Information Technology For Professional 2001

Issued September 2001
IFAC
Exposure Draft IEG-11
Education Response Due Date December 31, 2001
Committee
Information Technology for

Professional Accountants
Issued for Comment
by the International
Federation of
Accountants
Invitation to Comment
This Exposure Draft was approved for publication in August 2001 by the Education Committee.
The mission of IFAC is the worldwide development and enhancement of an accountancy profession with
harmonized standards, able to provide services of consistently high quality in the public interest.
The Education Committee welcomes any comments you may have on this Exposure Draft. Comments
should be submitted in writing so as to be received by December 31, 2001. Comments sent by e-mail are
preferred but they may also be submitted on a computer disk or in writing. Comments are considered a
matter of public record. Any comments received on this booklet will be reviewed by the Education
Committee and may influence its final publication. Comments should be sent to:
Technical Director
International Federation of Accountants
535 Fifth Avenue, 26th Floor
New York, NY 10017 USA
Fax: (212) 856-9420
Web site: http://www.ifac.org/Committees/Education
E-mail responses should be sent to: EDComments@ifac.org
The Committee intends to carry out further consultation over the forthcoming months with employers and
other interested parties through focus groups and targeted interviews regarding the competencies identified
in Appendices 2b – 6. The further consultation is to assist the Committee to identify examples of work
experience candidates might gain to meet the competencies to develop guidance on the evidence member
bodies and employers might seek to determine whether the candidate has met the competencies. The
Committee intends to release this additional guidance along with the final Guideline.
The approved text of this Exposure Draft is that published in the English language.
In order to achieve maximum exposure and feedback, IFAC encourages the reproduction of this publication
in any format.
Copyright© September 2001 by the International Federation of Accountants. All rights reserved.
2
11
FIRST ISSUED DECEMBER 1995
REVISED JUNE 1998
INFORMATION TECHNOLOGY FOR PROFESSIONAL ACCOUNTANTS
CONTENTS
Paragraphs
Preface
Introduction................................................................................................................................................. 1-10
OUTLINE ................................................................................................................................................ 11-34

Work Domains .................................................................................................................................. 11-12
Roles ................................................................................................................................................. 13-18
Prequalification and Postqualification .............................................................................................. 19-20
Importance of Practical Experience........................................................................................................ 21
Continuing Professional Education ................................................................................................... 22-23
Specialization.......................................................................................................................................... 24
Competencies .................................................................................................................................... 25-30
Prequalification Tests of Professional Competence ......................................................................... 31-32
Postqualification Tests of Professional Competence ........................................................................ 33-34
PREQUALIFICATION IT KNOWLEDGE AND COMPETENCY

REQUIREMENTS .......................................................................................................................... 35-80
Introduction........................................................................................................................................ 35-39
General Information Technology Knowledge Requirements ................................................................ 40
Information Technology Controls Knowledge Requirements................................................................ 41
Information Technology Controls Competency Requirements.............................................................. 42
Course Requirements for General and IT Controls: Knowledge and Competencies ....................... 43-49
User Role Competency Requirements............................................................................................... 50-55
Manager Role Competency Requirements ........................................................................................ 56-62
Designer Role Competency Requirements........................................................................................ 63-70
Evaluator Role Competency Requirements....................................................................................... 71-78
Contents
3
Prequalification Concentration in Accounting and Information Systems ......................................... 79-80
POSTQUALIFICATION IT KNOWLEDGE AND COMPETENCY REQUIREMENTS .......... 81-111

Introduction........................................................................................................................................ 81-82
Continuing Professional Education .................................................................................................. 83-86
Specialization..................................................................................................................................... 87-90
The USER Role ................................................................................................................................. 91-93
The MANAGER Role ....................................................................................................................... 94-99
The DESIGNER Role.................................................................................................................... 100-105
The EVALUATOR Role ............................................................................................................... 106-111
APPENDICES - CORE IT KNOWLEDGE AND COMPETENCY AREAS FOR PROFESSIONAL

ACCOUNTANTS BY ROLE.............................................................................................................. 1-6
General Information Technology Knowledge Requirements................................................................... 1
Information Technology Control Knowledge Requirements ..................................................................2a
Information Technology Control Competencies .................................................................................... 2b
Competencies for the Professional Accountant as a User of Information Technology............................ 3
Competencies for the Professional Accountant as a Manager of Information Systems........................... 4
Competencies for the Professional Accountant as a Designer of Business Systems ............................... 5
Competencies for the Professional Accountant as an Evaluator of Information Systems ....................... 6
Contents
4
Preface
I. International Education Standards, Guidelines, and Papers
The role of the Education Committee is to develop standards, guidelines, and other pronouncements on
prequalification education for members of the profession and on matters relating thereto, and on continuing
professional education for members of the profession and on matters relating thereto, and to promote
understanding and acceptance of such standards and guidelines.
This pronouncement is an Exposure Draft for a revised International Education Guideline.
International Education Standards prescribe generally accepted ‘good practice’ in the education of
professional accountants.
International Education Standards express the benchmarks that member bodies are expected to aim at in
the preparation and continuous development of professional accountants. They establish the essential
elements of the education process at a level that is aimed at gaining international recognition, acceptance,
and application. International Education Standards cannot override authoritative local pronouncements
but will provide an authoritative reference for informing and influencing local regulators regarding
generally accepted ‘good practice’.
International Education Guidelines promote generally accepted ‘good practice’ in the education of
professional accountants by providing advice or guidance on how to achieve ‘good practice’ or current
‘best practice’.
International Education Guidelines may interpret, illustrate, elaborate, or expand on matters within
International Education Standards. In this function, the Guidelines assist member bodies to implement and
achieve ‘good practice’ as prescribed in International Education Standards. The Guidelines may also
outline exemplary methods or practices, including those that are recognised as current ‘best practice’,
which member bodies may wish to adopt.
International Education Papers promote discussion or debate on education issues affecting the
accounting profession, present findings, or describe situations of interest relating to education issues
affecting the accounting profession.
International Education Papers may be expository in nature and thus are intended to raise discussion
within the accounting profession to a level whereby issues may be progressed or eventually resolved. As
such, the Papers may explain, examine, analyse or otherwise critically assess education issues and
practices. The aim of such Papers is to provoke consideration of the issues and encourage comment and
feedback so that the issues can be advanced. In this function, they may be useful for exposing views,
approaches, and methods that are in a relatively formative stage and may be useful precursors to
Guidelines and Standards. Alternatively, the Papers may be simply descriptive in nature. In this function,
they aim to promote awareness of, and to transfer knowledge and information on, education issues or
practices relating to the accounting profession.
II. Purpose of the Guideline
This Guideline is intended to assist member bodies to prepare professional accountants to work in the
information technology environment. Society expects professional accountants to perform their roles
competently. To do so, professional accountants must demonstrate competence in the use of information
technology and computer-based information systems. This Guideline describes capabilities (i.e. the
knowledge and skills base) required in the information technology environment, as well as specific work
place competence requirements.
IEG-11 Preface
5
III. Scope of the Guideline
The Guideline’s framework begins with discussion of general information technology knowledge
requirements, followed by knowledge and competence requirements relating to information technology
controls.
The discussion then progresses to cover several roles in which professional accountants may be engaged
with respect to information technology and systems: the user, manager, designer, and evaluator roles.
The fundamental (general and control) requirements and the four role-based requirements are presented in
terms of pre-qualification requirements and post-qualification requirements, with a brief reference to post-
qualification specialization.
The above areas are addressed for the purpose of both formal education courses and on-the-job practical
experience and training.
IV. Background
The Education Committee of IFAC first issued IEG-11 in December 1995, which identified the required
capabilities (i.e. knowledge and skills) for information technology in an accounting curriculum. Since that
time, the Guideline has been reviewed each year to determine whether it required updating to remain
current. The Guideline was first revised in June 1998. The Committee’s objective for these earlier versions
was to provide guidance on the capabilities (knowledge and skill requirements) that could be incorporated
into a formal accounting education curriculum for professional accountants.
This version represents the second revision of IEG-11. The Education Committee agreed that, in addition
to presenting a revised set of capabilities, this second revision should incorporate examples of tasks that a
competent professional accountant should need to perform in the work place (i.e. units and elements of
competence). This version therefore represents the first exposure of information technology competence
requirements within IEG-11.
V. Foreword
Information technology (IT) is pervasive in the world of business. Competence with this technology is an
imperative for the professional accountant.
The input-based, capability approach for specifying qualifying requirements (as adopted in previous
versions of IEG-11) focuses initially on the knowledge, skills and professional values required to
demonstrate competence. However, the Committee has also emphasized the value of the output-based,
functional analysis approach for specifying qualifying requirements, which focuses initially on the roles,
tasks, and sub-tasks actually performed by professionals in the work place. This latter approach is favored
by many professions throughout the world and is endorsed by the Education Committee as a valid approach
for identifying the requirements of professional accountants. A discussion of how the two approaches can
be employed is presented in the Education Committee’s Discussion Paper, Competence-based Approaches
to the Preparation and Work of Professional Accountants, published May 2001.
Following from the desire to provide member bodies with guidelines from a functional analysis
perspective, this revised version of IEG-11 incorporates for the first time a range of competency units and
elements alongside the capability (knowledge and skill) requirements. In this respect, the Guideline is a
hybrid document, serving the dual purpose of providing guidance on both input-based and output-based
specifications.
IEG-11 Preface
6
Because many of the education requirements involve practical skills, they would be best met through a
combination of formal education and practical application of skills in a professional work environment.
Member bodies should apply this Guideline in a manner that best suits the education and training
environment for professional accountants in their respective countries. One simple approach would be to
view the knowledge requirements as providing guidance for a formal education curriculum and the
competency requirements (Appendices 2b – 6) as providing guidance for work place training and
experience programs. Alternatively, knowledge and skill requirements can be inferred from the
competence units and elements, and vice versa.
For the formal education component, the coverage of some of the topics identified in this Guideline could
be provided through courses specifically designed to develop IT knowledge and competencies or spread
over and integrated into courses that are not specifically identified as IT courses. For example, coverage of
some aspects of computer-based business systems could be integrated within a financial accounting course,
coverage of some aspects of management information systems could be integrated within a management
accounting course, coverage of some aspects of internal control in a computer environment could be
integrated within an auditing course, and so on.
For the formal IT education, case studies, interactions with experienced professionals, and similar
techniques should be used to enhance the presentation of subject matter and to help students develop
practical skills.
Some member bodies may wish to offer their own distance education courses, or to supplement courses at
post-secondary institutions with their own training programs or employer-provided training programs. This
might be necessary where there are not sufficient resources at post-secondary institutions to offer some
parts of the required program of studies or to supplement theoretical knowledge obtained at post-secondary
institutions with practical experience.
On-the-job training can provide valuable practical exposure to these topics. Member bodies must ensure
that pre-qualification education and experience requirements are designed to provide aspiring professional
accountants with opportunities to obtain both theoretical knowledge and practical skills in connection with
the topics identified in this guideline.
The Committee recognizes that member bodies will be adopting different approaches to education in the IT
area in the light of their own particular circumstances. Already some will have made much progress, others
less so. Recognizing that further developments in IT will not wait on the profession, the Committee advises
each member body to review the Guideline promptly and consider how it can best address its
recommendations.
The Committee is conscious of the diverse circumstances and resources of member bodies and the
significant development costs involved in the implementation of programs of education in IT. It would
remind users that this is an area wherein there is significant potential for co-operation between member
bodies and consequently avoidance of duplication of development costs.
The Committee is grateful to Dr Efrim Boritz of the University of Waterloo, Ontario, Canada for
researching and drafting this paper. The Committee also acknowledges the work of the sub-committee
appointed to oversee the project, comprising Mark Allison (Chair – United Kingdom), Shirley Reilly
(Canada), and Dato Abdul Halim Mohyiddin (Malaysia).
IEG-11 Preface
7
Members of the Education Committee are listed below:
Warren Allen, Chair, New Zealand

