Face to Face Method (Class)

(15 meetings)

Course Name Internal Auditing

Prerequisites 1. Financial Auditing
2. Principles of Accounting
3. Intermediate Accounting
4. Advance Accounting
5. Cost Accounting
6. Accounting Information System
7. Computer Application
Textbook(s) Textbook
Internal Auditing: Assurance and Advisory Services, 4rd edition by Urton, et all.
Internal Audit Foundation, 2017. ISBN-13: 978-0-89413-987-1.

Week Title Chapters Activities

1 Introduction to Internal auditing 1 - Tutorial in Class
 Definition of Internal Auditing - Review Questions
 The Relationship Between Auditing and Accounting - Multiple-choice
 Financial Reporting Assurance Services: External vs Questions
Internal - Class Discussion
 The Internal Audit Profession - Cases
 The Institute of Internal Auditors
 Competencies Needed to Excel As an Internal Auditor
 Internal Auditor Career Paths
2 The International Professional Practices Framework (IPPF) 2 - Tutorial in Class
 The History of Guidance Setting for the Internal Audit - Review Questions
Profession - Multiple-choice
 The International Professional Practices Framework Questions
 Mandatory Guidance - Class Discussion
 Recommended Guidance - Cases
 How the IPPF Is Kept Current
 Standards Promulgated by Other Organizations
3 Governance 3 - Tutorial in Class
 Governance Concepts - Review Questions
 The Evolution of Governance - Multiple-choice
 Opportunities to Provide Insight Questions
- Class Discussion
- Cases
4 Risk Management 4 - Tutorial in Class
 Overview of Risk Management - Review Questions
 COSO ERM Framework - Multiple-choice
 ISO 31000:2009 Risk Management – Principles and Questions
Guidelines - Class Discussion
 The Role of the Internal Audit Function in ERM - Cases
  The Impact of ERM on Internal Audit Assurance
 Opportunities to Provide Insight
5 Business Processes and Risks 5 - Tutorial in Class
 Business Process - Review Questions
 Documenting Business Process - Multiple-choice
 Business Risks Questions
 Business Process Outsourcing - Class Discussion
 Opportunities to Provide Insight - Cases
 Applying the Concepts: Risk Assessment for Student
Organizations
6 Internal control 6 - Tutorial in Class
 Frameworks - Review Questions
 Definition of Internal Control - Multiple-choice
 The Objectives, Components, and Principles of Internal Questions
Control - Class Discussion
 Internal Control Roles and Responsibilities - Cases
 Limitations of Internal Control
 Viewing Internal Control from Different Perspectives
 Types of Controls
 Evaluating the System of Internal Controls – An
Overview
 Opportunities to Provide Insight
7 Information Technology Risk and Controls 7 - Tutorial in Class
 Key Components of Modern Information Systems - Review Questions
 IT Opportunities and Risks - Multiple-choice
 IT Governance Questions
 IT Risk Management - Class Discussion
 IT Controls - Cases
 Implications of IT for Internal Auditors
 Sources of IT Audit Guidance
8 Risk of Fraud and Illegal Acts 8 - Tutorial in Class
 Overview of Fraud in Todays’s Business World - Review Questions
 Definitions of Fraud - Multiple-choice
 The Fraud Triangle Questions
 Key Principles for Managing Fraud Risk - Class Discussion
 Governance Over the Fraud Risk Management Program - Cases
 Fraud Risk Assessment
 Illegal Acts and Response
