Part 3 syllabus
Domain I. Business Acumen (35%)
|
1. Organisational Objectives, Behavior, and Performance |
||
|
A |
Describe the strategic planning process and key activities (objective setting, globalisation and competitive considerations, alignment to the organisation's mission and values, etc.) |
Basic |
|
B |
Examine common performance measures (financial, operational, qualitative vs. quantitative, productivity, quality, efficiency, effectiveness, etc.) |
Proficient |
|
C |
Explain organisational behavior (individuals in organisations, groups, and how organisations behave, etc.) and different performance management techniques (traits, organisational politics, motivation, job design, rewards, work schedules, etc.) |
Basic |
|
D |
Describe management’s effectiveness to lead, mentor, guide people, build organisational commitment, and demonstrate entrepreneurial ability |
Basic |
|
2. Organisational Structure and Business Processes |
||
|
A |
Appraise the risk and control implications of different organisational configuration structures (centralised vs. decentralised, flat structure vs. traditional, etc.) |
Basic |
|
B |
Examine the risk and control implications of common business processes (human resources, procurement, product development, sales, marketing, logistics, management of outsourced processes, etc.) |
Proficient |
|
C |
Identify project management techniques (project plan and scope, time/team/resources/cost management, change management, etc.) |
Basic |
|
D |
Recognise the various forms and elements of contracts (formality, consideration, unilateral, bilateral, etc.) |
Basic |
|
3. Data Analytics |
||
|
A |
Describe data analytics, data types, data governance, and the value of using data analytics in internal auditing |
Basic |
|
B |
Explain the data analytics process (define questions, obtain relevant data, clean/normalise data, analyse data, communicate results) |
Basic |
|
C |
Recognise the application of data analytics methods in internal auditing (anomaly detection, diagnostic analysis, predictive analysis, network analysis, text analysis, etc.) |
Basic |
Domain II. Information Security (25%)
|
1. Information Security |
||
|
A |
Differentiate types of common physical security controls (cards, keys, biometrics, etc.) |
Basic |
|
B |
Differentiate the various forms of user authentication and authorisation controls (password, two-level authentication, biometrics, digital signatures, etc.) and identify potential risks |
Basic |
|
C |
Explain the purpose and use of various information security controls (encryption, firewalls, antivirus, etc.) |
Basic |
|
D |
Recognise data privacy laws and their potential impact on data security policies and practices |
Basic |
|
E |
Recognise emerging technology practices and their impact on security (bring your own device [BYOD], smart devices, internet of things [IoT], etc.) |
Basic |
|
F |
Recognise existing and emerging cybersecurity risks (hacking, piracy, tampering, ransomware attacks, phishing attacks, etc.) |
Basic |
|
G |
Describe cybersecurity and information security-related policies |
Basic |
Domain III. Information Technology (20%)
|
1. Application and System Software |
||
|
A |
Recognise core activities in the systems development lifecycle and delivery (requirements definition, design, developing, testing, debugging, deployment, maintenance, etc.) and the importance of change controls throughout the process |
Basic |
|
B |
Explain basic database terms (data, database, record, object, field, schema, etc.) and internet terms (HTML, HTTP, URL, domain name, browser, click-through, electronic data interchange [EDI], cookies, etc.) |
Basic |
|
C |
Identify key characteristics of software systems (customer relationship management [CRM] systems; enterprise resource planning [ERP] systems; and governance, risk, and compliance [GRC] systems; etc.) |
Basic |
|
2. IT Infrastructure and IT Control Frameworks |
||
|
A |
Explain basic IT infrastructure and network concepts (server, mainframe, client-server configuration, gateways, routers, LAN, WAN, VPN, etc.) and identify potential risks |
Basic |
|
B |
Define the operational roles of a network administrator, database administrator, and help desk |
Basic |
|
C |
Recognise the purpose and applications of IT control frameworks (COBIT, ISO 27000, ITIL, etc.) and basic IT controls |
Basic |
|
3. Disaster Recovery |
||
|
A |
Explain disaster recovery planning site concepts (hot, warm, cold, etc.) |
Basic |
|
B |
Explain the purpose of systems and data backup |
Basic |
|
C |
Explain the purpose of systems and data recovery procedures |
Basic |
Domain IV. Financial Management (20%)
|
1. Financial Accounting and Finance |
||
|
A |
Identify concepts and underlying principles of financial accounting (types of financial statements and terminologies such as bonds, leases, pensions, intangible assets, research and development, etc.) |
|
|
B |
Recognise advanced and emerging financial accounting concepts (consolidation, investments, fair value, partnerships, foreign currency transactions, etc.) |
|
|
C |
Interpret financial analysis (horizontal and vertical analysis and ratios related to activity, profitability, liquidity, leverage, etc.) |
|
|
D |
Describe revenue cycle, current asset management activities and accounting, and supply chain management (including inventory valuation and accounts payable) |
|
|
E |
Describe capital budgeting, capital structure, basic taxation, and transfer pricing |
|
|
2. Managerial Accounting |
||
|
A |
Explain general concepts of managerial accounting (cost-volume-profit analysis, budgeting, expense allocation, cost- benefit analysis, etc.) |
|
|
B |
Differentiate costing systems (absorption, variable, fixed, activity-based, standard, etc.) |
|
|
C |
Distinguish various costs (relevant and irrelevant costs, incremental costs, etc.) and their use in decision making |
|