Hector Ostengo, Argentina
Robert Dye, Canada
Bohumil Kral, Czech Republic
Jozsef Rooz, Hungary
Yoram Eden, Israel
Dato Abdul Halim Mohyiddin, Malaysia
S. M. Zafarullah, Pakistan
Cheryl James, South Africa
Usana Patramontree, Thailand
Masum Turker, Turkey
David Hunt, United Kingdom
Gary Holstrum, United States of America
IEG-11 Preface
8
Introduction
1. Information technology plays a vital role in supporting the activities of both profit-oriented and not-
for-profit organizations. Professional accountants, in addition to extensively using various types of
information technologies, often play important managerial, advisory and evaluative roles in
connection with the adoption and use of various information technologies by organizations of all
types and sizes.
2. The term “information technology,” or IT, as used in this Guideline, encompasses hardware and
software products, information system operations and management processes, and the human
resources and skills required to apply those products and processes to the task of information
production and information system development, management and control.
3. Society expects that professional accountants who accept an engagement or occupation have the
required level of competence to perform the work required. The accountancy profession as a whole
has the obligation to ensure that candidates for membership possess the breadth and depth of
knowledge and skill required to demonstrate competence, and the credibility of the accountancy
profession depends on its success in fulfilling this obligation. In addition, the accountancy
profession has an obligation to ensure that, after qualifying, members keep abreast of relevant
developments through continuing professional education.
4. The body of knowledge and skill required of professional accountants includes a variety of
important areas. IT is one of the core competencies of professional accountants and requires special
attention due to its explosive growth and its rapid rate of change.
5. The following IT trends are particularly noteworthy:
• wide availability of powerful yet inexpensive computer hardware, including the widespread
incorporation, through miniaturization, of powerful computing capabilities in numerous devices
designed for personal and professional use;
• wide availability of powerful, inexpensive and relatively user-friendly software with graphical
user interfaces;
• shift from custom-tailored systems to prepackaged software;
• shift from mainframes to small computers used alone or, increasingly, as part of networks
devoted to information sharing and cooperative computing with corresponding changes in the
nature, organization and location of key information system activity, such as the shift to end user
computing;
• increasing availability of computerized data for access in real or delayed time, both locally and
through remote access facilities, including via the Internet;
• new data capture and mass storage technologies leading to increasing computerization of
data/information in text, graphic, audio and video formats and emphasis on managing, presenting
and communicating information using multimedia approaches;
• convergence of information and communication technologies, affecting how people work and
shop;
• increasing use of networks to link individuals, intra-organizational units and inter-organizational
units through systems such as electronic mail (e-mail) and the Internet, including the World Wide
Web;
• increasing use of the Internet for commerce between organizations and individuals and between
organizations and other organizations through electronic commerce systems such as electronic
data interchange (EDI) and electronic funds transfer systems (EFTS);
IEG-11 Introduction
9
• mass marketing and distribution of IT products and services such as computers, prepackaged
software, on-line data retrieval services, electronic mail and financial services;
• reduction of barriers to systems use, encouraging wider penetration of information systems into
profit-oriented and not-for-profit organizations of all sizes for accounting and broader
management and strategic purposes and increasing the role of end-user computing;
• wider penetration of information technologies such as computer-assisted design and computer-
assisted manufacturing (CAD/CAM), computer imaging systems, executive information systems
(EIS) and electronic meeting systems (EMS);
• new system development techniques based around information technologies, such as computer-
assisted software engineering (CASE), object-oriented programming and workflow technologies;
• continuing development of intelligent support systems incorporating expert systems, neural
networks, intelligent agents and other problem solving aids;
• new business re-engineering approaches based on effective integration of information
technologies and business processes.
6. The growth and change that has come about as a result of these trends has created a number of
important challenges that the accountancy profession must address:
• Information technologies are affecting the way in which organizations are structured,
managed and operated. One of the most dramatic developments affecting organizations is the
fusion of business and IT strategy. Entities can no longer develop business strategy separate from
IT strategy and vice versa. Accordingly, there is a need for the integration of sound business and
information technology planning and the incorporation of effective financial and management
controls within new systems. Traditionally, professional accountants have been entrusted with the
tasks of evaluating investments in business systems, evaluating business system designs and
reporting on potential weaknesses. Increasingly, information technology deployments are
supported by extensive organizational restructuring around such technologies. To maintain both
the accountancy profession’s credibility and capability in supporting new, strategic information
technology initiatives and the public’s trust and confidence, the competence of professional
accountants in IT strategy must be preserved and enhanced.
• Information technologies are changing the nature and economics of accounting activity. The
career plans of professional accountants and related training systems must be based on a realistic
view of the changing nature of accounting, the accountancy profession’s changing role in
providing services to business, government and the community at large, and the knowledge and
skills required for future success as a professional accountant. Some IT skills, such as the ability
to use an electronic spreadsheet, are now indispensable, and professional accounting bodies must
ensure that candidates possess core IT skills before they qualify as members of those bodies. In
addition, since an increasing number of professional accountants is engaged in providing IT-
related advisory and evaluative services, it is important that professional accountancy bodies
maintain the quality and credibility of these services through both prequalification and
postqualification education requirements.
• Information technologies are changing the competitive environment in which professional
accountants participate. Information technologies are either eliminating some areas of practice
that were once the exclusive domain of professional accountants or reducing their economic
attractiveness. For example:
– Accounting and accounting system developments were once the virtually exclusive domain of
professional accountants. Today, inexpensive, easy-to-use and powerful prepackaged
accounting software is reducing the demand for those activities or enabling non-accountants to
offer those services. At the same time, there is an increasing demand for professionals with a
combination of business and IT skills to help organizations structure their systems to provide
effective and efficient support for their primary objectives and activities.
IEG-11 Introduction
10
– Tax planning and tax return preparation have traditionally represented important activities for
many professional accountants. Today, inexpensive, easy-to-use and powerful prepackaged
software is reducing the demand for tax return preparation services. The professional tax-
planning expertise that was once the exclusive domain of individual practitioners is
increasingly being embedded within these same tax packages, reducing the demand for such
services as well.
– In the past, accountants with internal and external auditing expertise were needed in great
numbers to vouch and trace documents, to perform a variety of analyses and to document audit
work. Today, the computerization of business records and the availability of computer-assisted
auditing tools means these activities can be performed faster and more thoroughly, again
reducing the demand for such activities.
7. IT changes have created many new opportunities for professional accountants in areas such as
information development and information system design, information system management and
control and information system evaluation. For example:
• Information development and information system design: Professional accountants have
traditionally produced information to enhance management decision-making. With the advent of
new information technologies and expanded sources and means of access to information,
professional accountants can help bring richer sets of information to bear on specific managerial
decisions or help screen out essential information from the potentially overwhelming proliferation
of information. One of the implications of the growth of such services is the need to expand
professional accountants’ perspectives beyond their traditional focus on accounting information
to other important types of information and performance indicators, including non-financial
information.
Information systems are increasingly viewed as a potential means to achieve competitive
advantage. Professional accountants, by virtue of their broad business backgrounds, financial
skills and objectivity, can provide valuable advisory services related to assessing investments in
strategic information technologies and advising about control systems required to meet the needs
of management and, in some cases, the requirements of legislators and regulators.
Multiple objectives exist within most information systems installations. They will invariably lead
to cost vs. quality vs. control trade-offs; i.e., information systems personnel may resist
implementing additional controls if they perceive them to detract from the ease-of-use or
efficiency of a system, since these criteria may be important in their performance evaluations.
Professional accountants can provide a valuable advisory service by bridging communications
gaps, adding a sound business perspective to the consideration of IT control issues and vice versa.
• Information system management and control: Information system management skills are not
primarily technological but, rather, include an understanding of strategic and operational business
planning and associated IT issues, the ability to perform appropriate analyses of IT investments,
an understanding of IT related benefits and risks, the ability to stimulate and manage
organizational change and the ability to communicate effectively about IT topics.
Information system management has been characterized by a communication gap between top
management or functional managers lacking IT skills and technologists lacking in business
backgrounds. Professional accountants can provide a valuable service by bridging such
communications gaps, adding a sound business perspective to the consideration of IT issues and
vice versa.
• Information system evaluation: Professional accountants have traditionally provided evaluative
services in their roles as internal and external auditors. As information technologies proliferate,
there are increasing demands for objective assessments of information system controls such as
controls over information privacy and integrity and controls over system changes.
IEG-11 Introduction
11
In addition, there are concerns about information system failure and the reliability of information
processing continuity provisions when systems do fail. Other areas of concern are the proliferation
of incompatible subsystems and inefficient use of systems resources.
8. All of the areas identified above represent important work domains in which significant numbers of
professional accountants participate. Although some of these are not the exclusive domain of
professional accountants and are not commonly associated with the accountancy profession, they all
represent important opportunities for professional accountants.
9. Professional and academic accountancy bodies throughout the world are grappling with the need to
define the body of knowledge and the competencies that their members must possess. Attempts at
defining a common body of knowledge and competencies are complicated by several important
factors. These include the facts that accountancy is a diverse profession whose members operate in
several domains, that within each of these domains professional accountants may be engaged in a
variety of roles, and that the spread of IT and related accounting services is not uniform throughout
the world.
10. Nevertheless, it is evident that IT is fundamentally changing professional accounting, whatever the
accountant’s work domain or role. Consequently, professional accountancy bodies must address
these changes through their educational processes by including coverage of important IT knowledge
and competency areas in prequalification education programs, prequalification work experience and
postqualification professional education in both general work domains and specialty areas.
IEG-11 Introduction
12
OUTLINE
Work Domains
11. The accountancy profession is a diverse profession whose members operate in several work
domains, such as:
• industry and commerce;
• public practice;
• public sector (government and other not-for-profit organizations).
12. This Guideline is intended to apply to all work domains. An organizing framework built around
roles, as discussed in the next section, is sufficiently broad to address the needs of all three of the
work domains identified above.
Roles
13. Within each of the work domains, professional accountants may be engaged in a variety of roles,
such as:
• user;
• financial manager (accountant, controller);
• designer of financial information systems (member of business system design team or task force,
producer of financial information, analyst);
• internal financial or operational auditor;
• external “advisor” (accountant, auditor, tax practitioner, consultant, insolvency practitioner).
14. Although specific needs and opportunities will vary in different environments, many aspects of IT
are common and it is possible and desirable to set out some of the broad elements of an educational
background that all professional accountants can be legitimately expected to share.
15. This Guideline establishes a framework for organizing IT-oriented education for professional
accountants and the core competency areas to be covered. This Guideline identifies the IT education
requirements for professional accountants under seven main headings:
• general IT knowledge;
• IT control knowledge;
• IT control competencies;
• the accountant as user of information technology;
• the accountant as manager of information systems;
• the accountant as designer of business systems (alone or as part of a team); and
• the accountant as evaluator of information systems.
16. While the four broad roles of user, manager, designer and evaluator are not as specific as the areas in
which many professional accountants actually work, they represent the key elements of knowledge
and competence professional accountants require and provide a useful framework for organizing an
educational approach.
IEG-11 Outline
13
17. The education requirements may be viewed as building blocks in the sense that the general IT
knowledge and IT control knowledge requirements form the foundation for the user-oriented
competency requirements. These, in turn, form a foundation for the other role-related competency
requirements. In addition, the competency requirements related to the roles of user, manager,
designer and evaluator may be viewed as building blocks for one another, in the sense that the
accountant’s design role may be enhanced by competencies developed as a user, the accountant’s
managerial role may be enhanced by competencies obtained through a combination of user and
design roles, and the accountant’s role as evaluator can be enhanced by competencies developed in
the user, designer and manager roles. Thus, an aspiring management accountant would be guided by
the portions of the Guideline dealing with general IT knowledge, IT control knowledge and IT
control competency requirements, user-oriented competency requirements and competency
requirements related to the manager role. An aspiring public accountant would be guided by the
portions of the Guideline dealing with general IT knowledge, IT control knowledge and IT control
competency requirements, user-oriented competency requirements and competency requirements
related to the evaluator role.
18. It is acknowledged that a professional accountant may operate in more than one of these roles during
a given time period and throughout his or her career. This Guideline does not, however, presume
that all professional accountants will work through these roles in a sequential fashion.
Prequalification and Postqualification