 Fraud Prevention
 Fraud Detection
 Fraud Investigation and Corrective Action
 Understanding Fraudsters
 Implications for Internal Auditors and Others
 Opportunities to Provide Insight
Mid Test: Part 1 CIA and Part 2 CIA
9 Managing the Internal Audit Function 9 - Tutorial in Class
  Positioning the Internal Audit Function in the - Review Questions
Organization - Multiple-choice
 Planning Questions
 Communication and Approval - Class Discussion
 Resource Management - Cases
 Policies and Procedures
 Coordination Assurance Efforts
 Reporting to the Board and Senior Management
 Governance
 Risk Management
 Control
 Quality Assurance and Improvement Program (Quality
Program Assessment)
 Performance Measurement for the Internal Audit
Function
 Use the Technology to Support the Internal Audit
Process
 Opportunities to Provide Insight
10 Audit Evidence and Working Papers 10 - Tutorial in Class
 Audit Evidence - Review Questions
 Audit Procedures - Multiple-choice
 Working Papers Questions
- Class Discussion
- Cases
11 Data Analytics and Audit Sampling 11 - Tutorial in Class
 Data Analytics - Review Questions
 Step to Internal Audit Data Analytics - Multiple-choice
 Use of Data Analytics Questions
 Future of Internal Audit Data Analytics - Class Discussion
 Audit Sampling - Cases
 Statistical Audit Sampling in Tests of Controls
 Nonstatistical Audit Sampling in Tests of Controls
 Statistical Sampling in Tests of Monetary Values
12 Introduction to the Engagement Process 12 - Tutorial in Class
 Types of Internal Audit Engagements - Review Questions
 Overview of the Assurance Engagement Process - Multiple-choice
 The Consulting Engagement Process Questions
- Class Discussion
- Cases
13 Conducting the Assurance Engagement 13 - Tutorial in Class
 Determine Engagement Objectives and Scope - Review Questions
 Understand the Auditee - Multiple-choice
 Identify and Assess Risks Questions
 Identify Key Controls - Class Discussion
 Evaluate the Adequacy of Control Design - Cases
 Create a Test Plan
  Develop a Work Program
 Allocate Resources to the Engagement
 Conduct Test to Gather Evidence
 Evaluate Evidence Gathered and Reach Conclusions
 Develop Observations and Formulate
Recommendations
 Opportunities to Provide Insight
14 Communicating Assurance Engagement Outcomes and 14 - Tutorial in Class
Performing Follow-up Procedures - Review Questions
 Engagement Communication Obligations - Multiple-choice
 Perform Observation Evaluation and Escalation Process Questions
 Conduct Interim and Preliminary Engagement - Class Discussion
Communications - Cases
 Develop Final Engagement Communications
 Distribute Formal and Informal Final Communications
 Perform Monitoring and Follow-up
 Other Types of Engagements
15 The Consulting Engagement 15 - Tutorial in Class
 Providing Insight Through Consulting - Review Questions
 The Difference Between Assurance and Consulting - Multiple-choice
Services Questions
 Types of Consulting Services - Class Discussion
 Selecting Consulting Engagement to Perform - Cases
 The Consulting Engagement Process
 Consulting Engagement Working Papers
 The Changing Landscape of Consulting Services
 Capabilities Needed
 The Impact of Culture and the Internal Auditor as a
Trusted Advisor
 Opportunites to Provide Insight
16 Final Test: Part 3 CIA

