INTERNAL AUDIT COMPETENCY FRAMEWORK
COMPETENCY LEVEL
PROFESSIONALISM
Competencies required
to demonstrate the
authority, credibility, and
ethical conduct essential
for a valuable internal
audit activity.
KNOWLEDGE AREA
GENERAL AWARENESS
Describe the purpose, authority, and
responsibility of the internal audit
Mission of internal activity; distinguish between assurance
auditing and consulting services.
Describe the purpose of an internal
audit charter; identify the required
elements of an internal audit charter,
Internal audit charter according to the Standards.
Describe the importance of
organizational independence of the
Organizational internal audit activity; identify the
independence elements that affect independence.
Describe the importance of internal
audit objectivity; identify factors
that may impair, or appear to
Individual objectivity impair, objectivity.
Describe the importance of a code of
ethics for internal auditors; identify the
principles of The IIA’s Code of Ethics.
Ethical behavior
Describe due professional care.
Due professional care
Recognize the knowledge, skills, and
competencies needed to fulfill the
Professional responsibilities of the internal audit
development activity and the need for continuing
professional development.
APPLIED KNOWLEDGE
Demonstrate ability to conduct both
assurance and consulting engagements
in conformance with the Standards.
Prepare an internal audit charter in
conformance with the Standards, and
receive approval from the board.
Detect any potential impairments
to internal audit independence and
the impact.
Detect and manage any real or
perceived impairments to an individual
internal auditor’s objectivity; assess and
maintain internal audit objectivity.
Demonstrate individual conformance
with The IIA’s Code of Ethics.
Demonstrate due professional care.
Demonstrate internal audit
competency through continuing
professional development.
Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
1|7
EXPERT
Review the internal audit activity’s
ability to conduct both assurance and
consulting activities to add value and
improve the organization’s operations.
Evaluate and revise an internal audit
charter to achieve conformance with
the Standards and promote world-
class performance.
Address any potential impairments to
internal audit independence to achieve
conformance with the Standards;
communicate the impact of any
remaining impairments.
Develop and maintain policies that
govern objectivity; recommend
strategies to promote objectivity.
Assess the internal audit activity’s
conformance with The IIA’s Code
of Ethics; recommend strategies to
maintain and promote the highest
ethical standards for internal auditors
and the internal audit activity.
Evaluate and conclude on the
application of due professional care.
Assess the competencies required
to fulfill the responsibilities of the
internal audit activity; promote
professional development.
 INTERNAL AUDIT COMPETENCY FRAMEWORK
KNOWLEDGE AREA
GENERAL AWARENESS
Describe the concept of
Organizational organizational governance.
governance
Recognize types of fraud, fraud risk,
and red flags for fraud.
Fraud
PERFORMANCE Describe fundamental concepts of risk
and risk management; describe risk
Risk management management frameworks.
Competencies required
to plan and perform
Identify types of controls.
internal audit engagements
in conformance with Internal control
the Standards.
Describe the key roles and activities
involved in establishing the objectives,
evaluation criteria, and scope of
an engagement.
Describe the purpose of performing
a risk assessment during engagement
planning and the steps involved.
Engagement planning
• Objectives and scope
• Risk assessment Describe the purpose of an engagement
• Work program work program and key components.
• Resources
Describe the factors that influence
planning for staffing and resource
planning for an engagement.
COMPETENCY LEVEL
APPLIED KNOWLEDGE
Detect risks related to the organization’s Recommend improvements to the
governance policies, processes, and
structures.
Evaluate the potential for fraud and
how the organization detects and
manages fraud risks; recommend
controls to prevent and detect fraud
and educate to improve the
organization’s fraud awareness.
Use a risk management framework to
identify potential threats; examine the
effectiveness of risk management within
processes and functions.
Use an internal control framework to
examine the effectiveness and efficiency to the organization’s internal control
of internal controls.
Determine the objectives, evaluation
criteria, and scope of an engagement.