19. This Guideline distinguishes between the prequalification and postqualification IT related
competency requirements. The Guideline assumes that, at the time of qualification, all professional
accountants will operate in at least two roles: the user role and one of the other three roles, depending
on the member’s work domain. After qualification, professional accountants’ careers and their IT
competency requirements may evolve in many diverse ways. Thus, the postqualification IT
competency requirements are not based on the same assumptions as the prequalification requirements
and have a separate section of the Guideline devoted to them.
20. During the prequalification phase, the emphasis will be on broad IT competencies; in the
postqualification phase, there will be greater emphasis on specialized needs of the work domain and
role of the professional accountant.
Importance of Practical Experience

21. Member bodies should monitor prequalification experience to ensure that it includes IT-related
training opportunities in the competency areas related to their members’ activities. The capability to
solve practical problems through the application of knowledge and competencies is one of the prime
objectives of professional education. This capability is best developed through relevant practical
experience in which conceptual knowledge can be applied to specific problems. To ensure that
professional accountants possess entry level competencies in core IT knowledge and competency
areas, all prospective members must receive training and work experience sufficient to develop core
IT knowledge and competencies prior to qualifying for membership in their respective member
bodies. Member bodies must monitor candidates’ prequalification experience to ensure that it
includes such training opportunities.
Continuing Professional Education

22. After qualification, professional accountants are expected to continue their professional IT education
activities. It is likely that some members’ specific activities and related educational requirements will
be relatively specialized. The continuing professional education requirements in connection with IT for
both specialist and non-specialist accountants at the postqualification stage must be relevant to their
current field(s) of activity.
IEG-11 Outline
14
23. IFAC recommends that member bodies work toward developing continuing professional education
(CPE) requirements related to IT for their members’ postqualification work domains to ensure that a
minimum level of service quality is maintained.
Specialization
24. Member bodies may wish to recognize the qualifications of members who have achieved specialist
status in a recognized domain of IT activity by granting them specialist designations or other
appropriate recognition.
Competencies
25. Competencies are the capabilities to perform professional tasks at a level defined by professional
standards. Professional activities include tasks that are both conceptual and concrete. In considering IT
competency requirements for professional accountants, it is important to emphasize the need for both
relevant conceptual knowledge of IT and practical IT skills.
26. Conceptual education generally aims at knowledge and comprehension of specified subject matter.
Practical skills include the abilities to apply conceptual knowledge, analyze, synthesize and evaluate
information. An education approach that consists solely of conceptual material will not be sufficient
for professional accountants in any work domain or for any role. It is also generally recognized that the
development of practical skills is facilitated by the prior development of knowledge and
comprehension. Thus, conceptual material must form the foundation for practical skills development.
27. This Guideline simplifies several stages of competency development into two main categories –
knowledge and competence. Member bodies may wish to refine the classification used here into more
specific requirements corresponding to more specific education and training objectives.
28. Implicit in the use of the term “knowledge,” as applied to the concepts listed in this guideline, is
understanding the implications of the concepts in a professional context. Competence is the ability to
perform specified tasks at the level required by professional standards established by member bodies.
29. Core IT knowledge and competence requirements may be viewed from the perspectives of both
breadth and depth. This Guideline addresses the breadth requirements by using work domains as a way
of categorizing knowledge and competency areas.
30. The depth requirements result from the following building blocks aimed at providing increasing depth
of coverage of core IT knowledge and competency:
• a set of general IT knowledge requirements related to business systems;
• a set of knowledge requirements related to IT controls;
• a set of competency requirements related to IT controls;
• a set of competency requirements related to the user role; and
• a set of role-related competency requirements associated with the manager, designer and
evaluator roles.
Prequalification Tests of Professional Competence

31. Prequalification tests of professional competence must include coverage of IT knowledge and
competencies appropriate to the primary roles in which accountants striving for qualification in a given
membership body will be expected to function at an entry level. The weight given to IT in such tests
must be commensurate with its importance as part of the core set of professional education and
competency requirements for professional accountants.
IEG-11 Outline
15
32. Tests of professional competence in connection with IT must go beyond testing knowledge and
comprehension, and focus primarily on testing higher-level competencies such as application,
analysis, synthesis and evaluation, applied in a context representative of the work domain in which
the entry-level professional accountant is likely to work.
Postqualification Tests of Professional Competence

33. Postqualification tests of competence in a specialty area must include coverage of IT knowledge and
competencies appropriate to the practice area.
34. At the postqualification stage, tests of professional competence must be relatively specialized. Their
main purpose is to validate that a professional accountant possesses specialist level competencies in a
particular domain.
IEG-11 Outline
16
PREQUALIFICATION IT KNOWLEDGE AND COMPETENCY REQUIREMENTS
Introduction
35. This part of the Guideline addresses each of the four roles identified earlier and identifies broad IT
knowledge and competency requirements for professional accountants. This broad statement of
requirements is supplemented by more detailed Appendices to this Guideline, which break down the
knowledge and competency requirements into detailed topics.
36. During the prequalification stage, all professional accountants must obtain the general IT knowledge
summarized in paragraph 40 and Appendix 1, “General Information Technology Knowledge
Requirements.”
37. Also during the prequalification stage, all professional accountants must obtain the IT controls
knowledge and competencies summarized in paragraphs 41-42 and Appendices 2a and 2b,
“Information Technology Controls Knowledge and Competency Requirements.”
38. In addition, all professional accountants must obtain the competencies summarized in paragraphs
50-55 and Appendix 3, “The Professional Accountant as a User of Information Technology.”
39. Furthermore, as part of their prequalification education, all professional accountants are expected to
concentrate on at least one of the three other roles identified in this Guideline and acquire the
competencies identified for the role(s) in which they are expected to function at an entry level.
These roles are discussed as follows:
• Manager of information systems — paragraphs 56-62
and Appendix 4 to this Guideline
• Designer of business systems — paragraphs 63-70
• Evaluator of information systems — paragraphs 71-78
General Information Technology Knowledge Requirements

40. All professional accountants, irrespective of their primary work domain or role, must acquire the
following essential body of IT knowledge related to business systems:
– general systems concepts;
– IT strategy;
– IT professionals and career paths in IT organizations;
– management of IT;
– system acquisition/development process;
– hardware and facilities;
– networks and electronic data transfer;
– software;
– data organization and access methods; and
– transaction processing in typical business and accounting applications.
Appendix 1 to this Guideline provides a further breakdown of the topics within these broad areas
that all professional accountants should master prior to qualification.
IEG-11 Prequalification IT Knowledge and Competency Requirements
17
Information Technology Controls Knowledge Requirements
41. All professional accountants, irrespective of their primary work domain or role, must acquire the
following essential body of IT control knowledge related to business systems:
– control frameworks;
– control objectives;
– layers of control;
– responsibility for control;
– control environment;
– control over system acquisition/development;
– risk assessment;
– control activities;
– information and communication; and
– monitoring of control compliance.
Appendix 2a to this Guideline provides a further breakdown of the topics within these broad areas
that all professional accountants should master prior to qualification.
Information Technology Controls Competency Requirements

42. Of particular importance to all professional accountants, regardless of their specific domain of
professional activity, is the issue of control. Because this topic is of central importance to all
professional accountants, it must be given particular emphasis. Accordingly, all professional
accountants must acquire the following broad areas of competency in IT controls related to business
systems:
– select suitable control criteria to analyze and evaluate controls;
– evaluate control environment;
– evaluate system acquisition/development process and controls;
– evaluate risk assessment processes and activities;
– evaluate system processing operations and controls; and
– evaluate monitoring processes and activities;
Appendix 2b to this Guideline provides a further breakdown of the specific competencies within
these broad areas that all professional accountants must acquire prior to qualification.
Course Requirements for General and IT Controls Knowledge and Competencies

