USULAN PENAMBAHAN FORMASI EXPERT PADA UNIT DIREKTORAT KEUANGAN (DIT-KEU)

NAMA CFU/ KODE KODE KODE

No. UNIT BP PSA JFAM JFUNC JOB ROLE COMPETENCY
FORMASI FU JFAM JFUNC JR
1 I 4 4.3 AUDIT STRATEGIC 4.3.1 SP/IA 01. Industry and Maket Analysis;

FIN
SR PRINCIPAL EXPERT RISK AND PROCESS MANAGEMENT

JKT0

RISK & COMPLIANCE

ENGINE TEAM GROUP - KEU

INTERNAL AUDIT
PLANNING SP/DPS/IA 03. Internal Capabilities Analysis;
SP/IA 04. Regulatory Assessment;
SP/IA/PRO 07. Strategy Development;
FIN/IA 04. Budgeting (RKAP);
IA 01. Risk Based Audit Planning.

AUDIT DEVELOPMENT 4.3.2 IT/IA 38. Application Management ;

IA 02. IA System & Methodology
DIGITAL & ICT DELIVERY 4.3.3 IA 03. Digital & ICT Audit;
AUDIT IA 04. Infrastructure Audit
COMMERCE & 4.3.4 IA 05. Product & Service Audit;
RELATIONS DELIVERY IA 06. Marketing & Sales Audit
AUDIT

ENTERPRISE 4.3.5
MANAGEMENT
DELIVERY AUDIT RM/IA 10. SOX Risk Management;
LC/IA/RMG 06. Compliance Management;
IA 07. Financial Audit;
IA 08. Enterprise Management Audit;
IA/LC 09. Fraud & Investigation Audit.
BUSINESS PROCESS MGT 4.3.6
BE/IA 08. Quality Management Assessment;
IA 09. Internal Audit Quality Assurance
Certified Government Auditing Professional
Domain I: Standards, Governance, and Risk/Control Frameworks
A. Standards

Role of a comprehensive set of auditing/evaluation standards (A)

Application of appropriate standards in all assignments (P)
Role and impact of other auditing standards (standards of public accounting bodies, quality
assurance bodies, etc.) and their relationship with the above standards (A)
B. Governance

Governance in the public sector (e.g., audit committee, code of conduct, open government, public
scrutiny, equity, accountability) (P)
Role of audit within the governance structure (P)
C. Risk/Control Frameworks (e.g., COSO, CoCo)
Role of frameworks (A)
Elements of a risk/control framework (P)
Application of frameworks (P)

D. IIA Code of Ethics (P)

Domain II: Government Auditing Practice

A. Management of the Audit Function

Need for a formal document of purpose, authority, and responsibility (P)

Policies and procedures (A)

Quality assurance (A)

Planning (A)
Staffing (A)

Marketing the audit function (A)

Mission/role/outcome of audit function within government (A)
B. Types of Audit Services
Audits of compliance (P)

Audits of performance/value-for-money/operations (e.g., economy, efficiency, effectiveness) (P)

Audits of financial statements (A)

Audits of financial systems (P)
Audits of information and related technology (P)

Consulting/assistance services (e.g., non-audit advisory services) (A)

Integrity services (e.g., Fraud, Waste, and Abuse) (P)

C. Processes for Delivery of Audit Services
 Management of individual projects (P)

Planning (The role of laws, regulations, rules, and ordinances in your planning process should be
considered in the planning process) (P)
Risk and control assessment practices (P)
Performing the engagement (P)
Communicating results (P)
Monitoring results (follow-up) (P)

Domain III: Government Auditing Skills and Techniques

A. Management Concepts and Techniques (A)
B. Performance Measurement (P)
C. Program Evaluation (A)
D. Quantitative Methods (e.g., statistical methods and analytical review) (P)
E. Qualitative Methods (e.g., questionnaires, interviews, and flow charts) (P)
F. Methods for the Identification and Investigation of Integrity Violations (P)
G. Research/Data Collection Techniques (P)
H. Analytical Skills (e.g., distinguish between significant and insignificant information) (P)