A. International Professional Practices Framework (IPPF)

B. Internal Auditing: Assurance & Advisory Services, 4th Edition
C. COSO — Internal Control — Integrated Framework: 2013 (Framework)
D. Enterprise Risk Management — Integrating with Strategy and Performance
E. The Global Internal Audit Competency Framework
F. Position Paper: The Three Lines of Defense in Effective Risk Management and Control
G. Gleim CIA
 HYBRID METHOD (CLASS)
(15 meetings)

Course Name Certified Internal Auditor (CIA) Review

Prerequisites 1. Financial Auditing
2. Principles of Accounting
3. Intermediate Accounting
4. Advance Accounting
5. Cost Accounting
6. Accounting Information System
7. Computer Application
Textbook(s) Gleim CIA

Week Title Part/Units Activities

1 Foundations of Internal Auditing (15%) 1/1 - Tutorial in Class
 Interpret The IIA's Mission of Internal Audit, - Review Questions
Definition of Internal Auditing, and Core Principles - Online Multiple-
for the Professional Practice of Internal Auditing, choice Questions
and the purpose, authority, and responsibility of the - Class Discussion
internal audit activity - Cases
 Explain the requirements of an internal audit
charter (required components, board approval,
communication of the charter, etc.)
 Interpret the difference between assurance and
consulting services provided by the internal audit
activity
 Demonstrate conformance with the IIA Code of
Ethics
Independence and Objectivity (15%) 1/2
 Interpret organizational independence of the
internal audit activity (importance of independence,
functional reporting, etc.)
 Independence, whether the internal audit activity
has any impairments to its Independence
 Assess and maintain an individual internal auditor's
objectivity, including determining whether an
individual internal auditor has any impairments to
his/her objectivity
Analyze policies that promote objectivity
2 Proficiency and Due Professional Care (18%) 1/3 - Tutorial in Class
 Recognize the knowledge, skills, and competencies - Review Questions
required (whether developed or procured) to fulfill - Online Multiple-
the responsibilities of the internal audit activity choice Questions
 Demonstrate the knowledge and competencies that - Class Discussion
an internal auditor needs to possess to perform - Cases
 his/her individual responsibilities, including
technical skills and soft skills (communication skills,
critical thinking, persuasion/negotiation and
collaboration skills, etc.)
 Demonstrate due professional care
 Demonstrate an individual internal auditor's
competency through continuing professional
development
3 Quality Assurance and Improvement Program (7%) 1/4 - Tutorial in Class
 Describe the required elements of the quality - Review Questions
assurance and improvement program (internal - Online Multiple-
assessments, external assessments, etc.) choice Questions
 Describe the requirement of reporting the results of - Class Discussion
the quality assurance and improvement program to - Cases
the board or other governing body
 Identify appropriate disclosure of conformance vs.
nonconformance with The IIA's International
Standards for the Professional Practice of Internal
Auditing
4 Governance, Risk Management, and Control (35%) 1/5 - Tutorial in Class
 Describe the concept of organizational governance - Review Questions
 Recognize the impact of organizational culture on - Online Multiple-
the overall control environment and individual choice Questions
engagement risks and controls - Class Discussion
 Recognize and interpret the organization's ethics - Cases
and compliance-related issues, alleged violations,
and dispositions
 Describe corporate social responsibility
 Interpret fundamental concepts of risk and the risk
management process
 Describe globally accepted risk management
frameworks appropriate to the organization (COSO
- ERM, ISO 31000, etc.)
 Examine the effectiveness of risk management
within processes and functions
 Recognize the appropriateness of the internal audit
activity's role in the organization's risk management
process
 Interpret internal control concepts and types of
controls
 Apply globally accepted internal control
frameworks appropriate to the organization (COSO,
etc.)
 Examine the effectiveness and efficiency of internal
controls
5 Fraud Risks (10%) 1/6 - Tutorial in Class
- Review Questions
  Interpret fraud risks and types of frauds and - Online Multiple-
determine whether fraud risks require special choice Questions
consideration when conducting an engagement - Class Discussion
 Evaluate the potential for occurrence of fraud (red - Cases
flags, etc.) and how the organization detects and
manages fraud risks
 Recommend controls to prevent and detect fraud
and education to improve the organization's fraud
awareness
 Recognize techniques and internal audit roles
related to forensic auditing (interview,
investigation, testing, etc.)
6 Managing the Internal Audit Activity (20%) 2/1 - Tutorial in Class
1. Internal Audit Operations - Review Questions
 Describe policies and procedures for the planning, - Online Multiple-
organizing, directing, and monitoring of internal choice Questions
audit operations - Class Discussion
 Interpret administrative activities (budgeting, - Cases
resourcing, recruiting, staffing, etc.) of the internal
audit activity
2. Establishing a Risk-based Internal Audit Plan
