CPD planner
This template allows IIA members to assess their professional development needs against the IIA CPD competency framework andplan their Continuing Professional Development (CPD) activity.
How to use this planner
- Assess your current role and the role you aspire to, against the four categories:
- New entrant
- Internal auditor
- Audit manager
- Head of internal audit
For example you might currently be an internal auditor, aspiring to be an internal audit manager.
- Look at the competencies required for the role you aspire to. Competencies have been defined at four levels:
- Awareness
- Basic
- Competent
- Expert
Assess whether you have the competencies for that role. For example you might need to develop the competency “develops staff effectively” from “awareness” to “competent”.
- Select the competencies you want to develop.Build your CPD plan by completing an “action period” for your selected competencies.
- Save your plan, review and update it periodically.
Name:
Current role:
Role I aspire to:
Date:
Section 1 - Internal Audit Standards, Theory and Methodology
International Professional Practices Framework / Member to complete
Core competency / New entrant / Internal auditor / Audit manager / Head of IA / Detailed statement of competency / Current level / Target level / Action period
Applies the relevant portions of the International Professional Practices Framework / Basic / Competent / Expert / Expert / Can use the IIA international standards to ensure that: audit assignments are quality controlled; audit methodology follows a risk based approach covering planning, fieldwork, reporting and follow up; the audit department is independent through its reporting line; internal audit has access to all systems, processes and people; and audit assignments are conducted with due professional care
Section 2 - Knowledge Areas
The Internal Environment / Member to complete
Core competency / New entrant / Internal auditor / Audit manager / Head of IA / Current level / Target level / Action period
Applies an understanding of the technical aspects of finance and accounting appropriate to their own or clients' organisation when communicating with others / Awareness / Basic / Competent / Competent / Understands and is able to analyse and interpret accounting information, including accounting statements, terminology, processes and procedures and financial instruments, as well as the accounting entries required for recording and managing cash, and other specific transactions and events, within the context of the business development cycle
Applies an understanding of management accounting appropriate to their own or clients' organisation when communicating with others / Awareness / Basic / Competent / Competent / Is able to apply cost concepts and costing systems (including absorption costing, variable costing, full costing, marginal costing and activity-based costing), capital and operational budgeting, as well as transfer pricing (if appropriate) and relevant cost
Applies an understanding of organisational and management theory to own or clients' organisation / Awareness / Basic / Basic / Competent / Demonstrates an understanding of organisational theory, applying a range of different theoretical models with respect to operations, systems, behaviour and contingency to inform their approach to management, change, culture, sales and marketing activities
The External Environment / Member to complete
Core competencies / New entrant / Internal auditor / Audit manager / Head of IA / Current level / Target level / Action period
Applies an understanding of the regulatory and legal framework within which their own or clients' organisation operates / Awareness / Basic / Basic / Basic / Is aware of and takes into account the impact of legislation and regulation, including trade legislation and regulations, labour laws, copyright, privacy and cyber laws, civil and penal laws, taxation schemes, contract law, and the nature and rules of legal evidence
Applies an understanding of macro- and micro-economics appropriate to the organisation when communicating with others / Awareness / Basic / Basic / Basic / Is aware of and takes into account the impact of macroeconomic factors (including the state of the economy, the economic environment within which business and financial decisions are made, the workings of financial markets, government policies, national income, employment, investment, interest rates, the supply of money, inflation, exchange rates, and the formulation and operation of stabilisation policies) and microeconomic factors (including market mechanisms that establish relative prices among goods and services and allocate limited resources among many alternative uses, market failure, perfect competition, general equilibrium, markets under asymmetric information, choice under uncertainty and economic applications of game theory, and elasticity of products within the market system)
Quality and Control / Member to complete
Core competencies / New entrant / Internal auditor / Audit manager / Head of IA / Current level / Target level / Action period