Domain IV: Government Auditing Environment

A. Performance Management (P)

B. Financial Management

Unique requirements in accounting for and reporting on government financial operations (P)
Principles of taxation and revenue generation (P)

Unique aspects of governmental budgeting (e.g., encumbrances, earmarking) (P)

Government accounting (e.g., fund accounting, resource accounting) (P)

Legal restrictions on sources and uses of funds (e.g., voted funds, conditional grants, revenues) (A)

Investment restrictions for public funds (A)

Activity-based costing/cost-allocation (A)
C. Implications of Various Service Delivery Methods
Direct delivery by government employees (P)

Grants (P)

Contracts (P)
Joint Ventures/Partnerships/Authorities/Special Operating Agencies/Quasi-governmental (A)
Privatization (A)
D. Implications of Delivering Services to Citizens
Due process rights of clients/citizens (P)

Confidentiality/privacy/rights of clients/citizens (P)

 Issues arising from the methods of funding/delivering services (condition that client receiving service
may not be party paying for the services; ability-to-pay principle; user pay; eligibility requirements;
limitations on services available; entitlements; etc.) (A)
Reality of conflicting missions (e.g., satisfy both developers and environmentalists, keep families
together and kids safe) (A)
Issues associated with at-risk populations (e.g., multiple, interacting causes and conditions; difficulty
of measuring prevention) (A)
E. Unique Characteristics of Human Resources Management (A)
F. Unique Purchasing and Procurement Requirements (P)
Certified Financial Services Auditor
Domain I: Financial Services Auditing
A. IIA International Professional Practices Framework (P)

B. Internal Control/Risk Management/Governance (P)

Internal Control Frameworks
Risk Management Frameworks

Governance Models

C. Audit Process (P)

Audit Planning
Audit Fieldwork
Risk Assessment
Analytical Review
Data Gathering and Evaluation

Testing
Tools and Techniques (e.g., CAAT)
Audit Communications
Monitoring Outcomes

D. Implications of Information Technology (P)

E. Auditing Financial Statement Elements (P)

Balance Sheet
Statement of Cash Flows
Income/Expense Statement

Off Balance-sheet Items

Domain II: Auditing Financial Services Products

A. Lending/Loans (A)

B. Deposits (A)

C. Trusts (A)
D. Annuities (A)
E. Derivatives (A)

F. Electronic Services (A)

G. Cash Management Services (A)

H. Stocks (A)
I. Bonds (A)

J. Commodities (A)

K. Mutual Funds (A)

L. Employee Benefits (A)
M. Capital Market Products (A)
N. Securities Lending (A)

O. Insurance Policies (A)

P. Insurance Products (A)
Q. Foreign Exchange (A)
R. Asset Management (A)
S. Money Market Products (A)

Domain III: Auditing Financial Service Processes

A. Risk Management (A)
Asset/Liability Management
Trading Market Risk
Credit, Liquidity, Operational Risk
Allowance for Loan and Lease Losses
Reserves

B. Underwriting (A)

Loans
Securities

Insurance

Private Placement
Initial Public Offerings

C. Securitizations (A)
D. Treasury Operations (e.g., Cash Management) (A)
E. Back-office Operations (A)
F. Marketing Sales and Distribution (e.g., Insurance
Agencies, Bank Branches, Brokers) (A)
G. Claims (A)

H. Investments (A)
I. Broker/Dealer Activities (A)
J. Rating Advisory Service (A)
K. Mergers and Acquisitions (A)
L. Loan Operations (e.g., Collateral Issues, Perfecting Liens)
(A)
Domain IV: The Regulatory Environment

A. Overview of the Regulatory Environment (A)

Function of Central Bank

Function of Insurance Regulators

Function of Securities Regulators
B. Laws and Regulations (A)
Equal Credit Opportunity/Antidiscrimination
Home Mortgage Disclosure
Reserve Requirements
Insider Transactions

