Download Competency area - Chartered Institute of Internal Auditors

CPD planner
This template allows IIA members to assess their professional development needs against the IIA CPD competency framework and plan their Continuing Professional
Development (CPD) activity.
How to use this planner
1. Assess your current role and the role you aspire to, against the four categories:
 New entrant
 Internal auditor
 Audit manager
 Head of internal audit
For example you might currently be an internal auditor, aspiring to be an internal audit manager.
2. Look at the competencies required for the role you aspire to. Competencies have been defined at four levels:
 Awareness
 Basic
 Competent
 Expert
Assess whether you have the competencies for that role. For example you might need to develop the competency “develops staff effectively” from “awareness” to
“competent”.
3. Select the competencies you want to develop. Build your CPD plan by completing an “action period” for your selected competencies.
4. Save your plan, review and update it periodically.
Chartered Institute of Internal Auditors 2013
1
Name:
Current role:
Role I aspire to:
Date:
Section 1 - Internal Audit Standards, Theory and Methodology
International Professional Practices Framework
Core competency
Applies the relevant portions of the
International Professional
Practices Framework
New
entrant
Basic
Member to complete
Internal
auditor
Competent
Audit
manager
Expert
Head of IA
Detailed statement of competency
Expert
Can use the IIA international standards to
ensure that: audit assignments are quality
controlled; audit methodology follows a risk
based approach covering planning, fieldwork,
reporting and follow up; the audit department
is independent through its reporting line;
internal audit has access to all systems,
processes and people; and audit assignments
are conducted with due professional care
Current
level
Target
level
Action period
Section 2 - Knowledge Areas
The Internal Environment
Core competency
Member to complete
Applies an understanding of the
technical aspects of finance and
accounting appropriate to their
own or clients' organisation
when communicating with others
Awareness
Internal
auditor
Basic
Applies an understanding of
management accounting
appropriate to their own or
clients' organisation when
communicating with others
Awareness
Basic
New entrant
Chartered Institute of Internal Auditors 2013
Audit
manager
Competent
Competent
Current
level
Head of IA
Competent
Competent
Target
level
Action period
Understands and is able to analyse and
interpret accounting information, including
accounting statements, terminology,
processes and procedures and financial
instruments, as well as the accounting entries
required for recording and managing cash, and
other specific transactions and events, within
the context of the business development cycle
Is able to apply cost concepts and costing
systems (including absorption costing, variable
costing, full costing, marginal costing and
activity-based costing), capital and operational
budgeting, as well as transfer pricing (if
appropriate) and relevant cost
2
Applies an understanding of
organisational and management
theory to own or clients'
organisation
Awareness
Basic
Basic
Competent
Demonstrates an understanding of
organisational theory, applying a range of
different theoretical models with respect to
operations, systems, behaviour and
contingency to inform their approach to
management, change, culture, sales and
marketing activities
The External Environment
Core competencies
Member to complete
Applies an understanding of the
regulatory and legal framework
within which their own or clients'
organisation operates
Awareness
Internal
auditor
Basic
Applies an understanding of
macro- and micro-economics
appropriate to the organisation
when communicating with others
Awareness
Basic
New entrant
Chartered Institute of Internal Auditors 2013
Audit
manager
Basic
Basic
Current
level
Head of IA
Basic
Basic
Target
level
Action period
Is aware of and takes into account the impact
of legislation and regulation, including trade
legislation and regulations, labour laws,
copyright, privacy and cyber laws, civil and
penal laws, taxation schemes, contract law,
and the nature and rules of legal evidence
Is aware of and takes into account the impact
of macroeconomic factors (including the state
of the economy, the economic environment
within which business and financial decisions
are made, the workings of financial markets,
government policies, national income,
employment, investment, interest rates, the
supply of money, inflation, exchange rates,
and the formulation and operation of
stabilisation policies) and microeconomic
factors (including market mechanisms that
establish relative prices among goods and
services and allocate limited resources among
many alternative uses, market failure, perfect
competition, general equilibrium, markets
under asymmetric information, choice under
uncertainty and economic applications of
game theory, and elasticity of products within
the market system)
3
Quality and Control
Core competencies
Applies a range of appropriate
quality models and frameworks
Awareness
Internal
auditor
Basic
Demonstrates an understanding
of the principles of ethics and
integrity
Basic
Expert
Expert