43. While competency development should not be tied to the amount of time spent or type of setting in
which the competency is developed, coverage of the topics identified in paragraphs 40-42 at a
general introductory level in a post-secondary institution will require, at a minimum, the equivalent
of two post-secondary level courses. That coverage may be spread over, and integrated into, a
number of courses. Also, it is not necessary for the specified education to be provided through
separate IT-oriented courses or exclusively in a university setting. Indeed, it would be appropriate to
develop the competencies described in this Guideline through a combination of course-based and
experiential learning.
44. As contemplated in this Guideline, a post-secondary course is considered to consist of approximately
40 hours of in-class instruction, as well as an additional 80 hours spent on preparation for class, doing
homework assignments and engaging in other relevant study activities.
45. The level of material presented should lead to the achievement of the competency levels defined by
the qualification standards of the member body.
18
46. Appendices 1, 2a and 2b to this Guideline provide a further breakdown of the specific topics that
make up the general IT and IT controls knowledge and competencies (set out in paragraphs 40-42)
that all professional accountants must acquire prior to qualification. It is acknowledged that specific
topics may change over time as IT evolves; however, the broad knowledge and competency areas
identified in the appendices represent the topics widely regarded as the minimum coverage required
in an IT curriculum for accounting professionals.
47. The coverage of some of the topics identified in this Guideline could be spread over, and integrated
into, courses and other learning contexts that are not specifically identified as IT courses. For example,
coverage of some aspects of computer-based business systems could be integrated into a financial
accounting course; coverage of some aspects of management information systems could be integrated
into a management accounting course; coverage of some aspects of internal control in a computer
environment could be integrated into an auditing course; and so on.
48. Some member bodies may wish to offer their own courses, or to supplement courses at post-secondary
institutions with their own or employer-provided training programs. This might be necessary where
post-secondary institutions do not have sufficient resources to offer some parts of the required program
of studies or to supplement theoretical knowledge obtained at post-secondary institutions with practical
experience to assist in competency development.
49. Professional accountants must have effective practical skills as well as theoretical knowledge. Case
studies, interactions with experienced professionals and similar techniques can be used to help develop
practical skills. On-the-job training could also provide valuable practical exposure to these topics.
Member bodies must ensure that prequalification education and on-the-job training are designed to
provide aspiring professional accountants with opportunities to obtain competence in the topics
identified in paragraphs 40-42.
USER Role Competency Requirements

50. Users of various information technologies employ information systems tools and techniques to help
them meet their objectives or to help others meet their objectives. These objectives, and hence the
types and uses made of IT tools and techniques, can be infinite in their variety. Some typical tasks
users carry out with the help of IT include gathering and summarizing data, choosing alternative
courses of action on the basis of analyses applied to data, devising strategies and tactics, planning
and scheduling operational activities in an organizational unit, directing the allocation of resources,
implementing operations, evaluating performance, documenting observations, judgments and
decisions, and communicating with others.
51. All professional accountants must be familiar with these broad tasks and the way in which
information technologies and systems can be applied to their completion.
52. In addition to knowledge of broad uses of IT, candidates for membership in professional
accountancy bodies require specific knowledge of key concepts and practical skills relevant to the
tools and techniques that are widely used by professional accountants. They must meet these
educational requirements prior to qualification.
53. Professional accountants as users of IT are exposed to a wide array of information systems
architectures, hardware, software and data organization methods. Information systems come in a
variety of forms because they are designed to suit the needs of specific organizations. While no user
could be an expert in every type of information system architecture, hardware, software or data
organization, there are nevertheless fundamental competencies that all accountants must have.
54. The following broad areas of competency relate to the user role:
– apply appropriate IT systems/tools to business/ accounting problems;
– manage/control personal system;
– define and fill personal system requirements.
19
Appendix 3 to this Guideline outlines the specific competencies within these broad areas. Ideally,
these competencies would be developed in an accounting context, such as through their use in
connection with an accounting course or an assignment in the work place.
55. It is estimated that the equivalent of one course, as described in paragraph44, would enable an
aspiring accountant to develop the user role competencies outlined in paragraphs 50-54. The
development of user role knowledge and competencies could be spread over, and integrated into,
courses that are not specifically identified as IT courses. Because many of the user role competency
requirements involve practical skills, they would be best met through a combination of in-class
instruction and practical application of skills in a professional work environment.
MANAGER Role Competency Requirements

56. Many professional accountants are involved in financial management roles that bring them into
contact with information systems. Although the growth of IT has spawned many new groups of
professionals, including professional information system managers, many accountants in small and
medium-sized organizations fulfill information system management functions, in partnership with
other managers or as part of their overall responsibilities.
57. In this capacity, the professional accountant’s responsibilities may include participation in strategic
planning for use of information systems to support entity objectives, membership on an information
systems steering committee, evaluating potential investments in information technologies,
developing operational priorities, exercising control over information system productivity, service
quality and economy of information system use.
58. To support their role as managers of information systems, professional accountants must have a
sound understanding of, and effective practical skills in, the business functions that information
systems can fulfill and the related managerial processes of planning and coordinating, organizing
and staffing, directing and leading, controlling and communicating in an IT context.
59. The following broad areas of competency relate to the manager role:
– manage entity’s IT strategy ;
– manage IT organization;
– manage IT operations effectiveness and efficiency;
– manage inter-organizational computing;
– manage end-user computing;
– maintain financial control over IT;
– manage IT controls;
– manage system acquisition, development and implementation;
– manage system maintenance and change.
Appendix 4 to this Guideline outlines the specific competencies within these broad areas.
60. Both the educational material and the prequalification job content should provide aspiring
professional accountants with opportunities to obtain the requisite practical IT skills prior to
qualification. Education programs could use case studies, interactions with experienced
professionals and similar techniques to help develop practical skills. On-the-job training in a junior
managerial capacity could also help develop the competencies listed in Appendix 4.
61. In addition to the IT competencies listed in Appendix 4, the professional accountant’s competencies
must include the communication and interpersonal skills required to support the manager’s
interactions with top management, users, steering committees and suppliers of information system
services, both internal employees and external contractors. In contrast with general communication
and interpersonal skill requirements, these skills must be developed in an IT context.
20
62. It is estimated that, in addition to the general IT knowledge, IT control knowledge and IT control
competency requirements and the user role competency requirements, the equivalent of one course,
as described in paragraph44, would enable an aspiring accountant to develop the competencies
outlined in paragraphs 56-61. Because many of the manager role competency requirements involve
practical skills, they would be best met through a combination of in-class instruction and practical
application of skills in a professional work environment.
DESIGNER Role Competency Requirements

63. Professional accountants, as employees or external advisors, have been involved in the design of
financial systems for decades. In the past, such design roles have been in the context of manual
record-keeping systems. Today, accountants are expected to continue to provide similar services,
albeit in an IT context. This may be as a member of an in-house team or task force working to
establish business system requirements, as part of an in-house system development team or as an
external advisor helping to design a business system for a client.
64. Professional accountants’ design activities will often emphasize the identification of user needs,
consideration of costs and benefits of proposed solutions, the appropriate selection and combination
of hardware, prepackaged software, essential control features and other system components, and the
effective implementation and integration of acquired or developed systems with business processes.
In this capacity, professional accountants need a sound understanding of business systems and the
capabilities of various information technologies to support an organization’s objectives, whether it is
a profit-oriented, not-for-profit or public-sector organization.
65. The following broad areas of competency relate to the designer role:
– analyze and evaluate role of information in the entity’s business processes and organization;
– apply project management methods;
– apply system investigation and project initiation methods;
– apply user requirements determination and initial design methods;
– apply detailed system design, acquisition/ development methods;
– apply system implementation methods;
– apply system maintenance and change management methods.
66. While at the prequalification level the depth of practical skill that a candidate could acquire in
connection with the design role would, of necessity, be limited, it is nevertheless desirable for
candidates to have practical exposure to some of the important techniques used in key phases of
system design. Both the educational material and the prequalification job content should provide
aspiring professional accountants with opportunities to obtain the requisite practical IT skills prior to
qualification. Education programs could use case studies, interactions with experienced
professionals and similar techniques to help develop practical skills. On-the-job training could also
provide hands on design experience prior to qualification.
67. Since system design skills are generally applied in an interactive context, interpersonal and
communication skills in an IT context are an essential ingredient of the skill set required to support
the professional accountant’s information system design role.
68. A professional accountant’s information system design skills must be developed in the context of
designing systems to meet organizations’ business and service objectives. Thus, IT education
programs and courses aimed at developing practical system design skills must have a managerial
rather than a technical orientation.
21
69. While some practical exposure to specific techniques is desirable, the main emphasis in IT
education programs aimed at developing system design skills must be on higher-order skills
necessary to provide effective advisory services such as the ability to analyze design problems,
synthesize user information and control requirements and evaluate alternative designs in light of an
entity’s business or service objectives.
competency requirements and the user role competency requirements, the equivalent of one course,
as described in paragraph44, would enable an aspiring accountant to develop the competencies
outlined in paragraphs 63-69. Because many of the designer role competency requirements involve
practical skills, they would be best met through a combination of in-class instruction and practical
application of skills in a professional work environment.
EVALUATOR Role Competency Requirements

71. The role of the accountant as evaluator encompasses the functions of internal audit, external audit
and other evaluative roles, whether or not formally identified as audit roles.
72. In these capacities, professional accountants may be engaged for a variety of purposes, including
determining the degree of information system effectiveness and efficiency in achieving
organizational objectives, determining the fairness of financial representations and the accuracy and
completeness of related accounting records, determining the degree of compliance with management
policy, statutes or other relevant authoritative regulations, and evaluating internal control strengths
and weaknesses, in particular with respect to financial reporting processes, asset safeguarding, data
integrity, information security and privacy, and continuity provisions for information system
processing.
73. At the prequalification stage, the competency requirements in this area would be based around the
member body’s principal orientations. For example, if the orientation were toward public
accounting, the competency requirements would focus primarily, although not exclusively, on the IT
competencies involved in a financial statement-oriented attest audit. If the orientation were toward
management accounting, less emphasis would be given to such topics and more to the IT
competencies involved in, for example, evaluating effectiveness and efficiency of information
systems and their compliance with relevant policies, statutes and regulations.
74. For example, in a public accounting context, the competency requirements would focus primarily on
the IT competencies involved in a financial statement-oriented attest audit such as:
• the ability to obtain and document an understanding of the flow of transactions and elements of
the control structure relevant to the audit;
• the ability to test and evaluate relevant information systems controls over financial reporting
processes and asset safeguarding;
• the ability to test computer-based records to establish their accuracy and to substantiate financial
representations.
75. In a management accounting context, less emphasis would be given to such requirements and more
to IT competencies such as:
• the ability to evaluate effectiveness and efficiency of information systems;
• the ability to assess the degree to which an information system meets the needs of users and
serves the objectives of the entity.
22
76. All professional accountants involved in an evaluative role at the prequalification stage must have
the ability, with limited supervision, to plan, execute and communicate the results of an evaluation
approach tailored to the specific types of evaluations relevant to their work domain in the context of
specific circumstances that involve information systems.
77. The following broad areas of competency relate to the evaluator role:
– plan system evaluation;
– evaluate system (including application of computer-assisted audit techniques (CAATs);
– communicate results of evaluations and follow up.
competency requirements and the user role competency requirements, the equivalent of one course, as
described in paragraph44, would enable an aspiring accountant to acquire the competencies outlined
in paragraphs 71-77. Because many of the evaluator role competency requirements involve practical
skills, they would be best met through a combination of in-class instruction and practical application
of skills in a professional work environment.
Prequalification Concentration in Accounting and Information Systems
79. The previous paragraphs in this section outlined the minimum prequalification knowledge and
competency requirements for professional accountants. These requirements amount to the equivalent
of four courses addressing: general IT knowledge, IT controls knowledge, user role competencies and
one of designer, manager or evaluator role competencies.
80. Member bodies may, however, wish to go beyond the minimum requirements to develop professional
accountants with enhanced IT competencies. The following additional courses (or their equivalents)
are suggested as potential candidates for a concentration in Accounting and Information Systems:
– Two of the following three:
– designer role knowledge and skill (e.g., programming, data and object structures;
analysis, modeling and design; systems integration);
– manager role knowledge and skill (e.g., project and change management; IT policy and
strategy);
– evaluator role knowledge and skill (e.g., computer-assisted audit techniques; new
assurance services).
– One of the following three:
– enterprise resource planning;
– knowledge management;
– IT consulting .
– Electronic commerce.
23
POSTQUALIFICATION IT KNOWLEDGE AND SKILL REQUIREMENTS
Introduction
81. This part of the Guideline addresses postqualification IT knowledge and skill requirements. In general,
this part focuses on higher levels of knowledge and addresses more specialized skill sets.
Postqualification education requirements related to IT are oriented to ensuring that professional
accountants maintain standards of competence and service quality in their chosen field of IT-related
activity after qualification.
82. In the postqualification curriculum, accountants may choose to continue working in the same domain
as before qualification, to change to another area or to focus on some more specialized aspect of a
more general role. For example, a management accountant who initially qualifies as an accountant in
the public-sector domain may subsequently choose to work in industry. Similarly, an individual who
initially qualifies as a public accountant may eventually choose to work primarily in a management
advisory capacity in connection with a specific industry or in connection with a specific hardware or
software platform.
Continuing Professional Education