Lending Disclosure

Deposits Disclosure
Real Estate Sales Disclosure
Self-assessment of Internal Controls/Risk Management
Investor/Depositor Protection
Financial and Personal Information Privacy
Anti-Money Laundering
C. Stock Exchanges and Other Markets (A)
D. Money and Banking (A)
Role of Money and Banking
Bond and Stock Markets
Effect of Interest Rate Movements
Monetary Management Theories
Certification in Control Self-Assessment
Domain I: CSA Fundamentals
A. Code of Ethics (P)

B. Ownership and accountability for control (P)

C. Reliance on operational expertise (P)
D. Comparison to traditional techniques of risk and control evaluation (P)

E. Control awareness and education (P)

F. Cooperation, participation, and partnership (P)

Domain II: CSA Program Integration

A. Alternative approaches to CSA (A)
B. Supporting technology alternatives (A)
Database

Electronic voting
Presentation software and hardware
Project management software
C. Cost/benefit analysis for implementation of the CSA process (A)

D. Organizational theory and behavior (A)

Structure

Philosophy
Culture
Management style

Governance
E. Strategic and operational planning processes (A)
F. Change management and business process reengineering (A)
G. Presentation techniques for successful integration (A)

H. Organizational risk and control processes (A)

Quality management
Risk management
Safety audits

Environmental audits

Internal and external audit

I. Client feedback mechanisms (e.g., interviews, surveys) (A)
J. Strategic CSA program planning methodologies or techniques,
including resource allocation (A)

Domain III: Elements of the CSA Process

A. Management's priorities and concerns (P)
B. Project and logistics management (P)
C. Business objectives, processes, challenges, and threats for the area
under review (P)
D. Resource identification and allocation (A)
Participants
CSA team
E. Culture of area under review (P)
F. Question development techniques (P)
G. Technology supporting the CSA process (P)
H. Facilitation techniques and tools (P)
I. Group dynamics (P)
J. Fraud awareness (A)
Red flags/symptoms of fraud
Communication and investigation channels
Responding to evidence
K. Evaluation/analytical tools and techniques (trend analysis, data
synthesis, scenarios) (A)
L. Formulating recommendations or action plans (practical, feasible,
cost-effective) (P)
M. Nature of evidence (sufficiency, relevance, adequacy) (A)
N. Reporting techniques and considerations (types, audience, sensitive
issues, access to information) (P)
O. Motivational techniques (creating support and commitment for
recommendations) (A)
P. Monitoring, tracking, and follow-up techniques (A)
Q. Awareness of legal, regulatory, and ethical considerations (A)

R. Measuring CSA program effectiveness (A)

Domain IV: Business Objectives/Organizational Performance (10-15 percent)

A. Strategic and operational planning processes (A)

B. Objective setting, including alignment to the organization's mission

and values (P)
C. Performance measures (P)
Financial
Operational
Qualitative
D. Performance management (P)

Aligning individual, group, and organizational objectives/goals

Designing congruent incentives

E. Data collection and validation techniques (e.g., benchmarking,

auditing, consensus testing, etc.) (A)

Domain VI: Control Theory and Application (20-25 percent)

A. Risk Theory (P)
Defining risk
Relationship of risk to strategic, operational, or process objectives
Risk tolerance, residual risk, and exposure
Impact assessment
B. Risk models/frameworks (including COSO's Enterprise Risk
Management/Integrated Framework) (P)
C. Understanding the risks inherent in common business processes (P)

D. Application of risk identification and assessment techniques (P)

E. Risk management techniques/cost-benefit analysis (P)
Transfer, manage, or accept
Impact/cost-benefit analysis
F. Using CSA in enterprise risk management (P)

Domain V: Risk Identification and Assessment (15-20 percent)

A. Corporate governance, control theory, and models (P)
Accountability and responsibility for control
Defining control
Relationship between risk, control, and objectives
B. Methods for judging and communicating the overall effectiveness of
the system of internal control (P)
Using CSA to support management's assertion on controls
C. Relationship between informal and formal controls (P)
D. Techniques for evaluating formal controls (manual or automated) (P)