 Identify sources of potential engagements (audit
universe, audit cycle requirements, management
requests, regulatory mandates, relevant market and
industry trends, emerging issues, etc.)
 Identify a risk management framework to assess
risks and prioritize audit engagements based on the
results of a risk assessment
 Interpret the types of assurance engagements (risk
and control assessments, audits of third parties and
contract compliance, security and privacy,
performance and quality audits, key performance
indicators, operational audits, financial and
regulatory compliance audits)
 Interpret the types of consulting engagements
(training, system design, system development, due
diligence, privacy, benchmarking, internal control
assessment, process mapping, etc.) designed to
provide advice and insight
 Describe coordination of internal audit efforts with
the external auditor, regulatory oversight bodies,
and other internal assurance functions, and
potential reliance on other assurance providers
3. Communicating and Reporting to Senior
Management and the Board
 Recognize that the chief audit executive
communicates the annual audit plan to senior
 management and the board and seeks the board's
approval
 Identify significant risk exposures and control and
governance issues for the chief audit executive to
report to the board
 Recognize that the chief audit executive reports on
the overall effectiveness of the organization's
internal control and risk management processes to
senior management and the board
 Recognize internal audit key performance indicators
that the chief audit executive communicates to
senior management and the board periodically
7 Performing the Engagement (40%) 2/2 - Tutorial in Class
1. Information Gathering - Review Questions
 Gather and examine relevant information (review - Online Multiple-
previous audit reports and data, conduct walk- choice Questions
throughs and interviews, perform observations, - Class Discussion
etc.) as part of a preliminary survey of the - Cases
engagement area
 Develop checklists and risk-and-control
questionnaires as part of a prelim nary survey of the
engagement area
 Apply appropriate sampling (nonstatistical,
judgmental, discovery, etc.) and statistical analysis
techniques
2. Analysis and Evaluation
 Use computerized audit tools and techniques (data
mining and extraction, continuous monitoring,
automated workpapers, embedded audit modules,
etc.)
 Evaluate the relevance, sufficiency, and reliability of
potential sources of evidence
 Apply appropriate analytical approaches and
process mapping techniques (process identification,
workflow analysis, process map generation and
analysis, spaghetti maps, RACI diagrams, etc.)
 Determine and apply analytical review techniques
(ratio estimation, variance analysis, budget vs.
actual, trend analysis, other reasonableness tests,
benchmarking, etc.)
 Prepare workpapers and documentation of relevant
information to support conclusions and
engagement results
 Summarize and develop engagement conclusions,
including assessment of risks and controls
3. Engagement Supervision
  Identify key activities in supervising engagements
(coordinate work assignments, review workpapers,
evaluate auditors' performance, etc.)
8 Communicating Engagement Results and Monitoring 2/3 - Tutorial in Class
Progress (20%) - Review Questions
1. Communicating Engagement Results and the - Online Multiple-
Acceptance of Risk choice Questions
 Arrange preliminary communication with - Class Discussion
engagement clients - Cases
 Demonstrate communication quality (accurate,
objective, clear, concise, constructive, complete,
and timely) and elements (objectives, scope,
conclusions, recommendations, and action plan)
 Prepare interim reporting on the engagement
progress
 Formulate recommendations to enhance and
protect organizational value
 Describe the audit engagement communication and
reporting process, including holding the exit
conference, developing the audit report (draft,
review, approve, and distribute), and obtaining
management's response
 Describe the chief audit executive's responsibility
for assessing residual risk
 Describe the process for communicating risk
acceptance (when management has accepted a
level of risk that may be unacceptable to the
organization)
2. Monitoring Progress
 Assess engagement outcomes, including the
management action plan
 Manage monitoring and follow-up of the disposition
of audit engagement results communicated to
management and the board
Mid Test: Part 1 CIA and Part 2 CIA
9 Business Acumen (35%) 3/1 - Tutorial in Class
1. Organizational Objectives, Behavior, and - Review Questions
Performance - Online Multiple-
 Describe the strategic planning process and key choice Questions
activities (objective setting, globalization and - Class Discussion
competitive considerations, alignment to the - Cases
organization's mission and values, etc.)
 Examine common performance measures (financial,
operational, qualitative vs. quantitative,
productivity, quality, efficiency, effectiveness, etc.)
 Explain organizational behavior (individuals in
organizations, groups, and how organizations
 behave, etc.) and different performance
management techniques (traits, organizational
politics, motivation, job design, rewards, work
schedules, etc.)
 Describe management's effectiveness to lead,
