of risk response strategy and practices to deter or prevent fraud
• Evaluate adequacy of plans for monitoring fraud risk program
• Support a culture of fraud risk awareness at all levels of the organisation
• Communicate to senior management or Board if any additional action is necessary or whether an investigation should be recommended • Red flags indicating fraud
• Types of fraud and common concealment activities
• Elements of an effective fraud risk management programme
• Organisation’s business, internal controls framework and financial processes
• Assess adequacy of internal audit plan on fraud risk evaluation Governance  • Engage the board and senior management on governance best practices and issues
• Articulate the benefits of good governance structure to influence adoption by senior management and the board
• Endorse the principles of governance and compliance in the organisation
• Adhere to ethical codes of practice when endorsing governance principles and policies to ensure organisational compliance to governance requirements
• Influence organisation’s compliance culture • Regulatory requirements and guidelines, including code of corporate governance, Companies Act, Singapore Exchange (SGX) listing manual
• Governance framework
• Best practices in corporate governance
• Techniques to build a corporate compliance culture Internal Controls • Assess the internal control framework
• Assess the adequacy and effectiveness of controls
• Evaluate the implications of organisational changes, operational changes and changes in business strategy using appropriate internal control framework
• Advise board and senior management on improvement initiatives to improve controls • Internal control framework
• Organisation’s business and processes
• Financial and operational information
• Organisation’s strategic objectives Cyber Security • Associate potential cyber security risks and threats with area of work
• Adhere to the organisation's policies and procedures to protect confidentiality and integrity of information
• Set policies and procedures for when cyber security related issues require escalation to relevant team members
• Articulate when additional cyber security resources are needed to mitigate risks • Organisation's cyber security policies and procedures
• Areas prone to cyber security threats
• Cyber security developments Data Analytics • Lead the implementation of the data science strategy, procedures and metrics to support requirements
• Analyse and interpret financial and non-financial data, including big data
• Identify and evaluate significant features of performance, including both financial and non-financial relevant performance indicators
• Synthesise critical findings and insights within the business context to make inferences and business decisions
• Highlight inconsistencies in information through analysis and the application of knowledge
• Exploit technologies, such as big data tools, cloud resources, and smart software, to improve backward-looking and forward-looking analysis • Data management cycle
• Data governance
• Industry best practices and successful case studies
• Evolving field of analytics and its potential to support business growth
• Predictive analytics as an enabler to forecast future performance and perform stress testing on business lines
• Visual analytics tools  Digital Technology Environment Scanning • Match macro trends to the needs of the organisation
• Identify and leverage new digital technologies, such as cloud and mobile, to create technology-enabled finance functions and deliver insights and value to the business
• Deliver analytics-driven insights through technologies to create competitive advantage
• Embrace technological transformations for finance and the overall business, and encourage the team to do the same
• Assess IT environment against business and department strategies
• Review technological trends and assess the level of impact on the organisation and the disruption to the industry • Technological developments and trends
• Industry best practices
• Emerging technological trends such as block chain, machine learning, artificial intelligence robotic process automation, and digital currency Infocomm Security and Data Privacy • Evaluate the effectiveness of IT governance frameworks in supporting the organisation’s strategies and objectives
• Determine the effectiveness of IT risks, security and data privacy policies and procedures
• Develop policies and procedures in alignment with current practices and legislations
• Communicate to the board and senior management the assessments of the IT risks, security and data privacy policies and procedures • Organisation’s strategies and objectives
• Information management systems and processes
• Strategic implications of IT on the organisation’s strategies and to gain a competitive advantage
• IT risks, security and data privacy procedures and policies
• Emerging trends and developments in IT risks, security and data privacy Risk Management • Analyse a range of risks in highly complex situations, which can be qualitative, semi-quantitative or quantitative
• Recommend mitigating strategies and implement structures and processes to control risks
• Articulate the impact of cultural differences on risk appetite and risk management strategies
• Lead organisation's governance and risk infrastructures
• Act as an integrator and navigator for the organisation by applying a systems thinking approach to implementing governance processes
• Balance the responsibilities of stewardship with business partnership • Enterprise risk management
• Evolving methodologies for risk management which should be incorporated into risk and control functions Auditor Independence • Develop safeguards to maintain auditor’s independence
• Evaluate effectiveness of safeguards in maintaining auditor’s independence
• Maintain independence in the development and execution of internal audit plans for the organisation • Industry best practices on safeguards against risks of threats to independence
• Common causes of independence being breached Professional and Business Ethics • Advocate board and management to establish ethics and values within the organisation and tone at the top
• Demonstrate compliance and application of ethical values as role model
• Evaluate effectiveness of safeguards applied to eliminate or reduce identified threats of unethical behaviour
• Exercise due professional care
• Review adequacy of measures proposed for resolution of ethical issues identified
• Foster ethical climate of the organisation • Organisation’s code of conduct or code of ethics
• The Institute of Internal Auditor’s Code of Ethics
• Ethics framework
• Interrelation between governance and ethical culture  Professional Standards • Ensure the organisation complies with the relevant professional standards
• Contribute in shaping development of professional standards
• Deepen stakeholder engagement and promote confidence in professional standards • Current developments in practice and legislation
• Emerging trends and developments of the profession Communication Negotiate with others to address issues and achieve mutual consensus. Decision Making Make decision in a volatile and ambiguous setting using a structured process and limited sources of available information to achieve intended goals. Developing People Provide mentorship to help others to develop their professional and personal development to improve performance and further their careers. Interpersonal Skills Influence, guide and handle others’ emotions to build instrumental relationships and manage conflicts and disagreements. Leadership Lead by example at organisational level. Inspire, motivate and guide others to adopt a point of view, make changes or take action. Cultivate an open, cooperative and collaborative learning culture for the organisation.

What are the competencies of an internal auditor?

What are some required competencies of an auditor?

What are five good audit competencies that an internal auditor should possess?

What degree of competence should auditor need to conduct internal audit?