Expert
Identifies the risk of fraud
occurring and the appropriate
means for detection,
investigation and prevention
Awareness
Basic
Competent
Competent
Applies an understanding of IT
risk, control and security
appropriate to own or clients'
organisation when
communicating with others
Basic
Competent
Competent
Competent
New entrant
Chartered Institute of Internal Auditors 2013
Audit
manager
Basic
Member to complete
Current Target
Action period
level
level
Head of IA
Basic
Understands and applies quality frameworks
including EFQM, ISO standards, Six Sigma
and TQM as appropriate
Can demonstrate that the IIA’s code of ethics
is applied in every audit assignment so that
information is kept confidential, audit work is
only undertaken where the auditor is
competent to do so, conflicts of interest are
disclosed, and the auditor acts objectively in all
situations, ensuring that where ethical conflicts
do occur they are discussed with the head of
audit, and can apply ethical principles and
values to the activities being audited within the
organisation, acting with due sensitivity where
these principles are being abused
Understands the definition and application of
fraud concepts and applies them to business
systems such as procurement, sales,
accounting, payroll, fixed assets and
organsiational knowledge, recognising
detection methods such as red flags and the
fraud triangle
Recognises where IT is relevant within an
audit assignment (including security of
systems involving access control,
environmental controls, compliance with IT
policies and procedures, and management of
the IT activity), and can participate in IT
projects and provide input on potential risk
exposures, referring to IT control frameworks
such as COBIT and IT standards such as
BS25999 (business continuity management)
and ISO27001 and 27002 (information security
code of practice) where appropriate
4
Applies an understanding of risk
management, control and
governance through the delivery
of assurance
Awareness
Competent
Expert
Expert
Maintains effective working
relationships with other
assurance providers
Awareness
Awareness
Basic
Expert
Chartered Institute of Internal Auditors 2013
Can undertake an assurance audit and provide
an audit opinion on the risk exposures
highlighted, discussing levels of assurance
with senior management and confirming the
level of assurance that particular audit work
attracts (recognising, for example, that a light
touch audit with little testing may provide a
lower level of assurance than an audit that
encompasses both compliance and
substantive testing), and is able to provide
input to the annual assurance statement or
statement on internal control signed by senior
management, working with other providers of
assurance within the organisation such as
health and safety and quality control where
necessary and appropriate
Is able to develop and sustain good
relationships and effective coordination with
those who provide assurance services, such
as external auditors, compliance officers, and
others
5
Section 3 - Interpersonal Skills
Personal Effectiveness
Core competencies
Develops and wields influence
effectively
Basic
Internal
auditor
Basic
Develops and implements
organisational policies and
procedures effectively
Awareness
Basic
Expert
Expert
Develops and exploits effective
working relationships
Basic
Basic
Competent
Expert
Operates effectively through
proactive collaboration
Basic
Basic
Expert
Expert
Audit
manager
Competent
New entrant
Audit
manager
Competent
Member to complete
Current Target
Action period
level
level
Head of IA
Expert
Is able to gain the trust of others and be
influential by building consensus, support and
alliances through negotiation, persuasion and
the use of networking in a manner that is
inclusive, confident, politically astute,
diplomatic, sensitive and proactive
Understands, implements and contributes to
the development of the organisation’s policies
and procedures including those relating to the
internal audit function
Cultivates networks, creates opportunities to
develop relationships and build bonds, and is
open and approachable, using tact and
diplomacy
Identifies and nurtures collaboration
proactively through the sharing of plans,
goals, information and resources, creating a
professional, cooperative, confidential and
safe environment, whilst recognising own
limitations, admitting mistakes and seeking
support from others as required
Communication
Core competencies
Communicates effectively both
orally and in writing to a range of
audiences
Basic
Internal
auditor
Competent
Promotes open communication
Basic
Competent
Expert
Expert
Advocates the internal audit
function to others
Basic
Basic
Competent
Expert
New entrant
Chartered Institute of Internal Auditors 2013
Member to complete
Current Target
Action period
level
level
Head of IA
Expert
Is able to communicate effectively both orally
and in writing, using presentations and visual
media (such as pictures, graphs and flow
charts) within written reports, and is able to
present complex or sensitive messages (such
as audit recommendations) clearly,
comprehensively, and professionally,
presenting messages at the right time and with
confidence in a manner appropriate to a range
of audiences from operational staff to director
level.