E. Techniques for evaluating informal controls/control environment (P)

F. Control documentation techniques (P)
Flowcharting
Business process mapping
Control charts
Control questionnaires
Internal Control over financial reporting
G. Control design and application (P)
Defining control objectives
Control design (e.g., preventive, detective, corrective; informal, formal)
Cost/benefits
H. Techniques for determining control track record for the organization
(e.g., reviews, audits, other assessments) (A)
Certification in Risk Management Assurance
Domain I: Organizational governance related to risk management
A. Assess risk management processes in the context of alignment with
strategic imperatives
Objectives of risk management processes
Organization's risk culture
Risk capacity, appetite, and tolerance of organization

B. Assess the processes related to the elements of the internal

environment in which organizations seek to manage risks and achieve
objectives
Integrity, ethical values, and other soft controls

Role, authority, responsibility, etc., for risk management

Management's philosophy and operating style
Legal/Organizational structure
Documentation of governance-related decision-making
Capabilities, in terms of people and other resources (e.g., capital, time,
processes, systems, and technologies)
Management of third party business relationships
Needs and expectations of key internal stakeholders
Internal policies
C. Assess the processes related to the elements of the external
environment in which organizations seek to manage risks and achieve
objectives
Key external factors (drivers and trends) that may impact the objectives of
the organization
Needs and expectations of key external stakeholders (e.g., involved,
interested, influenced)

Domain II: Principles of risk management processes (25-30%)

A. Benchmark risk management processes using authoritative guidance

B. Evaluate risk management processes related to:

Setting objectives at all levels to achieve strategic initiatives
Identifying risks
Risk analysis and evaluation including correlation, interdependencies, and
prioritization
Risk response (e.g., avoid, transfer, mitigate, accept), including cost/benefit
analysis
Developing and implementing risk mitigation plans
Monitoring risk mitigation plans and emerging risks
Reporting risk management processes and risks, including risk mitigation
plans and emerging risks
Periodic review of risk management processes to aid in continuous
improvement

Domain III: Assurance role of the Internal Auditor (20-25%)

 A. Review the management of key risks

B. Evaluate the reporting of key risks

C. Provide assurance that risks are adequately evaluated

D. Provide assurance on risk management processes

Domain IV: Consulting role of the Internal Auditor (20-25%)

A. Facilitate identification and evaluation of risks

B. Coach management in responding to risks
C. Coordinate risk management activities
D. Consolidate reporting on risks
E. Maintain and develop the risk management framework
F. Advocate for the establishment of risk management
G. Develop risk management strategy for board approval

nce (10-15 percent)

BUSINESS PROCESS MGT BE/IA 08. Quality Management Assessment;
Domain 1: Fundamental principles and concepts in Quality Management
Domain 2: Quality Management System (QMS)
Domain 3: Fundamental audit concepts and priciples
Domain 4: Preparation of an ISO 9001 audit
Domain 5: Conducting an ISO 9001 audit
Domain 6: Conclusion and follow-up of an ISO 9001 audit
Domain 7: Managing an ISO 9001 audit programme
AUDIT STRATEGIC PLANNING SP/IA/PRO 07. Strategy Development

AUDIT DEVELOPMENT IT/IA 38. Application Management

COMMERCE & RELATIONS DELIVERY AUDIT IA 05. Product & Service Audit

IA 06. Marketing & Sales Audit

https://books.google.co.id/books?id=7CQaDAAAQBAJ&pg=PA345&lpg=PA345&dq=multiple+choice+questions+and+answers+

Course introduction
Introduction to MobileFirst Platform Foundation
Installing and configuring the MobileFirst Server
Using MobileFirst administration tools
Deploying mobile applications to a production environment
MobileFirst security for system administrators
Monitoring and sending push notifications
Distributing mobile applications through Application Center
Deploying mobile applications to the cloud

The context of Application Management

The position of Application Management
The process-based approach to the business organization

The relationship between Application Management and standards,

frameworks and methodologies relating to the field
The Application Management processes
Content of the Application Management processes
Objective and results
Activities
The structure and context of the Application
Management processes
The use of Application Management
Application Management messages
Implementing Application Management

