IFAC
Exposure Draft IEG-11
Education Response Due Date December 31, 2001
Committee
by the International
Federation of
Accountants
Invitation to Comment
This Exposure Draft was approved for publication in August 2001 by the Education Committee.
The mission of IFAC is the worldwide development and enhancement of an accountancy profession with
harmonized standards, able to provide services of consistently high quality in the public interest.
The Education Committee welcomes any comments you may have on this Exposure Draft. Comments
should be submitted in writing so as to be received by December 31, 2001. Comments sent by e-mail are
preferred but they may also be submitted on a computer disk or in writing. Comments are considered a
matter of public record. Any comments received on this booklet will be reviewed by the Education
Committee and may influence its final publication. Comments should be sent to:
Technical Director
International Federation of Accountants
535 Fifth Avenue, 26th Floor
New York, NY 10017 USA
Fax: (212) 856-9420
Web site: http://www.ifac.org/Committees/Education
E-mail responses should be sent to: EDComments@ifac.org
The Committee intends to carry out further consultation over the forthcoming months with employers and
other interested parties through focus groups and targeted interviews regarding the competencies identified
in Appendices 2b – 6. The further consultation is to assist the Committee to identify examples of work
experience candidates might gain to meet the competencies to develop guidance on the evidence member
bodies and employers might seek to determine whether the candidate has met the competencies. The
Committee intends to release this additional guidance along with the final Guideline.
The approved text of this Exposure Draft is that published in the English language.
In order to achieve maximum exposure and feedback, IFAC encourages the reproduction of this publication
in any format.
Copyright© September 2001 by the International Federation of Accountants. All rights reserved.
2
11
FIRST ISSUED DECEMBER 1995
REVISED JUNE 1998
CONTENTS
Paragraphs
Preface
Introduction................................................................................................................................................. 1-10
Contents
3
Prequalification Concentration in Accounting and Information Systems ......................................... 79-80
Contents
4
Preface
The role of the Education Committee is to develop standards, guidelines, and other pronouncements on
prequalification education for members of the profession and on matters relating thereto, and on continuing
professional education for members of the profession and on matters relating thereto, and to promote
understanding and acceptance of such standards and guidelines.
International Education Standards prescribe generally accepted ‘good practice’ in the education of
professional accountants.
International Education Standards express the benchmarks that member bodies are expected to aim at in
the preparation and continuous development of professional accountants. They establish the essential
elements of the education process at a level that is aimed at gaining international recognition, acceptance,
and application. International Education Standards cannot override authoritative local pronouncements
but will provide an authoritative reference for informing and influencing local regulators regarding
generally accepted ‘good practice’.
International Education Guidelines promote generally accepted ‘good practice’ in the education of
professional accountants by providing advice or guidance on how to achieve ‘good practice’ or current
‘best practice’.
International Education Guidelines may interpret, illustrate, elaborate, or expand on matters within
International Education Standards. In this function, the Guidelines assist member bodies to implement and
achieve ‘good practice’ as prescribed in International Education Standards. The Guidelines may also
outline exemplary methods or practices, including those that are recognised as current ‘best practice’,
which member bodies may wish to adopt.
International Education Papers promote discussion or debate on education issues affecting the
accounting profession, present findings, or describe situations of interest relating to education issues
affecting the accounting profession.
International Education Papers may be expository in nature and thus are intended to raise discussion
within the accounting profession to a level whereby issues may be progressed or eventually resolved. As
such, the Papers may explain, examine, analyse or otherwise critically assess education issues and
practices. The aim of such Papers is to provoke consideration of the issues and encourage comment and
feedback so that the issues can be advanced. In this function, they may be useful for exposing views,
approaches, and methods that are in a relatively formative stage and may be useful precursors to
Guidelines and Standards. Alternatively, the Papers may be simply descriptive in nature. In this function,
they aim to promote awareness of, and to transfer knowledge and information on, education issues or
practices relating to the accounting profession.