83. Continuing professional education (CPE) is necessary to maintain professional competence in the
rapidly changing IT field. CPE can include self-study, teaching, lecturing and presentations,
publication of articles, monographs and books, participation in workshops, seminars, conferences,
professional meetings and similar activities, and formal courses provided by colleges, universities,
professional associations and software and hardware vendors.
84. Because the IT field is continuously changing, all professional accountants must maintain their IT
professional competence subsequent to qualification through appropriate CPE as required by their
particular IT-related activities. Alternatives that could be considered range from voluntary CPE to
monitored voluntary CPE to mandatory CPE activities. IFAC recommends that member bodies work
toward developing mechanisms for recording and monitoring the CPE activities of their members.
85. After qualification, all professional accountants must, at a minimum, maintain their knowledge and
skill levels as users of IT in their particular work domain. In addition, if their area of activity involves
management, design or evaluation of information systems, they must maintain the knowledge and skill
levels identified for these roles in this section of the Guideline.
86. Professional accountants’ areas of activity may be more specialized than these three broad roles. IFAC
recommends that, where appropriate, member bodies work toward developing IT-related CPE
requirements for such other work domains related to IT to ensure that a minimum level of service
quality is maintained.
Specialization
87. After qualification, some professional accountants will choose to focus their involvement with IT by
specializing. Examples of specialist areas that are not themselves IT fields, but are fields in which the
use of IT may be significant, include treasury and finance, financial planning services, taxation,
insolvency and reconstruction, and small business advisory services. Examples of IT specialist practice
areas involving professional accountants are IT strategy, IT governance and IT security and control.
Other potential areas include industry specialization, such as financial institution information systems,
health care information systems, and so on.
88. Member bodies may wish to recognize the qualifications of members who have achieved specialist
status in an acknowledged domain of IT activity by granting them specialist designations or other
appropriate recognition.
IEG-11 Postqualification IT Knowledge and Skill Requirements
24
89. Specialist status would normally be achieved through an appropriate combination of prescribed
theoretical education, practical skills development and specific experience in a specialized work
domain. Supervised practical experience of a reasonable duration in a given area and, in some cases,
tests of professional competence at the specialist level, should be required to qualify the accountant as
a specialist.
90. The following sections discuss postqualification knowledge and skill level requirements for each of the
four roles identified earlier.
The USER Role

91. At the postqualification stage, professional accountants in this role will likely focus their use of IT
by specializing in the use of particular information technologies that are most appropriate to their
work domain. Appendix 3 to this Guideline addresses the topics relevant to this role.
Theoretical Content
92. At the postqualification stage, professional accountants who are users of IT must have a sound
conceptual knowledge of the information technologies most appropriate to their work domain. For
example, management accountants must have a reasonable knowledge of the major types of
business systems in use, their inherent risks and effective internal control practices. Professional
accountants working in the tax advisory services domain must have a reasonable knowledge of the
main personal and corporate tax preparation packages, their strengths and weaknesses, electronic
filing systems, tax-planning software and tax research databases. Auditors must have a reasonable
knowledge of the main computer-assisted auditing techniques, their strengths, requirements and
limitations.
Practical Content
93. At the postqualification stage, professional accountants who are users of IT must have practical
skills in the relevant information technologies. For example, all professional accountants should be
able to utilize Internet tools for professional research and communication. Professional accountants
serving in an audit role should be able to use at least one major computer-assisted auditing package,
a work paper generation package, an on-line or local database system or professional research tools
and relevant time management technologies such as time-keeping and billing systems. Professional
accountants working in the tax advisory services domain should have a working knowledge of at
least one personal and one corporate tax preparation package and, where feasible, have practical
training in the use of an electronic filing system, tax-planning software and a tax research database.
The MANAGER Role

94. At the postqualification stage, professional accountants who are managers of information systems
will be involved in the specific information technologies used in their work domain. Nevertheless,
there are general knowledge and skill requirements that are common to all accountants employed as
managers of information systems. Appendix 4 to this Guideline addresses the topics relevant to this
role.
95. At the postqualification stage, the level of competence required is mastery of the topics identified in
Appendix 4.
25
Theoretical Content
96. At the postqualification stage, professional accountants serving as managers of information systems
must have a sound understanding of the business functions that information systems can fulfill and
the related managerial processes of directing, leading, controlling and communicating in an IT
context. The professional accountant must, therefore, have a fairly detailed understanding of
information system organizations best suited to different entities; approaches to IT staffing,
budgeting, personnel development and performance evaluation; computer system operations
procedures and controls, including environment controls, security, backup and recovery procedures;
project management techniques and controls applicable to information systems development
projects.
97. The level of knowledge required is that necessary to effectively apply the practical skills required to
manage in an information system context.
Practical Content
98. At the postqualification stage, professional accountants serving as managers of information systems
must be able to plan and coordinate, organize and staff, direct and lead, and monitor and control.
These skills include communication skills and interpersonal skills required to support the manager’s
interactions with top management, users, steering committees and suppliers of information system
services, both internal employees and external contractors. In contrast with general communication
and interpersonal skill requirements, these skills must be developed in an IT context.
99. The level of competence required is the ability to manage information systems professionally,
adhering to sound business practices and applicable statutes, standards and guidelines.
The DESIGNER Role

100. At the postqualification stage, professional accountants designing of information systems will be
involved in a variety of specific information technologies. Nevertheless, there are general
knowledge and skill requirements that are common to all accountants employed as designers of
business systems. Appendix 5 to this Guideline addresses the topics relevant to this role.
Appendix 5.
Theoretical Content
102. At the postqualification level, professional accountants serving in a design capacity must know
about alternative system design approaches and techniques, their strengths and weaknesses and their
suitability in a specific context. Also, professional accountants serving in this domain must have a
broad familiarity with the major system architectures in use and related hardware and software
systems, their strengths and weaknesses, and effective management and internal control practices. In
addition, they must have detailed knowledge of relevant codified standards, guidelines and preferred
system development methods.
103. The level of knowledge required is that necessary to effectively apply, or advise on the application
of, appropriate techniques in the development of specific business systems.
Practical Content
104. At the postqualification stage, professional accountants serving in a design capacity must have
significant practical exposure to some of the important techniques used in key phases of system
design, such as preparation of a feasibility study, information requirements elicitation and
documentation techniques, data file design and documentation techniques, and document, screen
and report design techniques.
26
105. The level of competence required is the ability to apply, or advise on the application of, appropriate
system techniques, particularly internal controls, in the development of specific business systems
without supervision.
The EVALUATOR Role

106. At the postqualification stage, professional accountants who are evaluators of IT will be involved in
the specific evaluations conducted in their work domain. Nevertheless, there are general knowledge
and skill requirements that are common to all accountants employed as evaluators of information
systems. Appendix 6 to this Guideline addresses the topics relevant to this role.
Appendix 6.
Theoretical Content
108. At the postqualification stage, in their evaluator role, professional accountants must be able to
distinguish between information systems evaluation issues and approaches that are appropriate for
addressing specific evaluation purposes relevant in their work domain. In this regard, a professional
accountant must have detailed knowledge of the steps involved in applying a particular evaluation
approach in an IT context, relevant standards and practices governing the conduct of a particular
evaluation approach and the potential contribution that a particular evaluation could make in a
specific context.
109. The level of knowledge required is that necessary to effectively apply the practical skills required to
evaluate an information system.
Practical Content
110. At the postqualification stage, the professional accountant must be able to tailor standard evaluation
approaches to specific contexts and to offer practical recommendations for information system
improvement where appropriate. In addition, the accountant must be able to apply relevant IT tools
and techniques when conducting the evaluation process.
111. The level of competence required is the ability to plan, execute and communicate the results of an
evaluation approach in an IT context without supervision, while meeting relevant professional
standards governing the particular evaluation objective.
27
28
Appendices
Core IT Knowledge and Competency Areas for Professional Accountants by Role
This section contains the following appendices:
General Information Technology Knowledge Requirements................................................................... 1
Information Technology Controls Knowledge Requirements.................................................................2a
Information Technology Control Competencies .................................................................................... 2b
Competencies for the Professional Accountant as a User of Information Technology ........................... 3
Competencies for the Professional Accountant as a Manager of Information Systems .......................... 4
Competencies for the Professional Accountant as a Designer of Business Systems .............................. 5
Competencies for the Professional Accountant as an Evaluator of Information Systems ...................... 6
These appendices should be read in conjunction with this Guideline. They define broad areas of
competence that should be covered in the IT curriculum and training of professional accountants, organized
by role.
The General IT and IT Control Knowledge Requirements set out in this Guideline specify that, prior to
qualification, all professional accountants must have at least a general level of knowledge of each of the
content areas identified above. For greater clarity, this appendix lists the key topics within these content
areas under three columns headed: “Broad knowledge/skill area,” “Main topic coverage” and
“Illustrative sub-topics.”
A general level of knowledge requires professional accountants to understand the meaning of the topics
listed under the column headed “Main topic coverage” and their importance in the context of business
systems. The topics listed under “Illustrative sub-topics” are provided to clarify the coverage expected for
each topic; however, detailed knowledge of every sub-topic listed is not required as part of the General IT
Education Requirements.
In addition to the general level of knowledge required as part of the General IT Knowledge and IT Control
Knowledge Requirements, this Guideline requires that, prior to qualification, all professional accountants
acquire IT control competencies and other competencies associated with their role as users of IT and at
least one of the roles of designer, manager and evaluator, depending on their anticipated work domain upon
qualification. This appendix contains specific sections dealing with each of these roles. The required level
of competence in these sections goes beyond general knowledge and comprehension of the topics listed,
and requires an ability to apply the knowledge represented by the competency in an appropriate client or
employer setting with limited supervision. The competencies identified presume that professional
accountants who possess the competencies identified herein also possess the related knowledge required by
the competency. Thus, except for the IT control area, no separate knowledge areas are defined for the
competency areas.
Appendices
29
General Information Technology Knowledge Requirements
Broad knowledge/skill area Main topic coverage Illustrative sub-topics
General systems concepts Nature and types of systems General systems theory, system objectives
Open/closed systems
Well/ill structured
Formal/informal
Operational/tactical/strategic
Transaction processing vs. DSS vs. EIS
vs. AI
System architectures (components and Sub-systems, networks, distributed