Marketing concepts
Marketing management defined
Evolution of the marketing concept
Differences between marketing and selling
Scope of marketing management
Setting the scene: the marketing mix
Using the 4Ps marketing mix model
Marketing audit and planning
Understanding the marketing environment
Various marketing analysis techniques
'PEDSTLE' analysis
'SWOT' analysis
The five forces model (M. Porter)
Customer analysis
Competitive analysis
The marketing audit
Marketing planning
Market segmentation, targeting and positioning
Market segmentation defined
Basis of market segmentation (B2C)
Basis of market segmentation (B2B)
Criteria for successful segmentation
Market targeting
Market positioning
 Steps in market segmentation, targeting and positioning
Marketing communication and campaigns
Elements of the communication process
Steps in creating a promotional campaign
The goals and tasks of promotion
The 'AIDA' concept
Setting the advertising budget
The various media types
Media scheduling
Evaluating promotional campaigns
The Product Life Cycle (PLC): a strategic approach
The PLC concept
Marketing strategies for PLC
The promotion mix and marketing objectives
Characteristics promotion mix elements
Promotion mix strategies across the PLC
Push and pull strategies
Marketing research
Marketing research defined
The marketing research process
Secondary and primary data
Questionnaire design
Forms of survey research
PA345&lpg=PA345&dq=multiple+choice+questions+and+answers+%22Strategy+Development%22&source=bl&ots=78AzL7NUbH&sig=iuNs

https://www-03.ibm.com/services/learning/ites.wss/zz-en?pageType=course_description&cc=&courseCode=CK503G&gtpcc=

https://www.exin.com/assets/exin/exams/2020/requirements/preparation_guide_amf_english_201607.pdf
https://www.meirc.com/training-courses/marketing-sales/certified-marketing-professional#
78AzL7NUbH&sig=iuNsVxQ66NP4_59qWePolUuYvww&hl=en&sa=X&ved=0ahUKEwiT8vyT77rUAhVBO48KHQIuDDE4ChDoAQgkMAE#v=on

eCode=CK503G&gtpcc=cn
DE4ChDoAQgkMAE#v=onepage&q=multiple%20choice%20questions%20and%20answers%20%22Strategy%20Development%22&f=false
evelopment%22&f=false
AUDIT STRATEGIC PLANNING SP/IA 01. Industry and Maket Analysis
SP/DPS/IA 03. Internal Capabilities Analysis
SP/IA 04. Regulatory Assessment
SP/IA/PRO 07. Strategy Development
FIN/IA 04. Budgeting (RKAP)
IA 01. Risk Based Audit Planning

AUDIT DEVELOPMENT IT/IA 38. Application Management

IA 02. IA System & Methodology

DIGITAL & ICT DELIVERY AUDIT IA 03. Digital & ICT Audit
IA 04. Infrastructure Audit

COMMERCE & RELATIONS DELIVERY AUDIT IA 05. Product & Service Audit
IA 06. Marketing & Sales Audit

ENTERPRISE MANAGEMENT DELIVERY AUDIT RM/IA 10. SOX Risk Management

LC/IA/RMG 06. Compliance Management
IA 07. Financial Audit
IA 08. Enterprise Management Audit
IA/LC 09. Fraud & Investigation Audit

BUSINESS PROCESS MGT BE/IA 08. Quality Management Assessment

IA 09. Internal Audit Quality Assurance
https://global.theiia.org/certification/CIA-Certification/Pages/CIA-2013-Exam-Syllabus-Part-1.aspx
I. Mandatory Guidance (35-45%)

A. Definition of Internal Auditing

Define purpose, authority, and responsibility of the internal audit activity

B. Code of Ethics

Abide by and promote compliance with The IIA Code of Ethics

C. International Standards

Comply with The IIA's Attribute Standards

Determine if the purpose, authority, and responsibility of the internal audit activity are documented in audit charter, approved by the
Board and communicated to the engagement clients
Demonstrate an understanding of the purpose, authority, and responsibility of the internal audit activity