Complete a detailed risk assessment,
including prioritizing key risks and
controls.
Prepare an engagement work program.
Determine staff and resources for
an engagement.
Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
2|7
EXPERT
organization’s governance policies,
processes, and structures.
Apply forensic auditing techniques
in fraud prevention, deterrence,
and investigation.
Appraise the methods used to assess
the effectiveness of risk identification
and management.
Evaluate and recommend improvements
framework; assess the organization’s
implementation of its internal
control framework.
Evaluate the audit engagement’s
objectives and scope to ensure the
quality of the engagement.
Evaluate the risk assessment process
during the audit engagement.
Assess the audit engagement
work program.
Evaluate audit engagement staffing
and resources.
 INTERNAL AUDIT COMPETENCY FRAMEWORK
KNOWLEDGE AREA
GENERAL AWARENESS
Describe the purpose of preliminary
surveys of the engagement
area, checklists, and risk-and-
control questionnaires.
Describe the various approaches to
sampling, including advantages and
drawbacks of each.
PERFORMANCE Describe the purpose, advantages,
and disadvantages of using computer-
assisted audit tools and techniques.
Competencies required
to plan and perform Engagement fieldwork
internal audit engagements • Information gathering Describe data analytics, the data
in conformance with analytics process, and the application
• Sampling of data analytics methods in
the Standards. • Computer-assisted internal auditing.
audit tools and
techniques
Recognize potential sources of evidence. Evaluate the relevance, sufficiency, and
• Data analytics
• Evidence
• Process mapping
• Analytical review
• Documentation Describe the purpose, advantages,
and disadvantages of various process
mapping techniques.
Describe the purpose, advantages,
and disadvantages of various analytical
review techniques.
Describe documentation and
workpaper requirements.
3|7
COMPETENCY LEVEL
APPLIED KNOWLEDGE EXPERT
Perform a preliminary survey of the Evaluate engagement information-
engagement area; develop checklists gathering activities.
and risk-and-control questionnaires;
examine relevant information during
an engagement.
Apply appropriate sampling techniques. Evaluate audit engagement
sampling activities.
Use computer-assisted audit tools Evaluate the use of computer-assisted
and techniques. audit tools and techniques during the
audit engagement.
Apply data analytics methods. Evaluate the use of data analytics in
internal auditing.
Develop guideline to ensure evidence is
reliability of potential sources relevant, sufficient, and reliable.
of evidence.
Apply appropriate analytical approaches Evaluate process mapping of the
and process mapping techniques. audit engagement.
Determine and apply analytical Evaluate analytical review
review techniques. techniques implemented
during the audit engagement.
Prepare workpapers and documentation. Evaluate audit engagement
documentation.
Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
 INTERNAL AUDIT COMPETENCY FRAMEWORK 4|7

COMPETENCY LEVEL
KNOWLEDGE AREA
GENERAL AWARENESS APPLIED KNOWLEDGE EXPERT
Describe the elements of quality Demonstrate quality engagement Evaluate audit engagement
engagement communications. communications, including communications.
preliminary communication
with engagement clients.

Recognize the elements of an Summarize and develop Evaluate audit engagement conclusions.
appropriate engagement conclusion. engagement conclusions.

PERFORMANCE
Recognize the importance of Formulate recommendations Evaluate audit engagement
providing recommendations. to enhance and protect recommendations.
Competencies required organizational value.
to plan and perform Engagement outcomes
internal audit engagements • Communication
in conformance with quality
the Standards. • Conclusions Describe the engagement Prepare an interim report; prepare a Review and approve engagement
communication and reporting process, final audit report, seek approval, and reports; recommend distribution of the
• Recommendations including interim reporting, the exit distribute to appropriate parties. report to appropriate parties.
• Reporting conference, obtaining management’s
• Residual risk and response, the report approval process,
risk acceptance and distribution of the report.
