Practice of Internal Auditing (CIA Part 2 Curriculum)

CIA examination consists of three Parts. Part 1 is named the “Essentials of Internal Auditing”, Part 2 is “Practice of Internal Auditing” and Part 3 is “Business Knowledge for Internal Auditing”. It offers the comprehensive roadmap for individuals seeking to embark on a journey in internal auditing. Below we have provided the points you will understand and learn in CIA Part 2 - “Practice of Internal Auditing”. The entire curriculum is divided into four units as per the Institute of Internal Auditors. The percentage coverage of all topics is also mentioned.

Just to introduce you, the Academy of Internal Audit is the best training institute for Certified Internal Auditor Certification and also an authorized learning partner of IIA India. Let's dive into the learning objectives of the CIA part 2 curriculum:

Managing the Internal Audit Activity (20%) :

This domain makes up 20% of part 2 of the CIA exam and is tested at the basic and proficient cognitive levels. The learning objectives are:

  • Describe the policies and procedures for the planning, organizing, directing, and monitoring of the internal audit operations.
  • Interpret administrative activities of the internal audit activity (such as budgeting, resourcing, recruiting, staffing, etc).
  • Describe the coordination of internal audit efforts with the external auditor, regulatory oversight bodies, and the other internal assurance functions, as well as potential reliance on other assurance providers.
  • Interpret types of assurance engagements (risk and control assessments, audits of third parties and contract compliance, security and privacy, performance and quality audits, key performance indicators, operational audits, and financial and regulatory compliance audits).
  • Interpret types of consulting engagements (training, system design, system development, due diligence, privacy, benchmarking, internal control assessment, process mapping, etc) designed to provide advice and insight.
  • Identify the sources of the potential engagements (audit universe, audit cycle requirements, management requests, regulatory mandates, relevant market and industry trends, emerging issues, etc).
  • Identify the risk management framework to assess the risks and prioritize audit engagements based on the results of the risk assessment.
  • Recognize that the chief audit executive communicates the annual audit plan to the senior management & the board and seeks the board's approval.
  • Identify the significant risk exposures & control and the governance issues for the chief audit executive to report to the board.
  • Recognize that the chief audit executive reports on the overall effectiveness of the organization's internal control and risk management processes to senior management and the board.
  • Recognize the internal audit key performance indicators that the chief audit executive communicates to senior management and the board periodically.
Offering assurance and advisory services that will enhance the organization's operations and provide value is the internal auditor's job. Its job is to assess and enhance the efficiency of the company's control, risk management, and governance procedures. Access to all individuals, physical objects, and records pertinent to the execution of engagements should thus be granted to the internal audit activity.

Planning the Engagement (20%):

This domain makes up 20% of part 2 of the CIA exam and is tested at the basic and proficient cognitive levels. The learning objectives are:

  • Determine engagement objectives, evaluation criteria, and the scope of the engagement.
  • Plan the engagement to assure the identification of the key risks and controls.
  • Complete the detailed risk assessment of each audit area, including evaluating and prioritizing risk and control factors.
  • Gather & examine the relevant information (review previous audit reports and data, conduct walkthroughs and interviews, perform observations, etc.) as part of a preliminary survey of the engagement area.
  • Develop the checklists and risk-and-control questionnaires as part of the preliminary survey of the engagement area.
  • Determine the engagement procedures and prepare the engagement work program.
  • Determine the level of staff and the resources needed for the engagement.
Planning continues throughout the engagement. The plan is grounded in a clear understanding of the objectives and scope of the engagement. This understanding is based on awareness of strategies, objectives, related risks and controls of the area to be reviewed. The criteria and engagement procedures are needed to evaluate governance, risk management, and controls. To meet the engagement objectives, the internal audit activity needs to gather adequate, trustworthy, pertinent, and helpful information. The several audit processes that may be used and the knowledge of which techniques are suited for the engagement objectives are two things that internal auditors must possess.

Performing the Engagement (40%) :

This domain makes up 40% of part 2 of the CIA exam and is tested at the basic and proficient cognitive levels. The learning objectives are:

  • Evaluate relevance, sufficiency, and reliability of potential sources of evidence.
  • Apply appropriate sampling (statistical, judgmental, discovery, etc.) and statistical analysis techniques.
  • Use computerized audit tools and techniques (data mining and extraction, continuous monitoring. automated workpapers, embedded audit modules, etc).
  • Apply appropriate analytical approaches and the process mapping techniques (process identification, workflow analysis, process map generation and analysis, spaghetti maps, RACI diagrams, etc).
  • Determine & apply analytical review techniques (ratio estimation, variance analysis, budget vs. actual, trend analysis, other reasonableness tests, benchmarking, etc).
  • Prepare the work papers and documentation of relevant information to support the conclusions and engagement results.
  • Summarize and develop the engagement conclusions, including assessment of risks and controls.
  • Identify the key activities in supervising engagements like (coordinating work assignments, reviewing work papers, evaluating auditors' performance, etc).

Essentials of Internal Auditing (CIA Part 1 Curriculum)

Communicating Engagement Results and Monitoring Progress (20%) :

This domain makes up 20% of part 2 of the CIA exam and is tested at the basic and proficient cognitive levels. The learning objectives are:

  • Arrange preliminary communication with engagement clients.
  • Demonstrate communication quality and elements.
  • Prepare interim reporting on the engagement progress.
  • Formulate recommendations to enhance and protect the organizational value.
  • Describe the audit engagement communication and reporting process, including holding the exit conference, developing the audit report, and obtaining management's response.
  • Describe chief audit executive's responsibility for assessing residual risk.
  • Describe process for communicating risk acceptance (when management has accepted a level of risk that may be unacceptable to the organization).
  • Assess engagement outcomes, including a management action plan.
  • Manage the monitoring and follow-up of disposition of audit engagement results, communicated to management and board.
Communication is must be accurate, objective, clear, concise, constructive, complete, and timely. The internal auditor should communicate in writing significant deficiencies and material weaknesses to management and those charged with governance and also explain their potential effects. Internal auditors may offer suggestions for improvement, acknowledgements of good performance, and corrective measures. The recommendations are based on the internal auditor's observations and the conclusions. The final engagement communication is given to the management of the audited activity and to those persons in the organization who can ensure engagement results are given due consideration and take corrective steps or ensure that corrective steps are taken.

Conclusion

Internal auditing is a complicated activity that demands capabilities in planning, implementation, communication, and follow-up. Internal auditors may give useful insights to organizations by knowing the major domains and adopting best practices, assisting them in improving their governance, risk management, and control procedures. Internal auditors perform a significant role in promoting ongoing advancement and ensuring organizational integrity by communicating effectively and monitoring continuously.