Maintain independence and objectivity

 Foster independence

Understand organizational independence

Recognize the importance of organizational independence
Determine if the internal audit activity is properly aligned to achieve organizational independence

Foster objectivity

Establish policies to promote objectivity

Assess individual objectivity
Maintain individual objectivity
Recognize and mitigate impairments to independence and objectivity

Determine if the required knowledge, skills, and competencies are available

Understand the knowledge, skills, and competencies that an internal auditor needs to possess
Identify the knowledge, skills, and competencies required to fulfill the responsibilities of the internal audit activity

Develop and/or procure necessary knowledge, skills and competencies collectively required by the internal audit activity
Exercise due professional care
Promote continuing professional development

Develop and implement a plan for continuing professional development for internal audit staff
Enhance individual competency through continuing professional development

Promote quality assurance and improvement of the internal audit activity

Monitor the effectiveness of the quality assurance and improvement program

Report the results of the quality assurance and improvement program to the board or other governing body
Conduct quality assurance procedures and recommend improvements to the performance of the internal audit activity

II. Internal Control / Risk (25-35%) Awareness Level (A)

A. Types of Controls (e.g., preventive, detective, input, output, etc.)

B. Management Control Techniques

C. Internal Control Framework Characteristics and Use (e.g., COSO, Cadbury)

Develop and implement an organization-wide risk and control framework

D. Alternative Control Frameworks

E. Risk Vocabulary and Concepts

F. Fraud Risk Awareness

Types of fraud
Fraud red flags

III. Conducting Internal Audit Engagements Audit Tools and Techniques (25-35%)

A. Data Gathering (Collect and analyze data on proposed engagements):

Review previous audit reports and other relevant documentation as part of a preliminary survey of the engagement area
Develop checklists/internal control questionnaires as part of a preliminary survey of the engagement area
Conduct interviews as part of a preliminary survey of the engagement area
Use observation to gather data
Conduct engagement to assure identification of key risks and controls
Sampling (non-statistical [judgmental] sampling method, statistical sampling, discovery sampling, and statistical analyses techniques)

B. Data Analysis and Interpretation:

Use computerized audit tools and techniques (e.g., data mining and extraction, continuous monitoring, automated work papers,
embedded audit modules)
Conduct spreadsheet analysis
Use analytical review techniques (e.g., ratio estimation, variance analysis, budget vs. actual, trend analysis, other reasonableness
tests)
Conduct benchmarking
Draw conclusions

C. Data Reporting

Report test results to auditor in charge

Develop preliminary conclusions regarding controls

D. Documentation / Work Papers

Develop work papers

E. Process Mapping, Including Flowcharting

F. Evaluate Relevance, Sufficiency, and Competence of Evidence

Identify potential sources of evidence

https://global.theiia.org/certification/CIA-Certification/Pages/CIA-2013-Exam-Syllabus-Part-2.aspx
I. Managing the Internal Audit Function (40-50%)

A. Strategic Role of Internal Audit

Initiate, manage, be a change catalyst, and cope with change

Build and maintain networking with other organization executives and the audit committee
Organize and lead a team in mapping, analysis, and business process improvement
Assess and foster the ethical climate of the board and management

Investigate and recommend resolution for ethics/compliance complaints, and determine disposition of ethics violations
Maintain and administer business conduct policy (e.g., conflict of interest), and report on compliance

Educate senior management and the board on best practices in governance, risk management, control, and compliance
Communicate internal audit key performance indicators to senior management and the board on a regular basis
Coordinate IA efforts with external auditor, regulatory oversight bodies and other internal assurance functions
Assess the adequacy of the performance measurement system, achievement of corporate objective Awareness Level (A)

B. Operational Role of IA

Formulate policies and procedures for the planning, organizing, directing, and monitoring of internal audit operations
Review the role of the internal audit function within the risk management framework
Direct administrative activities (e.g., budgeting, human resources) of the internal audit department
Interview candidates for internal audit positions
Report on the effectiveness of corporate risk management processes to senior management and the board
Report on the effectiveness of the internal control and risk management frameworks
Maintain effective Quality Assurance Improvement Program

