The reform in 2020 of the international audit certificate (CIA)

Reform the CIA to take account of developments in the business world

2020, year of the reform of the Certified Internal Auditor! The Institute of Internal Auditors (IIA) has decided to revise the emblematic certification that drives an entire profession. Auditors having the obligation to adapt to any change impacting their organization, what could be more normal than the examination testing their professionalism and their skills are also transformed. In recent years, in fact, there have been significant changes, both on an economic, financial and legal level, mainly following the crisis, and at the level of the processes and tools used by companies, cyber security in particular being has become a major concern within organizations, all sectors of activity combined.

The revision of the CIA thus aims to take these transformations into account. But who says reform of course says questions, especially among those already engaged before 2020 in the certification process, and also among all those wishing to take the exam in the near future. However, it should be noted that the reform came into effect in January 2020 when the examination is carried out in English,. The purpose of this publication is to answer the main questions that are already raised by a number of listeners, by distinguishing what mainly does not change in 2020 compared to the previous CIA format and what, on the other hand, is reviewed.

What does not change with the reform of the CIA?

The CIA is maintained in its pre-reform format, an examination in the form of multiple choice questionnaires, consisting of three parts. Certification is therefore always obtained by correctly answering a minimum of questions (around 75% correct answers for each of the parts). The objective of the CIA also remains the same that is to test the capacity of the auditor to put into practice professional auditing standards, to respect the ethical imperatives stated by the IIA, to have general knowledge allowing him to evolve in the business world in conditions essential to the exercise of his profession. The three parts in question are as follows:

Part 1 entitled “The basic concepts of internal audit” , composed of 125 questions and the time allowed to answer them is 150 minutes;

Part 2 entitled “The practice of internal audit” , the number of questions is 100 with 120 minutes to answer;

Part 3 about “Economic knowledge necessary for internal audit” , also comprising 100 questions, the candidate also having 120 minutes to give his answers.

The reform of the CIA does not upset the "spirit" of the examination either. Auditors are still required to know how to adapt to both conceptual and normative as well as practical issues. The questions remain inscribed in a perspective shared between two levels, the first says basic, the second experienced.

What changes for part 1 of the CIA?

The reform of the CIA consists above all of a programmatic change for each part, the first relating to the basic concepts of internal audit. Governance, risk management and control systems are now the main component. More specifically, the program for Part 1 after reform is as follows:

The fundamentals of Internal Audit and control system reviews in Dubai, the subjects of which relate essentially to the definition of internal audit according to the IIA, the nature of the missions and powers of the auditors, the Code of ethics and the charter of internal audit;

The independence and objectivity of the internal auditor, in particular with regard to his hierarchical positioning and the limits as to the performance of his work;

The competence and professional conscience of the internal auditors, on the need for the audit to have the knowledge and skills required for the performance of the missions, especially when these require auditors a high degree of technicality;

The quality assurance and improvement program to be implemented by the head of internal audit to ensure that his service collectively complies with IIA professional standards;

Governance, risk management and control mechanisms , the objective for the auditor being to know the principles, methods, benchmarks, practices in terms of risk management, and also what must be involved governance on the subject;

The risks of fraud , the auditors not being intended to become experts in the fight against fraud, but at the very least they must have knowledge in the field to be able to pick up red flags and to act accordingly.

What changes regarding part 2 of the CIA?

The second part of the CIA is still focused on operating standards, but it now focuses on four areas:

·         The management of the internal audit functions, the objective being to ensure that the auditor knows the operating methods of an internal audit service, both administratively and technically. The candidate for knowledge certification is asked to establish the audit plan and to understand the link between the risks inherent in their organization and the audit missions to be undertaken. The communication of auditors and the drafting of audit reports addressed to governance are also a point of particular attention in this part;

·         Mission planning , the auditor should be able to determine the objectives of a mission and plan it accordingly, identifying, among other things, the means necessary to carry out the expected work;

·         Mission accomplishment , more precisely on the collection of information by the audit, on the analysis and evaluations to be carried out during a mission, on the supervision of the work carried out by the auditors;

·         Communication of the results of the mission and monitoring of progress actions, as regards the last phases of a mission to be mastered by the auditor.

What's Changing About Part 3 of the CIA?

Before reform, the 3 rd part of the CIA was composed of eight parts with a variety of extensive subjects. From now on, listeners will be asked to master four themes, which are as follows:

Related Post: Corporate valuation methods

·         Knowledge of the organization and its environment , on organizational aspects, operational processes, data analysis;

·         The security of information systems , in particular by knowing how to differentiate the types of control, identifying the impacts of technological developments on computer security, recognizing the legal devices in this area;

·         The basic activities inherent in information systems , both those concerning the infrastructure and its maintenance than the IT control framework, but also with regard to the resumption of these activities in the event of a breakdown or disaster;

·         Financial management, whether financial accounting for the analysis of balances, or management accounting for the implementation of budgetary processes and the performance of profitability calculations.

Related Post: 5 ways to improve the corporate financial performance of an MSP