Page 11 - ITGC_Audit Guides

P. 11

Figure 1: The IIA’s IT Competencies for Internal Auditors

Source: The Institute of Internal Auditors.

Conformance with The IIA’s Code of Ethics and Standards

Although this guide does not go into specific details of
performing an IT audit, the general content will help internal Additional Resources
auditors conform with the Competency principle of The IIA’s This guide will reference standards
Code of Ethics and multiple IIA standards, specifically from other governing bodies. IIA
Standard 1200 – Proficiency and Due Professional Care,
which states, “Engagements must be performed with Standards will be noted as such
proficiency and due professional care,” and Standard 1210 – and will include the standard
Proficiency, which states, “Internal auditors must possess the number.
knowledge skills, and other competencies needed to perform
their individual responsibilities. The internal audit activity collectively must possess or obtain
and apply the knowledge, skills, and other competencies needed to perform its responsibilities.”
Internal auditors should have sufficient knowledge of key IT risks and controls and available
technology-based audit techniques to perform their assigned work.

When assigning auditors to an engagement that may require specific skills and abilities, such as
an audit with IT components, Standard 2230 – Engagement Resource Allocation states, “Internal
auditors must determine appropriate and sufficient resources to achieve engagement objectives
based on an evaluation of the nature and complexity of each engagement, time constraints, and
available resources.” The interpretation of this standard states, “Appropriate refers to the mix of

3 — theiia.org

6 7 8 9 10 11 12 13 14 15 16