An Internal Audit Common Body of Knowledge

INTERNAL AUDIT PROFESSIONALS CONSTANTLY ENCOUNTER areas where they are

expected to gain personal and professional knowledge to assist them in performing internal
audits. The bottom line, though, is that internal auditors at all levels are expected to have
knowledge in a wide variety of areas, some unique to an individual enterprise or product area
and others covering the general practice of internal auditing.

WHAT IS A CBOK?

CBOK stands for common body of knowledge, A CBOK for any profession defines the
minimum level of proficiency needed for effective performance within that profession. There are
several benefits for internal auditor using CBOK which are:

 variety of internal audit-specific practices areas

 an understanding of general management practices
 some general application knowledge areas

WHAT DOES AN INTERNAL AUDITOR NEED TO KNOW?

All internal auditors, and especially the new internal auditor, should be familiar with materials
such as the Committee of Sponsoring Organizations (COSO) internal control framework. The
more experienced internal auditor will specialize in some areas as well as gain more industry‐
specific knowledge. Whether the enterprise manufactures heavy industrial equipment or provides
financial services, an experienced internal auditor should develop skills and knowledge of those
specific areas. There some specific things that auditor needs to know:

 Committee of Sponsoring Organizations COSO internal control framework

 Planning on performing internal audit
 The IIA internal audit standards
 Industry specific knowledge

AN INTERNAL AUDITING CBOK

Requirements: importance of internal controls

 COSO internal control framework

 Sarbanes-Oxley Act (SOx) internal control and corporate governance rules
 Control objectives for IT COBIT
 COSO Enterprise Risk Management COSO ERM framework

Requirements: planning and performing internal audits

 Ability to plan and perform an individual internal audit

 Understanding of the IIA's International Standards for the Professional Practice of
Internal Auditing
 CBOK knowledge and awareness need

Requirements: organizing and managing internal audit activities

 ASQ quality internal audit standards and procedures

 ISO standards and their supporting concepts
 International Financial Reporting Standards

ANOTHER ATTEMPT: THE IIA RESEARCH FOUNDATION’S CBOK

 Internal audit activity brings a systematic approach to evaluate the effectiveness of

governance processes
  Internal audit activity adds value to the governance process through direct access to the
audit committee
 Compliance with the IIA's International Standards for the Professional Practice of
Internal Auditing to add value to governance process.

The stated objective of this IIA consultant–led survey was to capture and describe the state of the
internal auditing professional practices throughout the world, including:

 The knowledge and skills that internal auditors possess

 The skill and organizational levels used for the practice of internal auditing work
 The actual duties performed by internal auditors
 The structure of internal audit organizations
 The types of industries that practice internal audit
 The regulatory environment of various countries

IIARF CBOK surveys were assembled similar to a consumer‐type survey where participants
were asked to respond to questions based on a score ranging from 1 to 5 for each question. That
is, a response of 5 meant the respondent strongly agreed to a survey question, 4 meant they
somewhat agreed, and a 1 indicated that they strongly disagreed. The results were published as a
single mean value of the various 1‐to‐5 responses but with no standard deviation values to show
the variances or ranges of those responses.

From CAEs to audit staff members, almost everything is reported with scores somewhat greater
than 4.0 but less than 5.0. Three IIARF CBOK evaluation statements were ranked under 4.0 but
above 3.5:

1. Your internal audit activity brings a systematic approach to evaluate the effectiveness of
governance processes.
2. The way your internal audit activity adds value to the governance process is through
direct access to the audit committee.
3. Compliance with the IIA’s International Standards for the Professional Practice of
Internal Auditing is a key factor for your internal audit activity to add value to
governance processes.
CBOK IIARF aims to document an understanding of the unique value added role that internal
audit companies around the world have, based on this understanding, an objective of CBOK
IIARF is to better define the future of internal audit and ensure that it contains "passion and a
relevant contribution to the company".

ESSENTIAL INTERNAL AUDIT KNOWLEDGE AREAS

we feel that any auditor should develop of general understanding of essentially all of the issues
and topics discussed during this book. a number of these could also be specialized, but an
internal auditor must have a minimum of awareness. For all internal auditors, and particularly the
new auditor , materials like the Committee of Sponsoring Organization (COSO) control
framework.

IIA has announced major plans to build and expand IIARF CBOK itself in the coming years.
However, the latest IIARF CBOK publication found that recently a number of internal auditors
were not adhering to IIA standards, IIA reviewed these findings and only published more basic
material going forward. This practice report demonstrates the real need for internal auditors'
knowledge.