CBOK 2010 Report II: Core Competencies for Today's Internal Auditor


17-02-2011 CBOK 2010 Report II: Core Competencies for Today's Internal Auditor
Executive Summary Report II provides insight on core competencies for today’s internal auditors, including the use and effectiveness of The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards) and of audit tools and techniques during audit engagements. Additionally, this report provides insight regarding the importance of different types of behavioral and technical skills and certain competencies internal auditors should possess to successfully perform as practitioners. This analysis is based on 13,582 responses of IIA members and nonmembers in more than 107 countries. Salient responses from chief audit executives (CAEs), internal audit staff, and managers are presented in this document. Competence and Skills 1. In the wake of the turbulent global economy and the impact on financial markets and corporate viability, CAEs, internal audit staff, and managers identified three of the top five competencies as: · Communication skills (including oral, written, report writing, and presentation). · Problem identification and solution skills (including core, conceptual, and analytical thinking). · Keeping up to date with industry and regulatory changes and professional standards. 2. Understanding the business ranked as the most important overall technical skill in both the 2006 and 2010 surveys. It is the top technical skill for management and CAEs and the third most important technical skill for internal audit staff. This response is consistent with the 2006 and 2010 survey rank of risk analysis and control assessment techniques as important technical skills because a solid understanding of the business is essential for internal auditing to effectively identify emerging risk and control issues. 3. CAEs indicate the ability to promote the value of the internal audit as the most important competency for them to perform their work. 4. The results indicate that keeping up to date is now considered very important at all three professional levels — not just at the CAE level. Keeping up to date was the third most important competency for CAEs in both the 2006 and 2010 surveys. For internal audit staff and management, keeping up to date moved from about the bottom one-third of competencies in 2006 to the fourth highest ranked competency in 2010. 5. Communication skills ranked as the top overall general competency for both the 2006 and 2010 surveys. Based on the survey results, the general competency rankings for all industries are consistent with the overall general competency rankings. Knowledge Areas and Audit Tools 1. In terms of core knowledge areas, survey results for 2006 and 2010 are similar, indicating the continuing importance of internal auditors possessing knowledge of auditing, internal audit standards, ethics, and fraud awareness. 2. In 2010, enterprise risk management (ERM) replaced technical knowledge by industry as the fifth ranked knowledge competency. The higher knowledge ranking for ERM is consistent with the technical skill common core competency of risk analysis and control assessment techniques. It also aligns with the most currently used (and predicted increase in usage in the next five years) audit tool or technique on an engagement — risk-based audit planning techniques — as indicated in the 2010 survey. Knowledge of ERM helps the internal auditor effectively apply risk analysis and control assessment techniques and risk-based audit planning techniques. International Standards 1. According to CAEs, only 46.3 percent of their organizations are in full compliance with the Standards in 2010, compared to 59.9 percent in 2006. CAEs assessed the adequacy of the guidance provided by the Standards higher in the 2010 survey than in the 2006 survey. However, inferences from the 46.3 percent reported responses from CAEs are limited because only 37.2 percent of organizations are fully compliant with Standard 1300, which would be the upper percentage boundary for full compliance for all of the Standards. The Standards assessed as providing the least guidance and that also had the fewest organizations fully complying with them were Standard 1300: Quality Assurance and Improvement Program and Standard 2600: Resolution of Senior Management’s Acceptance of Risks in both the 2006 and 2010 survey. 2. The principle reasons for noncompliance include: small size of the organization or internal audit staff, cost of using the Standards, amount of time required for compliance, or lack of management/board support. It should be noted that the adequacy of guidance of Standard 2600: Resolution of Senior Management’s Acceptance of Risks varies widely from a high of 91.3 percent in the Middle East and the United States and Canada regions to a low rating of 76.7 percent in the Western Europe region. The U.S. and Canada region has 72.2 percent of organizations complying with Standard 2600. The Middle East has the next highest Standard 2600 compliance at 53.6 percent. Similarly, a major reason for noncompliance in Europe-Central Asia and Latin America regions is that the Standards are superseded by local/government regulations or standards. The Asia-Pacific and Western Europe regions state that the Standards or Practice Advisories are too complex as a reason for noncompliance. Similar to the regions, almost all the industries rate each standard approximately the same except for Standard 2600, which ranges from a high rating of 87.0 percent in the finance industry to a low rating of 76.8 percent in the wholesale and retail trade industry. The finance industry also has by far the highest industry compliance percentage with Standard 2600. Reasons for relatively high compliance with this standard in the finance industry might be attributed to the industry’s focus on risk management in general and in strong regulatory environment. 3. CAEs stated that only 31.3 percent of their organizations have internal audit quality assessment and improvement programs in place. They also stated that 34.5 percent of their organizations had an external quality review in accordance with Standard 1312, while 50.9 percent have never had an external quality assessment in accordance with the Standards. The principal reasons for noncompliance parallel the primary reasons for not following the Standards in general: small size of internal audit staff, cost, and lack of management/board support. This report contains comprehensive responses from all participants and trend analysis that will help CAEs identify and prioritize core competencies and design continuing education programs to develop and attract talent to build a high quality staff that effectively demonstrates and communicates the value of internal auditing to their organizations. Members IIA Netherlands can read the full report here.