Applies a range of appropriate quality models and frameworks / Awareness / Basic / Basic / Basic / Understands and applies quality frameworks including EFQM, ISO standards, Six Sigma and TQM as appropriate
Demonstrates an understanding of the principles of ethics and integrity / Basic / Expert / Expert / Expert / Can demonstrate that the IIA’s code of ethics is applied in every audit assignment so that information is kept confidential, audit work is only undertaken where the auditor is competent to do so, conflicts of interest are disclosed, and the auditor acts objectively in all situations, ensuring that where ethical conflicts do occur they are discussed with the head of audit, and can apply ethical principles and values to the activities being audited within the organisation, acting with due sensitivity where these principles are being abused
Identifies the risk of fraud occurring and the appropriate means for detection, investigation and prevention / Awareness / Basic / Competent / Competent / Understands the definition and application of fraud concepts and applies them to business systems such as procurement, sales, accounting, payroll, fixed assets and organsiational knowledge, recognising detection methods such as red flags and the fraud triangle
Applies an understanding of IT risk, control and security appropriate to own or clients' organisation when communicating with others / Basic / Competent / Competent / Competent / Recognises where IT is relevant within an audit assignment (including security of systems involving access control, environmental controls, compliance with IT policies and procedures, and management of the IT activity), and can participate in IT projects and provide input on potential risk exposures, referring to IT control frameworks such as COBIT and IT standards such as BS25999 (business continuity management) and ISO27001 and 27002 (information security code of practice) where appropriate
Applies an understanding of risk management, control and governance through the delivery of assurance / Awareness / Competent / Expert / Expert / Can undertake an assurance audit and provide an audit opinion on the risk exposures highlighted, discussing levels of assurance with senior management and confirming the level of assurance that particular audit work attracts (recognising, for example, that a light touch audit with little testing may provide a lower level of assurance than an audit that encompasses both compliance and substantive testing), and is able to provide input to the annual assurance statement or statement on internal control signed by senior management, working with other providers of assurance within the organisation such as health and safety and quality control where necessary and appropriate
Maintains effective working relationships with other assurance providers / Awareness / Awareness / Basic / Expert / Is able to develop and sustain good relationships and effective coordination with those who provide assurance services, such as external auditors, compliance officers, and others
Section 3 - Interpersonal Skills
Personal Effectiveness / Member to complete
Core competencies / New entrant / Internal auditor / Audit manager / Head of IA / Current level / Target level / Action period
Develops and wields influence effectively / Basic / Basic / Competent / Expert / Is able to gain the trust of others and be influential by building consensus, support and alliances through negotiation, persuasion and the use of networking in a manner that is inclusive, confident, politically astute, diplomatic, sensitive and proactive
Develops and implements organisational policies and procedures effectively / Awareness / Basic / Expert / Expert / Understands, implements and contributes to the development of the organisation’s policies and procedures including those relating to the internal audit function
Develops and exploits effective working relationships / Basic / Basic / Competent / Expert / Cultivates networks, creates opportunities to develop relationships and build bonds, and is open and approachable, using tact and diplomacy
Operates effectively through proactive collaboration / Basic / Basic / Expert / Expert / Identifies and nurtures collaboration proactively through the sharing of plans, goals, information and resources, creating a professional, cooperative, confidential and safe environment, whilst recognising own limitations, admitting mistakes and seeking support from others as required
Communication / Member to complete
Core competencies / New entrant / Internal auditor / Audit manager / Head of IA / Current level / Target level / Action period
Communicates effectively both orally and in writing to a range of audiences / Basic / Competent / Competent / Expert / Is able to communicate effectively both orally and in writing, using presentations and visual media (such as pictures, graphs and flow charts) within written reports, and is able to present complex or sensitive messages (such as audit recommendations) clearly, comprehensively, and professionally, presenting messages at the right time and with confidence in a manner appropriate to a range of audiences from operational staff to director level.