Fosters open communication, mutual
understanding and information sharing through
.active listening and responsiveness to client
questions and answers, and is able to provide
constructive, sensitive feedback
Can advocate the internal audit function to
others
6
Managing Others
Core competencies
Manages staff effectively
Awareness
Internal
auditor
Awareness
Builds and inspires a team
Awareness
Basic
Competent
Expert
Manages and resolves conflict
Awareness
Basic
Competent
Expert
Leads a team effectively
Basic
Basic
Competent
Expert
Audit
manager
Competent
Competent
New entrant
Audit
manager
Competent
Member to complete
Current Target
Action period
level
level
Head of IA
Expert
Establishes and implements procedures for
recruitment, selection, succession planning,
appraisal, performance management,
professional development and workload
management for team members, dealing with
individuals with sensitively in a manner that
promotes diversity
Is able to build a team, create unity, lead by
example, demonstrate a commitment to values
and develop an inspiring vision for self and
others, taking calculated risks to achieve goals
as required
Is able to lead in a crisis, identifying and
resolving conflict and disagreements through
win-win strategies, dealing with difficult people
and difficult situations with tact and diplomacy
Can develop, lead and promote a team
through enthusiastic support, protection,
assistance, encouragement, guidance, praise
participation and sharing
Managing Performance
Core competencies
Manages performance effectively
Awareness
Internal
auditor
Awareness
Manages own workload and that
of team effectively
Basic
Basic
New entrant
Chartered Institute of Internal Auditors 2013
Member to complete
Current Target
Action period
level
level
Head of IA
Expert
Expert
Sets and communicates clear targets for
performance in a manner that promotes the
vision, motivates and provides focus, and is
able to address issues of individual
performance promptly, providing performance
feedback that is sensitive to personal issues
Is able to multi task and meet given deadlines
as well as set challenging goals for team and
manage their responsibilities, using time and
other resources in a focussed, efficient and
effective way whilst maintaining and promoting
a healthy work-life balance
7
Managing Change
Core competencies
Acts as a champion for change
Awareness
Internal
auditor
Basic
Responds positively to change
Basic
Basic
New entrant
Chartered Institute of Internal Auditors 2013
Audit
manager
Competent
Competent
Member to complete
Current
Target
Action period
level
level
Head of IA
Expert
Expert
Acts as a champion for change and enlists the
support of others by developing a change
strategy and modelling expected change,
assessing potential barriers and resources
needed, and providing resources, direction
and focus
Responds quickly and positively to change,
switching strategies and tactics and
maintaining work efficiency even in unclear
situations, coping with any associated stress
8
Section 4 - Tools and Techniques
Research and Investigation
Core competencies
Selects and applies a range of
appropriate operational and
management research tools and
techniques
Awareness
Internal
auditor
Basic
Identifies the need for an expert
in operational research as
required and validates their work
Awareness
Basic
Competent
Expert
Selects and applies a range of
appropriate forecasting tools and
techniques
Awareness
Basic
Competent
Competen
t
Identifies the need for an expert
in forecasting as required and
validates their work
Awareness
Basic
Competent
Expert
Audit
manager
Expert
New entrant
Audit
manager
Basic
Member to complete
Current
Target
Action period
level
level
Head of IA
Basic
Can select and use the appropriate operational
research techniques (such as Markov chains and
processes, stochastic simulation and queuing
models) and optimisation techniques (such as
linear programming, dynamic programming,
integer and mixed integer programming and
heuristics), developing and managing operations,
strategy and process design, and understands
cycle time, capacity, waiting time, basic decision
analysis and simulation well enough to explain to
others
Can identify the need for a specific expert in the
operational research field and can understand
their conclusions and validate their work
Can apply forecasting and predicting methods to
support managerial decision making, assess and
apply model causes and time series, using the
organisation's forecasting tools as required
Can identify the need for a specific expert in the
forecasting field and can understand their
conclusions and validate their work
Business Processes and Project Management
Core competencies
Manages projects within the
internal audit function or
organisation effectively
Awareness
Internal
auditor
Basic
Selects and applies a range of
appropriate business process
analysis tools and techniques
Awareness
Competent
Expert
Expert
Organises and leads a team in
mapping, analysis, and business
process improvement
Awareness
Basic
Competent
Expert
New entrant
Chartered Institute of Internal Auditors 2013
Member to complete
Current
Target
Action period
level
level
Head of IA
Expert
Can manage any project within the IAA or audit
project management within the organization, can
apply to himself/herself most of the concept
presented in the referenced model
Can use business analysis tools and flowcharting
techniques to summarise systems and
processes and measure their efficiency and
effectiveness, and is able, in conjunction with
audit client, to identify solutions that can be used
to improve processes and promote better value
for money
Organises and leads a team in mapping,
analysis, and business process improvement
9
Uses performance management
techniques to monitor and
evaluate operational and