relationships) systems, mobile
Hardware and facilities
Networks, telecommunication systems,
electronic data transfer
Software: system software, application
software, utilities
Application development environment
Data organization and access methods
Files, tables, data bases, data base
management systems
Protocols, standards, enabling
technologies
IT professionals and career paths in IT
organizations
Specification, design, re-engineering Systems development life cycle

of information systems (waterfall, spiral)
System acquisition/development phases,
tasks
Project management
Control and feedback in systems Objectives, measures, monitoring,

feedback and follow-up
Nature and types of information Routine, exception, ad hoc, predictive

Quantitative, qualitative
Transaction documents, screens, reports,
messages, etc.
Data vs. information vs. knowledge
Attributes of information Quality, relevance, reliability, cost:

timeliness, currency, frequency,
completeness, accuracy, level of
aggregation, etc
Decision value, competitive advantage
Appendix 1 to IEG 11
30
General systems concepts Role of information within business Users: internal, external
(cont'd) Monitoring, problem finding, action,
decision support, etc.
Decision theory
Human information processing
Communication of information
Reporting concepts and systems
Transaction processing system (TPS)
Process transactions, maintain master
files, produce reports, process inquiries,
support planning and control, etc.
Knowledge management systems (KMS)
Management information system (MIS)
Decision support system (DSS)
Executive information system (EIS)
Expert system (ES), neural network (NN)
IT strategy Strategic considerations in IT Planning of information systems

development based on business success
factors/criteria
Position of the entity within its
industry/sector
Alignment/integration with business
objectives/ success factors
Risks: economic, technical, operational,
behavioral
Components of long range plans
Operational dynamics that influence the
entity’s business/programs
E-Business models Business to Consumer (B2C)

Business to Business (B2B)
Business to Employee (B2E)
Consumer to Consumer (C2C)
Government to Citizen (G2C)
31
IT professionals and career Job functions, organization, reporting IT manager

paths in IT organizations relationships of the IT department Business analyst
Systems analyst
Programmers
Operations manager and staff
Data base administrator/data administrator
Security officer
Network controller
Librarian
Webmaster, web designer
Quality assurance
Recruiting/developing IT human
resources
Management of IT Management of computer operations Developing operational priorities

Compatibility of components
Planning IT capacity
Impact of IT on procedures
Data/information architecture
IT infrastructure (hardware, facilities,
networks)
Software (systems, applications, utilities)
Performance measurement (productivity,
service quality)
Management of inter-organizational Collaborative computing

computing Distributed systems
EDI and electronic commerce
Outsourced services (ISPs, ASPs, etc.)
Management of end-user computing Technology diffusion

Information center, help desk
End-user system security
Support for end-user applications
Financial analysis and control Capital budget

Time/expense tracking
Cost chargeout / monitoring
Accounting for system costs
32
Management of IT (cont'd) IT control objectives Effectiveness, efficiency, economy of

operations
Reliability of financial reporting
Effectiveness of controls (design,
operation)
IT asset safeguarding
Compliance with applicable laws and
regulations
System reliability
Availability and continuity (back-up,
recovery)
Access controls (physical, logical)
Privacy, confidentiality
Processing integrity (completeness,
accuracy, timeliness, authorization)
Data integrity
System acquisition/ development System acquisition/development Investigation and feasibility study

process and implementation life cycle phases, Requirements analysis and initial design
tasks and practices Detailed design specification/
documentation
System installation/ implementation
Quality assurance
Post-implementation review
System maintenance and change Maintenance of hardware and software

Systems documentation and operations
manuals
Personnel training and development
33
Hardware and facilities Components of a computer Micro/workstation/mini/mainframe/super

configuration computer hardware
Stand alone or multi-user/network
Multi-processor vs. single processor
Processing units Central processing unit (CPU), server,

main memory, etc.
Buslines, cables, integrated circuit cards,
micro-code, registers, instruction sets, etc.
Input/output devices, processing Keyboard, mouse, text recognition, voice

speeds, etc. recognition, smart card, pen, display, tape,
disk, scanner, printer etc.
Control units, buffers, channels, etc.
Physical storage devices Data representation by computer, data

compression
Tape, disk, compact disk read only
memory (CD-ROM),
write once read many (WORM),
computer output microfilm (COM)
Communication devices Modem, switch, concentrator, bridge,
router, monitor, etc.
Networks, and electronic data Network components, configurations Local area networks/wide area networks
transfer and designs Wireless/mobile systems
Distributed processing networks
Data transmission options, carrier
services, etc.
Internet protocols
Packet switching
Transmission Control Protocol/Internet
Protocol (TCP/IP)
Uniform Resource Locator (URL)
Domain Name Server (DNS)
File Transfer Protocol (FTP)
Hypertext Transfer Protocol (HTTP)
Internet Relay Chat Protocol (IRC)
34
Networks, and electronic data Internet/intranet/extranet applications Mail, file transfer, web browser, chat,
transfer newsgroup
Electronic commerce, knowledge
management
Telnet
Data communication and Modem, switch, concentrator, bridge,

transmission devices/software router, terminal monitor, etc.
Message and document Electronic data interchange (EDI), point

communication of sale (POS),
electronic funds transfer system
(EFTS), e-mail, etc.
XML, XBRL
Software Components of a software Distinction between system and

configuration application software
Workflow managers, middleware and
other utilities
Micro/workstation/mini/mainframe/super
computer
software designs
Open/proprietary systems
Operating systems Graphical user interfaces

Network, client/server, etc.
Single user vs. multi-user
Process management
Memory and file system management
Communications systems Terminal monitor, etc.
Security software Access control software

Anti-virus software
Utility software Text editor, directory manager, file

backup/recovery,
file compression, etc.
Performance monitoring software,
scheduling software, etc.
35
Software (Cont’d) Programming languages/compilers Program controls structures

Program specification, verification and
validation
Procedural vs. non-procedural
programming languages
Machine code/assembly/procedural/4th
generation languages
Language evaluation and selection
approaches
Object-oriented languages, multimedia
authoring systems, etc.
Programming aids, interactive Program generators/computer assisted

programming software software engineering (CASE)
Programmer workbench tools
Methods of program design and
development
Testing and documentation
Library management systems Version control, migration, etc.
Data management systems Tape/disk management systems

Hardcopy/microfiche/optical imaging
On-line, archival
Report generators and data retrieval
software
Data base management system
General application software Distinction from system software

Competitive advantage
Piecemeal vs. organization-wide
development/integration
Package vs. custom software
Distributed vs. centralized processing
End-user computing
Internet/intranet/extranet applications
36
Software (Cont’d) E-business enabling software Supply chain management (SCM)

Enterprise resource planning (ERP)
Sales force automation (SFA)
Customer relationship management
(CRM)
Electronic commerce systems
Brochure, catalog, order entry, payment
processing, fulfillment
Knowledge management systems
Knowledge creation, capture, sharing,
maintenance
Software for professional use Accounting package

Professional research tools
Presentation software
Internet tools: e-mail, web browser, FTP
Word processor
Spreadsheet
Data base management system
Data organization and access Data structures and file organization Data coding: characters, records, files,
methods multi-media
Precision of data
File/record design
Access methods and file maintenance Sequential access

Direct access (random access)
Indexed sequential access
Relational
Types of data files Master/transactions/tables

Array, list, stack, queue, tree, index
Data base management systems Data storage, access, and sharing

(features, functions, architectures) Design principles-
characters/fields/records
Data base administration
Conceptual data modeling
Defining/ documenting data base
requirements
File layout/ schema/ data dictionary
Model data bases, distributed systems
Document management Capture, index, store, retrieve,

display/print
Computer output microfilm (COM),
microfiche, optical imaging systems
37
Data organization and access Data base management systems Data storage, access, and sharing
methods (Cont’d) (features, functions, architectures) Design principles-
characters/fields/records
Data base administration
Conceptual data modeling
Defining/ documenting data base
requirements
File layout/ schema/ data dictionary
Model data bases, distributed systems
Document management Capture, index, store, retrieve,

display/print
Computer output microfilm (COM),
microfiche, optical
imaging systems
Transaction processing in General application processing Data entry

typical business and accounting phases Edit
applications Master file update
Reporting, accounting, control,
management
Query, audit trail, ad hoc report
Processing modes Batch-oriented processing

Transaction-oriented processing
On-line processing
Real-time processing
Distributed processing
Multi-programming, multi-tasking and
multi- processing
Business documents, accounting Revenue/receivables/receipts

records, data bases, Purchases/payables/payments
control/management reports Inventories/cost of sales
Materials requirements planning and
control/costing
Production planning & scheduling;
tracking, monitoring & control; quality
management;
computer integrated manufacturing
(CIM)/
computer assisted design (CAD)/
computer assisted manufacturing
(CAM)
Payroll and personnel
Fixed assets
Treasury/Administration
General ledger/budgeting/ information
systems
38
Information Technology Control Knowledge Requirements
Control frameworks Risks and exposures in computer- Error, fraud, vandalism/abuse, business
based information systems interruption, competitive disadvantage,
excessive cost, deficient revenues,
statutory sanctions, social costs, etc.
Effect of IT audit on organization,
controls
Economic, technical, operational,
behavioral considerations
Cost/benefit
IT control frameworks COBIT, ITCG, SysTrust, WebTrust,