• Management Describe the chief audit executive’s Identify residual risk. Assess the impact of residual risk;
action plan responsibility for identifying and communicate management’s
• Results monitoring assessing the residual risk and acceptance of risk to senior
the process for communicating management and the board.
management’s acceptance of risk.

Describe engagement outcomes; Assess engagement outcomes, including Evaluate the collective outcomes of
describe the purpose of a management the management action plan. engagements performed by the internal
action plan. audit activity.

Recognize the importance of monitoring Manage monitoring and follow-up of the Evaluate monitoring and follow-up
and follow-up on the disposition of audit disposition of audit engagement results performed by the internal audit activity.
engagement results communicated to communicated to management and
management and the board. the board.

Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
 INTERNAL AUDIT COMPETENCY FRAMEWORK
KNOWLEDGE AREA
GENERAL AWARENESS
Identify the risk and control implications Evaluate the organization’s governance
of different organizational structures.
Organizational
strategic planning
Describe the strategic planning process.
and management
• Structure Describe common
• Performance measures performance measures.
• Organizational Explain organizational behavior and
ENVIRONMENT behavior performance management techniques.
• Leadership
Describe management’s
effectiveness to lead and build
Competencies required organizational commitment.
to identify and address the
Describe the risk and control
risks specific to the industry implications of common business
and environment in which processes (human resources,
Common business
the organization operates. procurement, contracting, product
processes development, project management,
sales, marketing, logistics, management
of outsourced processes, etc.).
Describe corporate social responsibility
and sustainability.
Social responsibility and
sustainability
Describe the basic concepts of IT and
data analytics.
Information technology Describe the various risks related to IT,
• Data analytics information security, and data privacy.
• Security and privacy
• IT control frameworks Recognize the purpose and applications
of IT control frameworks and basic
IT controls.
Identify various financial and managerial
accounting concepts and underlying
principles.
Accounting and finance
COMPETENCY LEVEL
APPLIED KNOWLEDGE
structure and the impact of
organizational structure and culture on
the overall control environment and risk
management strategy.
Analyze the organization’s strategic
planning process.
Examine performance measures used by
the organization.
Examine existing organizational
behavior and performance management
techniques.
Examine management’s effectiveness
to lead and build organizational
commitment.
Examine the risks and controls related
to the organization’s business processes.
Examine the organization’s approach to
social responsibility and sustainability.
Apply data analytics and IT in auditing.
Identify and assess various risks
related to IT, information security,
and data privacy.
Apply IT control frameworks.
Conduct financial analyses; examine
and interpret financial statements.
Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
5|7
EXPERT
Recommend improvements to the
overall control environment and risk
management strategy.
Recommend improvements to the
organization’s strategic planning process.
Select appropriate
performance measures.
Recommend appropriate organizational
behavior and performance management
techniques.
Recommend actions to improve
management’s approach to leading and
building organizational commitment.
Recommend actions to address risks
related to the organization’s business
processes.
Recommend actions to improve the
organization’s approach to social
responsibility and sustainability.
Evaluate the use of data analytics and IT
in auditing.
Recommend actions to address IT risks,
information security, and data privacy.
Evaluate the use of IT
control frameworks.
Evaluate financial statement accuracy
and provide assurance.
 INTERNAL AUDIT COMPETENCY FRAMEWORK
LEADERSHIP &
COMMUNICATION
Competencies required to
provide strategic direction,
communicate effectively,
maintain relationships, and
manage internal audit
personnel and processes.
KNOWLEDGE AREA
GENERAL AWARENESS
Recognize the importance of aligning
the internal audit strategic plan with the
organization’s strategy.
Internal audit Differentiate various internal audit roles, Manage internal audit personnel
including the engagement supervisor
strategic planning and chief audit executive.
and management
Identify key activities in
supervising engagements.
Identify sources of potential
engagements, including industry
trends and emerging risks.