This Guideline is intended to assist member bodies to prepare professional accountants to work in the
information technology environment. Society expects professional accountants to perform their roles
competently. To do so, professional accountants must demonstrate competence in the use of information
technology and computer-based information systems. This Guideline describes capabilities (i.e. the
knowledge and skills base) required in the information technology environment, as well as specific work
place competence requirements.
IEG-11 Preface
5
III. Scope of the Guideline
The Guideline’s framework begins with discussion of general information technology knowledge
requirements, followed by knowledge and competence requirements relating to information technology
controls.
The discussion then progresses to cover several roles in which professional accountants may be engaged
with respect to information technology and systems: the user, manager, designer, and evaluator roles.
The fundamental (general and control) requirements and the four role-based requirements are presented in
terms of pre-qualification requirements and post-qualification requirements, with a brief reference to post-
qualification specialization.
The above areas are addressed for the purpose of both formal education courses and on-the-job practical
experience and training.
IV. Background
The Education Committee of IFAC first issued IEG-11 in December 1995, which identified the required
capabilities (i.e. knowledge and skills) for information technology in an accounting curriculum. Since that
time, the Guideline has been reviewed each year to determine whether it required updating to remain
current. The Guideline was first revised in June 1998. The Committee’s objective for these earlier versions
was to provide guidance on the capabilities (knowledge and skill requirements) that could be incorporated
into a formal accounting education curriculum for professional accountants.
This version represents the second revision of IEG-11. The Education Committee agreed that, in addition
to presenting a revised set of capabilities, this second revision should incorporate examples of tasks that a
competent professional accountant should need to perform in the work place (i.e. units and elements of
competence). This version therefore represents the first exposure of information technology competence
requirements within IEG-11.
V. Foreword
Information technology (IT) is pervasive in the world of business. Competence with this technology is an
imperative for the professional accountant.
The input-based, capability approach for specifying qualifying requirements (as adopted in previous
versions of IEG-11) focuses initially on the knowledge, skills and professional values required to
demonstrate competence. However, the Committee has also emphasized the value of the output-based,
functional analysis approach for specifying qualifying requirements, which focuses initially on the roles,
tasks, and sub-tasks actually performed by professionals in the work place. This latter approach is favored
by many professions throughout the world and is endorsed by the Education Committee as a valid approach
for identifying the requirements of professional accountants. A discussion of how the two approaches can
be employed is presented in the Education Committee’s Discussion Paper, Competence-based Approaches
to the Preparation and Work of Professional Accountants, published May 2001.
Following from the desire to provide member bodies with guidelines from a functional analysis
perspective, this revised version of IEG-11 incorporates for the first time a range of competency units and
elements alongside the capability (knowledge and skill) requirements. In this respect, the Guideline is a
hybrid document, serving the dual purpose of providing guidance on both input-based and output-based
specifications.
IEG-11 Preface
6
Because many of the education requirements involve practical skills, they would be best met through a
combination of formal education and practical application of skills in a professional work environment.
Member bodies should apply this Guideline in a manner that best suits the education and training
environment for professional accountants in their respective countries. One simple approach would be to
view the knowledge requirements as providing guidance for a formal education curriculum and the
competency requirements (Appendices 2b – 6) as providing guidance for work place training and
experience programs. Alternatively, knowledge and skill requirements can be inferred from the
competence units and elements, and vice versa.
For the formal education component, the coverage of some of the topics identified in this Guideline could
be provided through courses specifically designed to develop IT knowledge and competencies or spread
over and integrated into courses that are not specifically identified as IT courses. For example, coverage of
some aspects of computer-based business systems could be integrated within a financial accounting course,
coverage of some aspects of management information systems could be integrated within a management
accounting course, coverage of some aspects of internal control in a computer environment could be
integrated within an auditing course, and so on.
For the formal IT education, case studies, interactions with experienced professionals, and similar
techniques should be used to enhance the presentation of subject matter and to help students develop
practical skills.
Some member bodies may wish to offer their own distance education courses, or to supplement courses at
post-secondary institutions with their own training programs or employer-provided training programs. This
might be necessary where there are not sufficient resources at post-secondary institutions to offer some
parts of the required program of studies or to supplement theoretical knowledge obtained at post-secondary
institutions with practical experience.