mentor, guide people, build organizational
commitment, and demonstrate entrepreneurial
ability
10 Business Acumen (35%) 3/1 - Tutorial in Class
2. Organizational Structure and Business Processes - Review Questions
 Appraise the risk and control implications of - Online Multiple-
different organizational configuration structures choice Questions
(centralized vs. decentralized, flat structure vs. - Class Discussion
traditional, etc.) - Cases
 Examine the risk and control implications of
common business processes (human resources,
procurement, product development, sales,
marketing, logistics, management of outsourced
processes, etc.)
 Identify project management techniques (project
plan and scope, time/team/ resources/cost
management, change management, etc.)
 Recognize the various forms and elements of
contracts (formality, consideration, unilateral,
bilateral, etc.)
3. Data Analytics
 Describe data analytics, data types, data
governance, and the value of using data analytics in
internal auditing
 Explain the data analytics process (define questions,
obtain relevant data, clean/ normalize data, analyze
data, communicate results)
 Recognize the application of data analytics methods
in internal auditing (anomaly detection, diagnostic
analysis, predictive analysis, network analysis, text
analysis, etc.)
11 Information Security (25%) 3/2 - Tutorial in Class
1. Information Security - Review Questions
 Differentiate types of common physical security - Online Multiple-
controls (cards, keys, biometrics, etc.) choice Questions
 Differentiate the various forms of user - Class Discussion
authentication and authorization controls - Cases
(password, two-level authentication, biometrics,
digital signatures, etc.) and identify potential risks
 Explain the purpose and use of various information
security controls (encryption, firewalls, antivirus,
etc.)
  Recognize data privacy laws and their potential
impact on data security policies and practices
 Recognize emerging technology practices and their
impact on security (bring your own device [BYOD],
smart devices, intemet of things [loll, etc.)
 Recognize existing and emerging cybersecurity risks
(hacking, piracy, tampering, ransomware attacks,
phishing attacks, etc.)
 Describe cybersecurity and information security-
related policies
12 Information Technology (20%) 3/3 - Tutorial in Class
1. Application and System Software - Review Questions
 Recognize core activities in the systems - Online Multiple-
development lifecycle and delivery (requirements choice Questions
definition, design, developing, testing, debugging, - Class Discussion
deployment, maintenance, etc.) and the importance - Cases
of change controls throughout the process
 Explain basic database terms (data, database,
record, object, field, schema, etc.) and intemet
terms (HTML, HTTP, URL, domain name, browser,
click-through, electronic data interchange [EDI],
cookies, etc.)
 Identify key characteristics of software systems
(customer relationship management [CRM] systems;
enterprise resource planning [ERP] systems; and
governance, risk, and compliance [GRC] systems;
etc.)
13 Information Technology (20%) 3/3 - Tutorial in Class
2. IT Infrastructure and IT Control Frameworks - Review Questions
 Explain basic IT infrastructure and network concepts - Online Multiple-
(server, mainframe, client-server configuration, choice Questions
gateways, routers, LAN, WAN, VPN, etc.) and - Class Discussion
identify potential risks - Cases
 Define the operational roles of a network
administrator, database administrator, and help
desk
 Recognize the purpose and applications of IT control
frameworks (COBIT, ISO 27000, ITIL, etc.) and basic
IT controls
3. Disaster Recovery
 Explain disaster recovery planning site concepts
(hot, warm, cold, etc.)
 Explain the purpose of systems and data backup
 Explain the purpose of systems and data recovery
procedures
14 Financial Management (20%) 3/4 - Tutorial in Class
1. Financial Accounting and Finance - Review Questions
  Identify concepts and underlying principles of - Online Multiple-
financial accounting (types of financial statements choice Questions
and terminologies such as bonds, leases, pensions, - Class Discussion
intangible assets, research and development, etc.) - Cases
 Recognize advanced and emerging financial
accounting concepts (consolidation, investments,
fair value, partnerships, foreign currency
transactions, etc.)
 Interpret financial analysis (horizontal and vertical
analysis and ratios related to activity, profitability,
liquidity, leverage, etc.)
 Describe revenue cycle, current asset management
activities and accounting, and supply chain
management (including inventory valuation and
accounts payable)
 Describe capital budgeting, capital structure, basic
taxation, and transfer pricing
15 Financial Management (20%) 3/4 - Tutorial in Class
2. Managerial Accounting - Review Questions
 Explain general concepts of managerial accounting - Online Multiple-
(cost-volume-profit analysis, budgeting, expense choice Questions
allocation, cost-benefit analysis, etc.) - Class Discussion
 Differentiate costing systems (absorption, variable, - Cases
fixed, activity-based, standard, etc.)
 Distinguish various costs (relevant and irrelevant
costs, incremental costs, etc.) and their use in
decision making
16 Final Test: Part 3 CIA