strategic performance
Basic
Competent
Expert
Expert
Is able to review individual areas within audit
assignments like finance, operations, learning
and development and customer care to evaluate
the effectiveness of their performance, and can
use approaches such as the balanced scorecard
to assess and evaluate the performance of the
organisation or parts of it, including the audit
function
Risk and Control
Core competencies
Explains and applies risk
theory and management,
control design and control
testing techniques
Basic
Internal
auditor
Competent
Explains and applies internal
controls and a range of control
frameworks
Basic
Competent
Expert
Expert
Trains others in control model
used
Awareness
Basic
Competent
Expert
New entrant
Chartered Institute of Internal Auditors 2013
Audit
manager
Expert
Member to complete
Current
Target
Action period
level
level
Head of IA
Expert
Can undertake a risk based audit and
understands how management should apply risk
management techniques and risk mitigation
strategies (including treat, tolerate, terminate,
transfer or exploit), and is able to use a range of
risk mitigation techniques within audit
recommendations or as part of the outcomes of
consultancy assignments by assessing risk
within the planning stage of the audit, evaluating
risk at the end of the fieldwork stage of the audit
and providing a risk based opinion at the end of
the audit
Is able to apply major control frameworks such
as COSO and CoCo and ISO standards where
applicable to audit work, and understands where
internal control fits within a risk focused audit
assignment and the statement of internal control
agreed by management at the year end, applying
ad hoc control references in the absence of a
control framework
Can train a team or client on the model used
within the organisation and compare with other
alternatives
10
Data Collection and Analysis
Core competencies
Applies sampling, data
analysis and other statistical
techniques to analyse and
assess data
Basic
Internal
auditor
Competent
Uses benchmarking data
adequately
Awareness
Basic
Competent
Expert
Uses data extraction software
and communicates data
manipulation requirements to
others
Basic
Basic
Expert
Competent
Prepares for an
interview/meeting, sets the
environment, and conducts the
interview/meeting
Basic
Competent
Expert
Expert
Designs and uses
questionnaires and surveys
effectively
Basic
Competent
Expert
Competent
Identifies the need for a
specific expert in the data
mining/analysis field
Basic
Basic
Expert
Expert
New entrant
Chartered Institute of Internal Auditors 2013
Audit
manager
Expert
Member to complete
Current
Target
Action period
level
level
Head of IA
Competent
Undertakes statistical analysis as part of the
planning stage of the audit assignment to ensure
that higher rated risks are given due focus in the
fieldwork using software (such as IDEA and
ACL) to select audit samples and analyse data
trends, and using judgmental sampling to select
samples where software is not available, and
.undertakes benchmarking of the organisation
where appropriate and where data is available
Can use benchmarking data adequately
Can use queries, organisation's own systems, or
third party providers data extraction software,
and can express requirements to a data
warehouse expert for data extraction,
transformation and loading techniques
Can set up a meeting with a range of
organisational personnel (from operational
through to director level), determining the
agenda and issues to be discussed, and conduct
and manage a meeting, putting the client at
ease, and, through active listening, can ask
relevant and pertinent questions, and accurately
write up the contents of the meeting
Can determine when it is appropriate to use a
questionnaire or survey as part of an audit
engagement, determine the right level and
number of questions, phrase sensitive questions
well, and determine the right persons to whom
the survey/questionnaire should be sent,
engaging the client in the process,, and is able to
analyse and write up the data returns accurately
and effectively
Can identify the need for a specific expert in the
data mining/analysis field
11
Problem Solving
Core competencies
Selects and applies a range of
problem solving techniques
Basic
Internal
auditor
Competent
Identifies the need for a
specific expert/facilitator in the
problem solving field
Basic
Basic
Expert
Audit
manager
Expert
Competent
New entrant
Audit
manager
Expert
Member to complete
Current
Target
Action period
level
level
Head of IA
Expert
Expert
Can apply problem solving techniques (such as
SWOT and PESTEL analysis, five whys, critical
success factors, impact analysis, drill down and
Porter's Five Forces) to assurance and
consulting assignments to assess and evaluate
risk and assess the inherent risks to which
organisations are exposed
Can identify the need for a specific
expert/facilitator in the problem solving field
Information Technology
Core competencies
Uses Microsoft office suite or
equivalent effectively
Competent
Internal
auditor
Expert
Uses a range of packages for
data extraction, analysis and
audit management
Basic
Competent
New entrant
Chartered Institute of Internal Auditors 2013
Member to complete
Current
Target
Action period
level
level
Head of IA
Expert
Competent
Can use Microsoft office suite or equivalent
(word processing, spreadsheet, presentation,
email, internet) to support the audit process,
such as analysing data, report writing, setting
up meetings and requests for information, and
making presentations at close out meetings or to
the audit committee
Can use data extraction and analysis tools and
software such as Access, ACL and IDEA to
generate audit samples or examples of
exceptions to organisational procedures that can
be tested further to evaluate risk exposure.
12