C. Establish Risk-Based IA Plan

Use market, product, and industry knowledge to identify new internal audit engagement opportunities
Use a risk framework to identify sources of potential engagements (e.g., audit universe, audit cycle requirements, management
requests, regulatory mandates)
Establish a framework for assessing risk
Rank and validate risk priorities to prioritize engagements in the audit plan
Identify internal audit resource requirements for annual IA plan
Communicate areas of significant risk and obtain approval from the board for the annual engagement plan
Types of engagements

Conduct assurance engagements

 a.1 Risk and control self-assessments
a) Facilitated approach
(1) Client-facilitated
(2) Audit-facilitated
b) Questionnaire approach
c) Self-certification approach
a.2 Audits of third parties and contract auditing
a.3 Quality audit engagements
a.4 Due diligence audit engagements
a.5 Security audit engagements
a.6 Privacy audit engagements
a.7 Performance audit engagements (key performance indicators)
a.8 Operational audit engagements (efficiency and effectiveness)
a.9 Financial audit engagements

Compliance audit engagements

Consulting engagements
c.1 Internal control training
c.2 Business process mapping
c.3 Benchmarking
c.4 System development reviews
c.5 Design of performance measurement systems

II. Managing Individual Engagements (40-50%)

A. Plan Engagements

Establish engagement objectives/criteria and finalize the scope of the engagement

Plan engagement to assure identification of key risks and controls
Complete a detailed risk assessment of each audit area (prioritize or evaluate risk/control factors)
Determine engagement procedures and prepare engagement work program
Determine the level of staff and resources needed for the engagement
Construct audit staff schedule for effective use of time

B. Supervise Engagement

Direct / supervise individual engagements

Nurture instrumental relations, build bonds, and work with others toward shared goals
Coordinate work assignments among audit team members when serving as the auditor-in-charge of a project
Review work papers
Conduct exit conference
Complete performance appraisals of engagement staff
C. Communicate Engagement Results

Initiate preliminary communication with engagement clients

Communicate interim progress
Develop recommendations when appropriate
Prepare report or other communication
Approve engagement report
Determine distribution of the report
Obtain management response to the report
Report outcomes to appropriate parties

D. Monitor Engagement Outcomes

Identify appropriate method to monitor engagement outcomes

Monitor engagement outcomes and conduct appropriate follow-up by the internal audit activity
Conduct follow-up and report on management's response to internal audit recommendations
Report significant audit issues to senior management and the board periodically

III. Fraud Risks and Controls (5-15%)

A. Consider the potential for fraud risks and identify common types of fraud associated with the engagement area during the
engagement planning process

B. Determine if fraud risks require special consideration when conducting an engagement

C. Determine if any suspected fraud merits investigation

D. Complete a process review to improve controls to prevent fraud and recommend changes

E. Employ audit tests to detect fraud

F. Support a culture of fraud awareness, and encourage the reporting of improprieties

G. Interrogation/investigative techniques Awareness Level (A)

H. Forensic auditing Awareness Level (A)

https://global.theiia.org/certification/CIA-Certification/Pages/CIA-2013-Exam-Syllabus-Part-3.aspx
I. Governance / Business Ethics (5-15%)

A. Corporate/Organizational Governance Principles Proficiency Level (P)

B. Environmental and Social Safeguards

C. Corporate Social Responsibility
II. Risk Management (10-20%)- Proficiency Level (P)

A. Risk Management Techniques

B. Organizational Use of Risk Frameworks (e.g. COSO and ISO 31000 Risk Management)
III. Organizational Structure/Business Processes and Risks (15-25%)