A. International Professional Practices Framework (IPPF)

B. Internal Auditing: Assurance & Advisory Services, 4th Edition
C. COSO — Internal Control — Integrated Framework: 2013 (Framework)
D. Enterprise Risk Management — Integrating with Strategy and Performance
E. The Global Internal Audit Competency Framework
F. Position Paper: The Three Lines of Defense in Effective Risk Management and Control
G. Gleim CIA
 ONLINE METHOD (CLASS)
(15 meetings)

Course Name Certified Internal Auditor (CIA) Review

Prerequisites 1. Financial Auditing
2. Principles of Accounting
3. Intermediate Accounting
4. Advance Accounting
5. Cost Accounting
6. Accounting Information System
7. Computer Application
Textbook(s) Gleim CIA

Week Title Part/Units Activities

1 Foundations of Internal Auditing (15%) 1/1 - Self Study in Class
 Interpret The IIA's Mission of Internal Audit, - Review Questions
Definition of Internal Auditing, and Core Principles - Online Multiple-
for the Professional Practice of Internal Auditing, choice Questions
and the purpose, authority, and responsibility of the - Class Discussion
internal audit activity - Cases
 Explain the requirements of an internal audit
charter (required components, board approval,
communication of the charter, etc.)
 Interpret the difference between assurance and
consulting services provided by the internal audit
activity
 Demonstrate conformance with the IIA Code of
Ethics
Independence and Objectivity (15%) 1/2
 Interpret organizational independence of the
internal audit activity (importance of independence,
functional reporting, etc.)
 Independence, whether the internal audit activity
has any impairments to its Independence
 Assess and maintain an individual internal auditor's
objectivity, including determining whether an
individual internal auditor has any impairments to
his/her objectivity
Analyze policies that promote objectivity
2 Proficiency and Due Professional Care (18%) 1/3 - Self Study in Class
 Recognize the knowledge, skills, and competencies - Review Questions
required (whether developed or procured) to fulfill - Online Multiple-
the responsibilities of the internal audit activity choice Questions
  Demonstrate the knowledge and competencies that - Class Discussion
an internal auditor needs to possess to perform - Cases
his/her individual responsibilities, including
technical skills and soft skills (communication skills,
critical thinking, persuasion/negotiation and
collaboration skills, etc.)
 Demonstrate due professional care
 Demonstrate an individual internal auditor's
competency through continuing professional
development
3 Quality Assurance and Improvement Program (7%) 1/4 - Self Study in Class
 Describe the required elements of the quality - Review Questions
assurance and improvement program (internal - Online Multiple-
assessments, external assessments, etc.) choice Questions
 Describe the requirement of reporting the results of - Class Discussion
the quality assurance and improvement program to - Cases
the board or other governing body
 Identify appropriate disclosure of conformance vs.
nonconformance with The IIA's International
Standards for the Professional Practice of Internal
Auditing
4 Governance, Risk Management, and Control (35%) 1/5 - Self Study in Class
 Describe the concept of organizational governance - Review Questions
 Recognize the impact of organizational culture on - Online Multiple-
the overall control environment and individual choice Questions
engagement risks and controls - Class Discussion
 Recognize and interpret the organization's ethics - Cases
and compliance-related issues, alleged violations,
and dispositions
 Describe corporate social responsibility
 Interpret fundamental concepts of risk and the risk
management process
 Describe globally accepted risk management
frameworks appropriate to the organization (COSO
- ERM, ISO 31000, etc.)
 Examine the effectiveness of risk management
within processes and functions
 Recognize the appropriateness of the internal audit
activity's role in the organization's risk management
process
 Interpret internal control concepts and types of
controls
 Apply globally accepted internal control
frameworks appropriate to the organization (COSO,
etc.)
 Examine the effectiveness and efficiency of internal
controls
5 Fraud Risks (10%) 1/6 - Self Study in Class
 Interpret fraud risks and types of frauds and - Review Questions
determine whether fraud risks require special - Online Multiple-
consideration when conducting an engagement choice Questions
 Evaluate the potential for occurrence of fraud (red - Class Discussion
flags, etc.) and how the organization detects and - Cases
manages fraud risks
 Recommend controls to prevent and detect fraud
and education to improve the organization's fraud
awareness
 Recognize techniques and internal audit roles
related to forensic auditing (interview,
investigation, testing, etc.)
6 Managing the Internal Audit Activity (20%) 2/1 - Self Study in Class
1. Internal Audit Operations - Review Questions
 Describe policies and procedures for the planning, - Online Multiple-
organizing, directing, and monitoring of internal choice Questions
audit operations - Class Discussion
 Interpret administrative activities (budgeting, - Cases
resourcing, recruiting, staffing, etc.) of the internal
audit activity
2. Establishing a Risk-based Internal Audit Plan
 Identify sources of potential engagements (audit
universe, audit cycle requirements, management
requests, regulatory mandates, relevant market and