Audit plan and
coordinating
Describe coordination of internal
assurance efforts audit efforts with the external
auditor, regulatory oversight bodies,
and other internal assurance functions,
and potential reliance on other
assurance providers.
Describe requirements of the Quality
Assurance and Improvement Program.
Quality Assurance and
Improvement Program Identify appropriate disclosure of
conformance vs. nonconformance with
The IIA’s International Standards for the
Professional Practice of Internal Auditing.
COMPETENCY LEVEL
APPLIED KNOWLEDGE
Create the internal audit strategic plan
in alignment with the organization’s
strategy, risk profile, and risk
management strategy; create an
effective and efficient budget for the
internal audit activity.
(including recruiting, developing,
motivating, managing conflict,
building teams, delegating, retaining
talent, and succession planning);
create policies and procedures for
managing internal audit operations.
Supervise engagements.
Conduct a risk assessment,
prioritize engagements, develop
a risk-based internal audit plan,
and obtain board approval.
Prepare a risk assurance map.
Schedule and complete internal and
external quality assessments to meet
requirements and report results.
Formulate appropriate disclosures of
conformance vs. nonconformance with
the Standards.
Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
6|7
EXPERT
Assess the internal audit strategic
plan; evaluate and recommend
improvements to the budget for
the internal audit activity.
Assess the talent management efforts
of the internal audit activity; appraise
policies, procedures, and administrative
activities of the internal audit activity.
Assess engagement supervision activities
to ensure the quality of the internal
audit activity.
Evaluate and revise a risk-based internal
audit plan to meet the organization’s
evolving needs.
Coordinate assurance efforts with other
providers to ensure proper coverage and
minimize duplication of efforts.
Assess the internal audit activity’s
quality assurance and improvement
practices and assess conformance with
the Standards.
Assess the internal audit activity’s
disclosures of conformance vs.
nonconformance with the Standards.
 INTERNAL AUDIT COMPETENCY FRAMEWORK
LEADERSHIP &
COMMUNICATION
Competencies required to
provide strategic direction,
communicate effectively,
maintain relationships, and
manage internal audit
personnel and processes.
NOTE: It is assumed that an internal auditor at the “applied knowledge” level of competency in a certain area would also have “general awareness” of the same knowledge area; accordingly, an internal auditor at the
“expert” level of competency would also have “applied knowledge” of the same knowledge area.
KNOWLEDGE AREA
GENERAL AWARENESS
Recognize the value of advocacy
and the importance of maintaining
stakeholder relationships (e.g., board,
senior management, audit clients,
other assurance providers, external
stakeholders).
Describe appropriate communications
between internal auditors and
stakeholders, including key performance
Communication indicators; recognize that the chief
audit executive reports on the overall
• Advocacy effectiveness of the organization’s
• Relationships internal control and risk management
• Reporting processes to senior management and
• Soft skills the board.
• Innovation
Recognize the importance of written
and verbal communication skills,
including soft skills such as conflict
management, influence, and persuasion.
COMPETENCY LEVEL
APPLIED KNOWLEDGE
Manage the internal audit activity’s
reputation and stakeholder expectations;
demonstrate sincerity, honesty, and
empathy in communications with
stakeholders to build trust and maintain
relationships.
Prepare relevant and appropriate
communications for internal audit
stakeholders, including reports to
senior management and the board
(e.g., significant risk exposures, key
performance indicators, etc.).
Demonstrate soft skills (conflict
management, influence, and
persuasion); provide insightful
consultation to contribute to the
organization’s effectiveness; detect
opportunities for change and facilitate
change.
Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
7|7
EXPERT
Assess stakeholder relationships
and recommend actions to achieve
improvements; evaluate the advocacy
efforts of the internal audit activity.
Assess internal audit communications
with stakeholders, including key
performance indicators to evaluate the
success of the internal audit activity, and
recommend improvements.
Assess the internal audit activity’s
written and verbal communication skills,
soft skills, and innovation; recommend
improvements.