A. Risk/Control Implications of Different Organizational Structures

B. Structure (e.g., centralized/decentralized)

C. Typical Schemes in Various Business Cycles (e.g., procurement, sales, knowledge, supply-chain management)

D. Business Process Analysis (e.g., workflow analysis and bottleneck management, theory of constraints)

E. Inventory Management Techniques and Concepts

F. Electronic Funds Transfer (EFT)/Electronic Data Interchange (EDI)/E-commerce

G. Business Development Life Cycles

H. The International Organization for Standardization (ISO) Framework

I. Outsourcing Business Processes

IV. Communication (5-10%)

A. Communication (e.g., the process, organizational dynamics, impact of computerization)

B. Stakeholder Relationships
V. Management / Leadership Principles (10-20%)

A. Strategic Management

Global analytical techniques

Structural analysis of industries

Competitive strategies (e.g., Porter's model)
Competitive analysis
Market signals
Industry evolution
Industry environments

Competitive strategies related to:

Fragmented industries
Emerging industries
Declining industries

Competition in global industries

Sources/impediments
Evolution of global markets
Strategic alternatives
Trends affecting competition

Strategic decisions

Analysis of integration strategies

Capacity expansion
Entry into new businesses

Forecasting
Quality management (e.g., TQM, Six Sigma)
Decision analysis

B. Organizational Behavior

Organizational theory (structures and configurations)

Organizational behavior (e.g., motivation, impact of job design, rewards, schedules)
Group dynamics (e.g., traits, development stages, organizational politics, effectiveness)
Knowledge of human resource processes (e.g., individual performance management, supervision, personnel sourcing/staffing, staff
development)
Risk/control implications of different leadership styles
Performance (productivity, effectiveness, etc.)

C. Management Skills/Leadership Styles

Lead, inspire, mentor, and guide people, building organizational commitment and entrepreneurial orientation
Create group synergy in pursuing collective goals
Team-building and assessing team performance

D. Conflict Management
Conflict resolution (e.g., competitive, cooperative, and compromise)
Negotiation skills
Conflict management
Added-value negotiating

E. Project Management / Change Management

Change management
Project management techniques

VI. IT / Business Continuity (15-25%)

A. Security

Physical/system security (e.g., firewalls, access control)

Information protection (e.g., viruses, privacy)
Application authentication
Encryption

B. Application Development

End-user computing
Change control (Proficiency Level)
Systems development methodology (Proficiency Level)
Application development (Proficiency Level)
Information systems development

C. System Infrastructure

Workstations
Databases
IT control frameworks (e.g., eSAC, COBIT)
Functional areas of IT operations (e.g., data center operations)
Enterprise-wide resource planning (ERP) software (e.g., SAP R/3)
Data, voice, and network communications/connections (e.g., LAN, VAN, and WAN)
Server
Software licensing
Mainframe
Operating systems
Web infrastructure

D. Business Continuity
IT contingency planning

VII. Financial Management (10-20%)

A. Financial Accounting and Finance

Basic concepts and underlying principles of financial accounting (e.g., statements, terminology, relationships)
Intermediate concepts of financial accounting (e.g., bonds, leases, pensions, intangible assets, RandD)
Advanced concepts of financial accounting (e.g., consolidation, partnerships, foreign currency transactions)
Financial statement analysis (e.g., ratios)
Types of debt and equity
Financial instruments (e.g., derivatives)
Cash management (e.g., treasury functions)
Valuation models
Business valuation
Inventory valuation
Capital budgeting (e.g., cost of capital evaluation)
Taxation schemes (e.g., tax shelters, VAT)

B. Managerial Accounting

General concepts
Costing systems (e.g., activity-based, standard)
Cost concepts (e.g., absorption, variable, fixed)
Relevant cost
Cost-volume-profit analysis
Transfer pricing
Responsibility accounting
Operating budget

VIII. Global Business Environment (0-10%)

A. Economic / Financial Environments

Global, multinational, international, and multi-local compared and contrasted

Requirements for entering the global marketplace
Creating organizational adaptability
Managing training and development

B. Cultural / Political Environments

Balancing global requirements and local imperatives

Global mindsets (personal characteristics/competencies)
Sources and methods for managing complexities and contradictions.
Managing multicultural teams

C. Legal and Economics General Concepts (e.g., contracts)

D. Impact of Government Legislation and Regulation on Business (e.g., trade legislation)