industry trends, emerging issues, etc.)
 Identify a risk management framework to assess
risks and prioritize audit engagements based on the
results of a risk assessment
 Interpret the types of assurance engagements (risk
and control assessments, audits of third parties and
contract compliance, security and privacy,
performance and quality audits, key performance
indicators, operational audits, financial and
regulatory compliance audits)
 Interpret the types of consulting engagements
(training, system design, system development, due
diligence, privacy, benchmarking, internal control
assessment, process mapping, etc.) designed to
provide advice and insight
 Describe coordination of internal audit efforts with
the external auditor, regulatory oversight bodies,
and other internal assurance functions, and
potential reliance on other assurance providers
3. Communicating and Reporting to Senior
Management and the Board
  Recognize that the chief audit executive
communicates the annual audit plan to senior
management and the board and seeks the board's
approval
 Identify significant risk exposures and control and
governance issues for the chief audit executive to
report to the board
 Recognize that the chief audit executive reports on
the overall effectiveness of the organization's
internal control and risk management processes to
senior management and the board
 Recognize internal audit key performance indicators
that the chief audit executive communicates to
senior management and the board periodically
7 Performing the Engagement (40%) 2/2 - Self Study in Class
1. Information Gathering - Review Questions
 Gather and examine relevant information (review - Online Multiple-
previous audit reports and data, conduct walk- choice Questions
throughs and interviews, perform observations, - Class Discussion
etc.) as part of a preliminary survey of the - Cases
engagement area
 Develop checklists and risk-and-control
questionnaires as part of a prelim nary survey of the
engagement area
 Apply appropriate sampling (nonstatistical,
judgmental, discovery, etc.) and statistical analysis
techniques
2. Analysis and Evaluation
 Use computerized audit tools and techniques (data
mining and extraction, continuous monitoring,
automated workpapers, embedded audit modules,
etc.)
 Evaluate the relevance, sufficiency, and reliability of
potential sources of evidence
 Apply appropriate analytical approaches and
process mapping techniques (process identification,
workflow analysis, process map generation and
analysis, spaghetti maps, RACI diagrams, etc.)
 Determine and apply analytical review techniques
(ratio estimation, variance analysis, budget vs.
actual, trend analysis, other reasonableness tests,
benchmarking, etc.)
 Prepare workpapers and documentation of relevant
information to support conclusions and
engagement results
 Summarize and develop engagement conclusions,
including assessment of risks and controls
 3. Engagement Supervision
 Identify key activities in supervising engagements
(coordinate work assignments, review workpapers,
evaluate auditors' performance, etc.)
8 Communicating Engagement Results and Monitoring 2/3 - Self Study in Class
Progress (20%) - Review Questions
1. Communicating Engagement Results and the - Online Multiple-
Acceptance of Risk choice Questions
 Arrange preliminary communication with - Class Discussion
engagement clients - Cases
 Demonstrate communication quality (accurate,
objective, clear, concise, constructive, complete,
and timely) and elements (objectives, scope,
conclusions, recommendations, and action plan)
 Prepare interim reporting on the engagement
progress
 Formulate recommendations to enhance and
protect organizational value
 Describe the audit engagement communication and
reporting process, including holding the exit
conference, developing the audit report (draft,
review, approve, and distribute), and obtaining
management's response
 Describe the chief audit executive's responsibility
for assessing residual risk
 Describe the process for communicating risk
acceptance (when management has accepted a
level of risk that may be unacceptable to the
organization)
2. Monitoring Progress
 Assess engagement outcomes, including the
management action plan
 Manage monitoring and follow-up of the disposition
of audit engagement results communicated to
management and the board
Mid Test: Part 1 CIA and Part 2 CIA
9 Business Acumen (35%) 3/1 - Self Study in Class
1. Organizational Objectives, Behavior, and - Review Questions
Performance - Online Multiple-
 Describe the strategic planning process and key choice Questions
activities (objective setting, globalization and - Class Discussion
competitive considerations, alignment to the - Cases
organization's mission and values, etc.)
 Examine common performance measures (financial,
operational, qualitative vs. quantitative,
productivity, quality, efficiency, effectiveness, etc.)
  Explain organizational behavior (individuals in
organizations, groups, and how organizations
behave, etc.) and different performance
management techniques (traits, organizational
politics, motivation, job design, rewards, work
schedules, etc.)
 Describe management's effectiveness to lead,
mentor, guide people, build organizational
commitment, and demonstrate entrepreneurial
ability
10 Business Acumen (35%) 3/1 - Self Study in Class
2. Organizational Structure and Business Processes - Review Questions
 Appraise the risk and control implications of - Online Multiple-