Promotes open communication / Basic / Competent / Expert / Expert / Fosters open communication, mutual understanding and information sharing through .active listening and responsiveness to client questions and answers, and is able to provide constructive, sensitive feedback
Advocates the internal audit function to others / Basic / Basic / Competent / Expert / Can advocate the internal audit function to others
Managing Others / Member to complete
Core competencies / New entrant / Internal auditor / Audit manager / Head of IA / Current level / Target level / Action period
Manages staff effectively / Awareness / Awareness / Competent / Expert / Establishes and implements procedures for recruitment, selection, succession planning, appraisal, performance management, professional development and workload management for team members, dealing with individuals with sensitively in a manner that promotes diversity
Builds and inspires a team / Awareness / Basic / Competent / Expert / Is able to build a team, create unity, lead by example, demonstrate a commitment to values and develop an inspiring vision for self and others, taking calculated risks to achieve goals as required
Manages and resolves conflict / Awareness / Basic / Competent / Expert / Is able to lead in a crisis, identifying and resolving conflict and disagreements through win-win strategies, dealing with difficult people and difficult situations with tact and diplomacy
Leads a team effectively / Basic / Basic / Competent / Expert / Can develop, lead and promote a team through enthusiastic support, protection, assistance, encouragement, guidance, praise participation and sharing
Managing Performance / Member to complete
Core competencies / New entrant / Internal auditor / Audit manager / Head of IA / Current level / Target level / Action period
Manages performance effectively / Awareness / Awareness / Competent / Expert / Sets and communicates clear targets for performance in a manner that promotes the vision, motivates and provides focus, and is able to address issues of individual performance promptly, providing performance feedback that is sensitive to personal issues
Manages own workload and that of team effectively / Basic / Basic / Competent / Expert / Is able to multi task and meet given deadlines as well as set challenging goals for team and manage their responsibilities, using time and other resources in a focussed, efficient and effective way whilst maintaining and promoting a healthy work-life balance
Managing Change / Member to complete
Core competencies / New entrant / Internal auditor / Audit manager / Head of IA / Current level / Target level / Action period
Acts as a champion for change / Awareness / Basic / Competent / Expert / Acts as a champion for change and enlists the support of others by developing a change strategy and modelling expected change, assessing potential barriers and resources needed, and providing resources, direction and focus
Responds positively to change / Basic / Basic / Competent / Expert / Responds quickly and positively to change, switching strategies and tactics and maintaining work efficiency even in unclear situations, coping with any associated stress
Section 4 - Tools and Techniques
Research and Investigation / Member to complete
Core competencies / New entrant / Internal auditor / Audit manager / Head of IA / Current level / Target level / Action period
Selects and applies a range of appropriate operational and management research tools and techniques / Awareness / Basic / Basic / Basic / Can select and use the appropriate operational research techniques (such as Markov chains and processes, stochastic simulation and queuing models) and optimisation techniques (such as linear programming, dynamic programming, integer and mixed integer programming and heuristics), developing and managing operations, strategy and process design, and understands cycle time, capacity, waiting time, basic decision analysis and simulation well enough to explain to others
Identifies the need for an expert in operational research as required and validates their work / Awareness / Basic / Competent / Expert / Can identify the need for a specific expert in the operational research field and can understand their conclusions and validate their work
Selects and applies a range of appropriate forecasting tools and techniques / Awareness / Basic / Competent / Competent / Can apply forecasting and predicting methods to support managerial decision making, assess and apply model causes and time series, using the organisation's forecasting tools as required
Identifies the need for an expert in forecasting as required and validates their work / Awareness / Basic / Competent / Expert / Can identify the need for a specific expert in the forecasting field and can understand their conclusions and validate their work
Business Processes and Project Management / Member to complete
Core competencies / New entrant / Internal auditor / Audit manager / Head of IA / Current level / Target level / Action period
Manages projects within the internal audit function or organisation effectively / Awareness / Basic / Expert / Expert / Can manage any project within the IAA or audit project management within the organization, can apply to himself/herself most of the concept presented in the referenced model
Selects and applies a range of appropriate business process analysis tools and techniques / Awareness / Competent / Expert / Expert / Can use business analysis tools and flowcharting techniques to summarise systems and processes and measure their efficiency and effectiveness, and is able, in conjunction with audit client, to identify solutions that can be used to improve processes and promote better value for money
Organises and leads a team in mapping, analysis, and business process improvement / Awareness / Basic / Competent / Expert / Organises and leads a team in mapping, analysis, and business process improvement