OECD, BS7799, etc
Control objectives Effectiveness, efficiency, economy of Cost effectiveness of control procedures

operations
Reliability of financial reporting Relevance, reliability,

comparability/consistency
Effectiveness of controls (design, At a point in time; during a period of time

operation)
IT asset safeguarding Evaluation of facilities management and

IT asset safeguarding
Compliance with applicable laws and Prevention/detection of fraud, error and

regulations illegal acts
Privacy, confidentiality, copyright issues
System reliability Availability and continuity (back-up,

recovery)
Access controls (physical, logical)
Processing integrity (completeness,
accuracy, timeliness, authorization)
Data integrity Completeness, accuracy, currency

/timeliness, consistency/ comparability,
authorization, auditability
Input/output; reception/distribution
controls
Appendix 2a to IEG 11
39
Layers of control Societal Attitudes, laws and regulations

Organizational environment Board level, management level, IT
Technology infrastructure administrative/operational level
Software Hardware, facilities, network
Business process System, application
User department, individual user
Responsibility for control Roles and responsibilities of key Board, top management
parties IT management and IT personnel
User departments, individuals
Auditors
Control environment External regulatory controls Record keeping, privacy, copyright,

taxation, etc.
Board/audit committee governance Regulatory compliance, fiduciary

obligations, IT governance, system
reliability
Management philosophy and Integrity and ethical values, commitment

operating style to competence
Plan/structure of organization Leadership for IT organization,

organization of IT function, segregation
of incompatible IT and user functions,
partnerships with other organizations
Methods to communicate the Business practices, codes of conduct,

assignment of authority and documentation of systems, operations,
responsibility user responsibilities, reporting
relationships
Management control methods Strategic planning, business system/IT

integration planning, budgeting,
performance measurement, monitoring
compliance with policies
Human resource policies and Hiring, training, evaluation, compensation

practices of IT personnel, career paths
Financial policies and practices Budgeting process; Cost chargeout

methods;
40
Control over system System acquisition/development Systems development life cycle

acquisition/development methodology (waterfall, spiral)
System acquisition/development phases,
tasks
Acquisition/development standards,
methods and controls
Documentation requirements
Main risks and reasons for failure of
computer projects
Economic, technical, operational,
behavioral
Effect of new development techniques
and management theories on formal
systems development life cycle
Controls over investigation and Analysis of existing systems; business

feasibility study process integration; business process re-
engineering
Scope of proposed system and
information needs,
technology options
Nature and size of business
Cost/benefit analysis
Statement of application requirements
Feasibility analysis
Controls over determination of user Structured analysis and design

requirements, initial design methodologies
User requirement
elicitation/documentation methodologies
Questionnaires, interviews, document
analysis, observation
Volumes and system sizing
Incorporating controls within systems
Design of data bases/files/records/
forms/screen layouts
Process design, data organization,
software requirements
Infrastructure requirements (hardware,
facilities, network)
Controls (availability, security/privacy,
integrity, maintainability)
Documentation
Data flow diagrams; entity-relationship
model, etc.
Decision tables and decision trees
Computer aided software engineering
(CASE) tools
Object methods
41
Control over system Controls over system design, Developed/acquired systems

acquisition/development selection, acquisition/development Selection of vendor/ supplier/ service
(cont’d) provider
Selection of hardware, facilities, networks
Selection of software packages
Programming languages/compilers;
Programming aids
Structured, event driven, object-
oriented approaches
System and data base integration
Contracting/leasing/licensing
considerations;
service level agreements
Screen and report design; data base/file
design
Statement of technical requirements
Documentation and operations manuals
Controls over system Install/deploy system components

implementation, including testing, User/operator procedures and controls
training, data conversion and quality Recruit/train personnel
assurance User involvement; audit trail; transaction
flows
Computerized controls; benchmarking;
test data
Acceptance testing methodologies
System conversion/changeover
methodologies
Pilot, parallel running and going live
File transfer/conversion/creation
User training methods
Quality assurance/pre-implementation
review
Post-implementation review
Achievements and failures; assessment
of benefits/costs
Impact on users, management and staff
42
Control over system Control over system maintenance Maintenance standards and controls
acquisition/development (cont’d) and program changes Infrastructure
Software
Personnel competencies
Information architecture
Business processes
Authorization controls
Documentation standards and controls
Version management
Implementation controls
Custody; change authorization
Migration planning
Emergency change controls
Testing and quality assurance
Project management/ planning/control Project phases, tasks and controls

methods and standards Project characteristics and risks
Project staffing
Project scheduling
Expense budget
Documentation requirements
Risk assessment Risk categories Economic, technical, operational,

behavioral
Main reasons for failure of computer
projects
Error, fraud, vandalism/abuse, business
interruption, competitive disadvantage,
excessive cost, deficient revenues,
statutory sanctions, social costs, etc.
Probability of loss Quantitative/qualitative
Consequences Monetary, non-monetary

Balancing costs of controls vs. costs of
unmitigated risks
43
Control activities Control design Objectives, framework, environment,

activities, monitoring
Legal, ethical, professional
standards/requirements
Preventive/detective/corrective strategies
Effect of control environment (personnel
management methods)
Preventive application controls
Detective application controls
Contingency plans, insurance
Control procedures Authorization

Separation of incompatible functions
(organizational design, user
identification, data classification,
user/function/data authorization matrix,
user authentication)
Adequate documents and records
Asset safeguards; limitation of access to
assets
Independent checks on performance;
verification of accounting records,
comparison of accounting records with
assets
Computer-dependent controls (edit,
validation, etc.)
User controls (control balancing, manual
follow-up, etc.)
Audit trails
Error
identification/investigation/correction/trac
king
Control over data integrity, privacy Understanding of data protection

and security legislation
Consideration of personnel issues and
confidentiality
Classification of information
Access management controls
Physical design and access controls
Logical access controls (user
authorization matrix)
Network security (encryption, firewalls)
Program security techniques
Data security techniques
Monitoring and surveillance techniques
44
Control activities Availability/continuity Threat and risk management

(cont’d) of processing, disaster recovery Software and data backup techniques
planning and control (problems of on-line systems, etc.)
Alternate processing facility arrangements
Disaster recovery procedural plan,
documentation
Integration with business continuity plans
Periodic tests of recovery procedures
Insurance
IS processing/operations Planning and scheduling; service levels;

risks
Standards
Infrastructure (hardware, facilities,
networks)
Software
Human resources (skill sets and staffing
levels)
Business processes
Performance monitoring
Costs/benefits (quantitative and
Qualitative impact on management,
jobs and office procedures)
Business drivers that impact IT (e.g.,
scalability, right-sizing
flexibility of changes in technology
or business, speed to market, cross-
platform capability)
Control over productivity and service
quality
Software/data library management
Input/output distribution and control
Security and back up and recovery
Information and communication Information processing system People, procedures, data, software,
infrastructure
Key processes
Identification and recording of all valid
transactions
Proper/timely classification of
transactions
Appropriate measurement/valuation
Appropriate timing/cut-off
Appropriate presentation
45
Information and communication Communication of authority/ Business practices, codes of conduct,

(Cont’d) responsibilities policy manuals, memos, etc.
Documentation of systems, operations,
user responsibilities,
Reporting relationships
Training, supervision
Monitoring of control compliance Roles of management users, auditors Internal monitoring processes
(internal, external) Performance review processes
External monitoring processes
Processes for addressing non-compliance
Computer-assisted audit techniques System analysis and documentation

(e.g., flowcharting packages, review of
program logic, etc.)
System/program testing
(e.g., test data, integrated test facility,
parallel simulation, etc.)
Data integrity testing
(e.g., generalized audit software,
utilities, custom programs,
sampling routines, etc.)
Problem solving aids (e.g., spreadsheet,
database, on-line data bases, etc.)
Administrative aids
(e.g., word processing, audit program
generations, work paper generators,
etc.)
46
IT Control Competencies
Units Elements
Select suitable Identify relevant IT control framework to apply to the analysis and evaluation of internal
control criteria control
to analyze and Identify relevant IT control objectives to apply to the analysis and evaluation of internal control
evaluate Identify relevant layers of control to be included in the analysis and evaluation
controls Identify areas of responsibility for identified control objectives
Evaluate control Analyze and evaluate effectiveness of board of directors or audit committee participation
environment Analyze and evaluate effectiveness of management philosophy and operating style
Analyze and evaluate the effectiveness of organizational structures
Analyze and evaluate the effectiveness of assignment of authority and responsibility;
management control methods
Analyze and evaluate the effectiveness of human resource policies and practices
Analyze and evaluate the effectiveness of financial policies and practices
Evaluate system Analyze and evaluate effectiveness of systems acquisition/development methodology, including
acquisition/ make/buy criteria
development Analyze and evaluate effectiveness of standards for systems development project management
process and and control
controls Analyze and evaluate compliance with standards for system investigation and feasibility study
Analyze and evaluate compliance with standards for determination of user requirements and
initial system design
Analyze and evaluate compliance with standards for system design, selection,
acquisition/development
Analyze and evaluate compliance with standards for system implementation, including system
testing, training, data conversion and quality assurance
Analyze and evaluate compliance with standards for system maintenance and program changes
Evaluate risk Analyze and evaluate process for identifying the entity's exposures to risks
assessment Analyze and evaluate process for estimating probability of loss
processes and Analyze and evaluate process for estimating monetary and non-monetary consequences
activities Analyze and evaluate process for developing cost-effective preventive/detective/corrective
strategies to address risk
Appendix 2b to IEG 11
47
Evaluate system Analyze and evaluate effectiveness of entity's information processing activities in support of
processing organizational objectives
operations and Analyze and evaluate effectiveness of information processing control procedures
controls Analyze and evaluate effectiveness of controls over data integrity, privacy and security
Analyze and evaluate effectiveness of segregation of incompatible functions
Analyze and evaluate effectiveness of continuity of processing/ disaster recovery planning and
control
Analyze and evaluate effectiveness of controls over integrity of system processing
Evaluate Analyze and evaluate internal monitoring processes, including their effectiveness in leading to
monitoring changes in controls or control environment
processes and Analyze and evaluate performance review process
activities Analyze and evaluate external monitoring processes
Analyze and evaluate process for addressing non-compliance or deterioration in compliance
identified by monitoring activities of management, users, internal auditors, external auditors
Apply appropriate computer-assisted audit techniques to analyze and evaluate monitoring

processes and activities.
Appendix 2b to IEG 11
48
User Role Competencies
Units Elements
Apply Apply operating system (Dos, Windows, Other)
appropriate IT Apply word processing software in a relevant accounting/business context
systems/tools to Apply spreadsheet software in a relevant accounting/business context
business/ Apply database software in a relevant accounting/business context
accounting Apply Internet tools (E-mail, Web Browser, FTP, Other) software in a relevant
problems accounting/business context
Apply professional research tools in a relevant accounting/business context
(See Note 1) Apply business presentation software in a relevant accounting/business context
Apply anti-virus and other security software in a relevant accounting/business context
Apply utility software and other relevant software in a relevant accounting/business context
Demonstrate Demonstrate understanding of accounting packages

understanding Demonstrate understanding of e-business systems (ERP, CRM, and other business automation
of business and systems)
accounting Demonstrate understanding of networks (LAN)
systems Demonstrate understanding of electronic commerce features (B2C and B2B models, encryption
tools, digital signatures/certificates, key management)
Apply controls Ensure processing integrity of IT resources

to personal Ensure security and safeguarding of IT resources
system Ensure availability/continuity provisions (back-up and recovery) for IT resources
Define and fill Identify requirements (hardware, software, network, data, supplies, assistants, controls, other)
personal system Document requirements
requirements Evaluate and select products and suppliers
Contract for products, services and supplies
(See Note 2) Test and decide on acceptability
Implement
Maintain/update/ manage change for IT resources
Note 1: A relevant accounting business context includes tasks such as:
• Gather, organize, summarize, interpret data • Evaluate performance