different organizational configuration structures choice Questions
(centralized vs. decentralized, flat structure vs. - Class Discussion
traditional, etc.) - Cases
 Examine the risk and control implications of
common business processes (human resources,
procurement, product development, sales,
marketing, logistics, management of outsourced
processes, etc.)
 Identify project management techniques (project
plan and scope, time/team/ resources/cost
management, change management, etc.)
 Recognize the various forms and elements of
contracts (formality, consideration, unilateral,
bilateral, etc.)
3. Data Analytics
 Describe data analytics, data types, data
governance, and the value of using data analytics in
internal auditing
 Explain the data analytics process (define questions,
obtain relevant data, clean/ normalize data, analyze
data, communicate results)
 Recognize the application of data analytics methods
in internal auditing (anomaly detection, diagnostic
analysis, predictive analysis, network analysis, text
analysis, etc.)
11 Information Security (25%) 3/2 - Self Study in Class
1. Information Security - Review Questions
 Differentiate types of common physical security - Online Multiple-
controls (cards, keys, biometrics, etc.) choice Questions
 Differentiate the various forms of user - Class Discussion
authentication and authorization controls - Cases
(password, two-level authentication, biometrics,
digital signatures, etc.) and identify potential risks
  Explain the purpose and use of various information
security controls (encryption, firewalls, antivirus,
etc.)
 Recognize data privacy laws and their potential
impact on data security policies and practices
 Recognize emerging technology practices and their
impact on security (bring your own device [BYOD],
smart devices, intemet of things [loll, etc.)
 Recognize existing and emerging cybersecurity risks
(hacking, piracy, tampering, ransomware attacks,
phishing attacks, etc.)
 Describe cybersecurity and information security-
related policies
12 Information Technology (20%) 3/3 - Self Study in Class
1. Application and System Software - Review Questions
 Recognize core activities in the systems - Online Multiple-
development lifecycle and delivery (requirements choice Questions
definition, design, developing, testing, debugging, - Class Discussion
deployment, maintenance, etc.) and the importance - Cases
of change controls throughout the process
 Explain basic database terms (data, database,
record, object, field, schema, etc.) and intemet
terms (HTML, HTTP, URL, domain name, browser,
click-through, electronic data interchange [EDI],
cookies, etc.)
 Identify key characteristics of software systems
(customer relationship management [CRM] systems;
enterprise resource planning [ERP] systems; and
governance, risk, and compliance [GRC] systems;
etc.)
13 Information Technology (20%) 3/3 - Self Study in Class
2. IT Infrastructure and IT Control Frameworks - Review Questions
 Explain basic IT infrastructure and network concepts - Online Multiple-
(server, mainframe, client-server configuration, choice Questions
gateways, routers, LAN, WAN, VPN, etc.) and - Class Discussion
identify potential risks - Cases
 Define the operational roles of a network
administrator, database administrator, and help
desk
 Recognize the purpose and applications of IT control
frameworks (COBIT, ISO 27000, ITIL, etc.) and basic
IT controls
3. Disaster Recovery
 Explain disaster recovery planning site concepts
(hot, warm, cold, etc.)
 Explain the purpose of systems and data backup
  Explain the purpose of systems and data recovery
procedures
14 Financial Management (20%) 3/4 - Self Study in Class
1. Financial Accounting and Finance - Review Questions
 Identify concepts and underlying principles of - Online Multiple-
financial accounting (types of financial statements choice Questions
and terminologies such as bonds, leases, pensions, - Class Discussion
intangible assets, research and development, etc.) - Cases
 Recognize advanced and emerging financial
accounting concepts (consolidation, investments,
fair value, partnerships, foreign currency
transactions, etc.)
 Interpret financial analysis (horizontal and vertical
analysis and ratios related to activity, profitability,
liquidity, leverage, etc.)
 Describe revenue cycle, current asset management
activities and accounting, and supply chain
management (including inventory valuation and
accounts payable)
 Describe capital budgeting, capital structure, basic
taxation, and transfer pricing
15 Financial Management (20%) 3/4 - Self Study in Class
2. Managerial Accounting - Review Questions
 Explain general concepts of managerial accounting - Online Multiple-
(cost-volume-profit analysis, budgeting, expense choice Questions
allocation, cost-benefit analysis, etc.) - Class Discussion
 Differentiate costing systems (absorption, variable, - Cases
fixed, activity-based, standard, etc.)
 Distinguish various costs (relevant and irrelevant
costs, incremental costs, etc.) and their use in
decision making
16 Final Test: Part 3 CIA

A. International Professional Practices Framework (IPPF)

B. Internal Auditing: Assurance & Advisory Services, 4th Edition
C. COSO — Internal Control — Integrated Framework: 2013 (Framework)
D. Enterprise Risk Management — Integrating with Strategy and Performance
E. The Global Internal Audit Competency Framework
F. Position Paper: The Three Lines of Defense in Effective Risk Management and Control
G. Gleim CIA