Uses performance management techniques to monitor and evaluate operational and strategic performance / Basic / Competent / Expert / Expert / Is able to review individual areas within audit assignments like finance, operations, learning and development and customer care to evaluate the effectiveness of their performance, and can use approaches such as the balanced scorecard to assess and evaluate the performance of the organisation or parts of it, including the audit function
Risk and Control / Member to complete
Core competencies / New entrant / Internal auditor / Audit manager / Head of IA / Current level / Target level / Action period
Explains and applies risk theory and management, control design and control testing techniques / Basic / Competent / Expert / Expert / Can undertake a risk based audit and understands how management should apply risk management techniques and risk mitigation strategies (including treat, tolerate, terminate, transfer or exploit), and is able to use a range of risk mitigation techniques within audit recommendations or as part of the outcomes of consultancy assignments by assessing risk within the planning stage of the audit, evaluating risk at the end of the fieldwork stage of the audit and providing a risk based opinion at the end of the audit
Explains and applies internal controls and a range of control frameworks / Basic / Competent / Expert / Expert / Is able to apply major control frameworks such as COSO and CoCo and ISO standards where applicable to audit work, and understands where internal control fits within a risk focused audit assignment and the statement of internal control agreed by management at the year end, applying ad hoc control references in the absence of a control framework
Trains others in control model used / Awareness / Basic / Competent / Expert / Can train a team or client on the model used within the organisation and compare with other alternatives
Data Collection and Analysis / Member to complete
Core competencies / New entrant / Internal auditor / Audit manager / Head of IA / Current level / Target level / Action period
Applies sampling, data analysis and other statistical techniques to analyse and assess data / Basic / Competent / Expert / Competent / Undertakes statistical analysis as part of the planning stage of the audit assignment to ensure that higher rated risks are given due focus in the fieldwork using software (such as IDEA and ACL) to select audit samples and analyse data trends, and using judgmental sampling to select samples where software is not available, and .undertakes benchmarking of the organisation where appropriate and where data is available
Uses benchmarking data adequately / Awareness / Basic / Competent / Expert / Can use benchmarking data adequately
Uses data extraction software and communicates data manipulation requirements to others / Basic / Basic / Expert / Competent / Can use queries, organisation's own systems, or third party providers data extraction software, and can express requirements to a data warehouse expert for data extraction, transformation and loading techniques
Prepares for an interview/meeting, sets the environment, and conducts the interview/meeting / Basic / Competent / Expert / Expert / Can set up a meeting with a range of organisational personnel (from operational through to director level), determining the agenda and issues to be discussed, and conduct and manage a meeting, putting the client at ease, and, through active listening, can ask relevant and pertinent questions, and accurately write up the contents of the meeting
Designs and uses questionnaires and surveys effectively / Basic / Competent / Expert / Competent / Can determine when it is appropriate to use a questionnaire or survey as part of an audit engagement, determine the right level and number of questions, phrase sensitive questions well, and determine the right persons to whom the survey/questionnaire should be sent, engaging the client in the process,, and is able to analyse and write up the data returns accurately and effectively
Identifies the need for a specific expert in the data mining/analysis field / Basic / Basic / Expert / Expert / Can identify the need for a specific expert in the data mining/analysis field
Problem Solving / Member to complete
Core competencies / New entrant / Internal auditor / Audit manager / Head of IA / Current level / Target level / Action period
Selects and applies a range of problem solving techniques / Basic / Competent / Expert / Expert / Can apply problem solving techniques (such as SWOT and PESTEL analysis, five whys, critical success factors, impact analysis, drill down and Porter's Five Forces) to assurance and consulting assignments to assess and evaluate risk and assess the inherent risks to which organisations are exposed
Identifies the need for a specific expert/facilitator in the problem solving field / Basic / Basic / Expert / Expert / Can identify the need for a specific expert/facilitator in the problem solving field
Information Technology / Member to complete
Core competencies / New entrant / Internal auditor / Audit manager / Head of IA / Current level / Target level / Action period
Uses Microsoft office suite or equivalent effectively / Competent / Expert / Expert / Expert / Can use Microsoft office suite or equivalent (word processing, spreadsheet, presentation, email, internet) to support the audit process, such as analysing data, report writing, setting up meetings and requests for information, and making presentations at close out meetings or to the audit committee
Uses a range of packages for data extraction, analysis and audit management / Basic / Competent / Competent / Competent / Can use data extraction and analysis tools and software such as Access, ACL and IDEA to generate audit samples or examples of exceptions to organisational procedures that can be tested further to evaluate risk exposure.
Chartered Institute of Internal Auditors 2013 1