• Evaluate and choose alternative courses of • Plan, schedule and monitor activities
action • Direct allocation of resources
• Document observations and decisions • Communicate with others
• Devise strategies and tactics
Note 2: This is subject to deletion, depending on additional feedback.
49
Manager Role Competencies
Units Elements
Manage entity’s Participate in strategic planning (via membership on steering committee)
IT strategy Develop an IT strategic plan to support the entity’s business plan
Align/integrate information systems with entity’s business/program objectives and success
factors
Translate strategic business/program objectives into operating principles for IT planning
Facilitate business process re-engineering through the use of IT
Manage IT Define job functions and responsibilities of the IT department

organization Define organization chart/reporting relationships of the IT department
Define and implement process for recruiting, staffing, personnel development and performance
evaluation
Manage IT Measure, analyze and evaluate consistency and compatibility of system components
operations Analyze, evaluate and plan IT capacity
effectiveness Analyze and evaluate impact of IT on management, jobs and office procedures
and efficiency Develop/maintain data/information architecture
Develop/maintain responsive IT infrastructure (hardware, facilities, communication networks)
Develop/maintain software (systems, applications, utilities)
Plan and schedule system operations priorities and allocate resources
Measure, analyze and evaluate IS effectiveness and productivity
Measure, analyze and evaluate IT function performance, productivity and service quality,
quality assurance processes, continuous improvement
Manage inter- Manage collaborative computing systems

organizational Manage distributed systems
computing Manage EDI and other electronic commerce services
Manage outsourced services (ISPs, ASPs, etc.)
Manage end- Manage technology diffusion

user computing Implement and manage information center, help desk
Ensure security of end-user computing
Support user-developed systems
Maintain Develop capital budget

financial control Account for system costs
over IT Implement systems for tracking costs
Monitor expenses
Manage IT Implement physical and logical safeguards for hardware, facilities, software and information
controls Implement system availability and continuity (back-up/recovery, disaster planning) controls
Implement access controls (physical, logical/electronic)
Implement privacy and confidentiality controls
Implement input/output reception/distribution control
Implement processing integrity controls
50
Manage system Identify and evaluate appropriate development/ acquisition alternatives such as in-house/
acquisition, bureau/ outsourcing
development Implement and monitor system acquisition/ development and implementation standards
and Determine and provide system project staffing requirements and budgets
implementation Implement project management processes to manage and monitor system projects
Use appropriate methodologies to identify, analyze, evaluate and select appropriate supplier(s)
and system(s)
Manage expectations by communicating system acquisition/development plans and status to
users, top management/steering committee
Manage system Implement and monitor standards and controls applicable to IS maintenance activities
maintenance Implement and monitor version management
and change Manage custody of systems, change authorization
Implement and monitor process for migrating systems from legacy to state of the art
Implement and monitor emergency change controls
Implement and monitor testing and quality assurance for all system changes
51
Designer Role Competencies
Units Elements
Analyze and Facilitate the development of the entity’s strategic vision for IT
evaluate role of Analyze and evaluate the business impact of entity’s strategic vision for IT on the entity, its
information in customers, suppliers and employees
the entity’s Facilitate communication between users, technologists and management
business Analyze, evaluate and design role of data bases and data base management systems including
processes and knowledge management systems, data warehouses
organization Analyze, evaluate and design entity’s business processes: transaction processing in business and
accounting applications
Analyze, evaluate and design entity’s system development life cycle (SDLC) phases, tasks
Analyze and evaluate system risks
Analyze, evaluate and design controls
Apply project Analyze and evaluate project characteristics and risks

management Organize project into phases and tasks corresponding to relevant stages of the systems
methods development life cycle
Identify appropriate staff and other resources and assign to project phases and tasks
Assign time, expense and other resource budgets to project phases and tasks
Apply appropriate standards and controls to the project phases and tasks
Identify required project documentation and assign responsibility for its preparation
Monitor project activities for compliance with budgets, standards, controls and documentation
requirements and take corrective action when required
Apply system Perform system investigation

investigation, Identify business process integration/re-engineering opportunities
project initiation Research relevant technology options
methods Prepare feasibility study and evaluate project risks
Apply user Apply information requirements elicitation methods

requirements Document information requirements
determination Facilitate communication of information requirements between team members, users,
and initial management
design methods Analyze requirements and perform initial design
52
Apply detailed Prepare and document detailed design specifications
system design, Evaluate and acquire infrastructure
acquisition/ Evaluate and acquire/develop required system, application and utility software
development Select suppliers and service providers
methods Prepare hardware contracts, facilities leases, software licenses, network service level
agreements
Prepare documentation and operations manuals
Apply system Install/deploy system components

implementation Develop user/operator procedures and recruit, train personnel
methods Develop user/operator control procedures and train
Test (verify and validate) system
Convert system, balance pre-post data, and start-up
Perform post-implementation review
Apply system Maintain infrastructure

maintenance Maintain software; control versions
and change Test all system changes
management Maintain personnel competencies through hiring, training
methods Maintain IT standards and controls
Maintain information architecture
Maintain business processes
53
Evaluator/Auditor Role Competencies
Units Elements
Plan system Identify IT assurance service requirement or opportunity
evaluation Analyze/evaluate and advise on entity's IT assurance needs based on legal, ethical, professional
standards and other requirements and best practices.
Identify nature of particular IT assurance engagement or project and standards and other
requirements governing the engagement.
Analyze and evaluate and decide whether to accept the IT assurance engagement or project
Define the scope of the IT assurance engagement or project
Identify, analyze and evaluate risk factors and business issues affecting the IT assurance
engagement or project and their implications
Define precision requirements (level/frequency of system errors, flaws and failures that are
deemed significant/material)
Design effective and efficient procedures including CAATs to comply with professional
standards and meet engagement objectives.
Assign and schedule staff with appropriate IT skills, including IT specialist personnel, to
perform the IT assurance engagement or project
Evaluate system Collaborate with colleagues, client and others, including IT specialist personnel
Perform planned procedures, including CAATs, exercising required controls over their
execution.
Adjust program for changes in circumstances
Document procedures
Analyze and evaluate evidence/results of procedures
Perform supervision, review and quality assurance procedures
Communicate Prepare appropriate type of communication, including verbal communication, "seal" or printed
results of report
evaluations and Present communication verbally, electronically or in printed format to client or other intended
follow up recipients
Update communication as frequently as required (e.g., refresh the "seal" or report posted on a
web site)
Follow up as required
Appendix 6 of IEG 11
54

Information Technology For Professional 2001

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Information Technology For Professional 2001

Diunggah oleh

Hak Cipta:

Format Tersedia

Issued September 2001

Information Technology for

Issued for Comment

INFORMATION TECHNOLOGY FOR PROFESSIONAL ACCOUNTANTS

OUTLINE ................................................................................................................................................ 11-34

PREQUALIFICATION IT KNOWLEDGE AND COMPETENCY

POSTQUALIFICATION IT KNOWLEDGE AND COMPETENCY REQUIREMENTS .......... 81-111

APPENDICES - CORE IT KNOWLEDGE AND COMPETENCY AREAS FOR PROFESSIONAL

I. International Education Standards, Guidelines, and Papers

This pronouncement is an Exposure Draft for a revised International Education Guideline.

II. Purpose of the Guideline

Warren Allen, Chair, New Zealand

Prequalification and Postqualification

Importance of Practical Experience

Continuing Professional Education

Prequalification Tests of Professional Competence

Postqualification Tests of Professional Competence

General Information Technology Knowledge Requirements

IEG-11 Prequalification IT Knowledge and Competency Requirements

Information Technology Controls Competency Requirements

Course Requirements for General and IT Controls Knowledge and Competencies

IEG-11 Prequalification IT Knowledge and Competency Requirements

USER Role Competency Requirements

IEG-11 Prequalification IT Knowledge and Competency Requirements

MANAGER Role Competency Requirements

IEG-11 Prequalification IT Knowledge and Competency Requirements

DESIGNER Role Competency Requirements

IEG-11 Prequalification IT Knowledge and Competency Requirements

EVALUATOR Role Competency Requirements

IEG-11 Prequalification IT Knowledge and Competency Requirements

Prequalification Concentration in Accounting and Information Systems

IEG-11 Prequalification IT Knowledge and Competency Requirements

Continuing Professional Education

IEG-11 Postqualification IT Knowledge and Skill Requirements

The USER Role

The MANAGER Role

IEG-11 Postqualification IT Knowledge and Skill Requirements

The DESIGNER Role

IEG-11 Postqualification IT Knowledge and Skill Requirements

The EVALUATOR Role

Broad knowledge/skill area Main topic coverage Illustrative sub-topics

System architectures (components and Sub-systems, networks, distributed

Specification, design, re-engineering Systems development life cycle

Control and feedback in systems Objectives, measures, monitoring,

Nature and types of information Routine, exception, ad hoc, predictive

Attributes of information Quality, relevance, reliability, cost:

IT strategy Strategic considerations in IT Planning of information systems

E-Business models Business to Consumer (B2C)

IT professionals and career Job functions, organization, reporting IT manager

Management of IT Management of computer operations Developing operational priorities

Management of inter-organizational Collaborative computing

Management of end-user computing Technology diffusion

Financial analysis and control Capital budget

Management of IT (cont'd) IT control objectives Effectiveness, efficiency, economy of

System acquisition/ development System acquisition/development Investigation and feasibility study

System maintenance and change Maintenance of hardware and software

Hardware and facilities Components of a computer Micro/workstation/mini/mainframe/super

Processing units Central processing unit (CPU), server,

Input/output devices, processing Keyboard, mouse, text recognition, voice

Physical storage devices Data representation by computer, data

Data communication and Modem, switch, concentrator, bridge,

Message and document Electronic data interchange (EDI), point

Software Components of a software Distinction between system and