On-the-job training can provide valuable practical exposure to these topics. Member bodies must ensure
that pre-qualification education and experience requirements are designed to provide aspiring professional
accountants with opportunities to obtain both theoretical knowledge and practical skills in connection with
the topics identified in this guideline.
The Committee recognizes that member bodies will be adopting different approaches to education in the IT
area in the light of their own particular circumstances. Already some will have made much progress, others
less so. Recognizing that further developments in IT will not wait on the profession, the Committee advises
each member body to review the Guideline promptly and consider how it can best address its
recommendations.
The Committee is conscious of the diverse circumstances and resources of member bodies and the
significant development costs involved in the implementation of programs of education in IT. It would
remind users that this is an area wherein there is significant potential for co-operation between member
bodies and consequently avoidance of duplication of development costs.
The Committee is grateful to Dr Efrim Boritz of the University of Waterloo, Ontario, Canada for
researching and drafting this paper. The Committee also acknowledges the work of the sub-committee
appointed to oversee the project, comprising Mark Allison (Chair – United Kingdom), Shirley Reilly
(Canada), and Dato Abdul Halim Mohyiddin (Malaysia).
IEG-11 Preface
7
Members of the Education Committee are listed below:
IEG-11 Preface
8
Introduction
1. Information technology plays a vital role in supporting the activities of both profit-oriented and not-
for-profit organizations. Professional accountants, in addition to extensively using various types of
information technologies, often play important managerial, advisory and evaluative roles in
connection with the adoption and use of various information technologies by organizations of all
types and sizes.
2. The term “information technology,” or IT, as used in this Guideline, encompasses hardware and
software products, information system operations and management processes, and the human
resources and skills required to apply those products and processes to the task of information
production and information system development, management and control.
3. Society expects that professional accountants who accept an engagement or occupation have the
required level of competence to perform the work required. The accountancy profession as a whole
has the obligation to ensure that candidates for membership possess the breadth and depth of
knowledge and skill required to demonstrate competence, and the credibility of the accountancy
profession depends on its success in fulfilling this obligation. In addition, the accountancy
profession has an obligation to ensure that, after qualifying, members keep abreast of relevant
developments through continuing professional education.
4. The body of knowledge and skill required of professional accountants includes a variety of
important areas. IT is one of the core competencies of professional accountants and requires special
attention due to its explosive growth and its rapid rate of change.
5. The following IT trends are particularly noteworthy:
• wide availability of powerful yet inexpensive computer hardware, including the widespread
incorporation, through miniaturization, of powerful computing capabilities in numerous devices
designed for personal and professional use;
• wide availability of powerful, inexpensive and relatively user-friendly software with graphical
user interfaces;
• shift from custom-tailored systems to prepackaged software;
• shift from mainframes to small computers used alone or, increasingly, as part of networks
devoted to information sharing and cooperative computing with corresponding changes in the
nature, organization and location of key information system activity, such as the shift to end user
computing;
• increasing availability of computerized data for access in real or delayed time, both locally and
through remote access facilities, including via the Internet;
• new data capture and mass storage technologies leading to increasing computerization of
data/information in text, graphic, audio and video formats and emphasis on managing, presenting
and communicating information using multimedia approaches;
• convergence of information and communication technologies, affecting how people work and
shop;
• increasing use of networks to link individuals, intra-organizational units and inter-organizational
units through systems such as electronic mail (e-mail) and the Internet, including the World Wide
Web;
• increasing use of the Internet for commerce between organizations and individuals and between
organizations and other organizations through electronic commerce systems such as electronic
data interchange (EDI) and electronic funds transfer systems (EFTS);
IEG-11 Introduction
9
• mass marketing and distribution of IT products and services such as computers, prepackaged
software, on-line data retrieval services, electronic mail and financial services;
• reduction of barriers to systems use, encouraging wider penetration of information systems into
profit-oriented and not-for-profit organizations of all sizes for accounting and broader
management and strategic purposes and increasing the role of end-user computing;
• wider penetration of information technologies such as computer-assisted design and computer-
assisted manufacturing (CAD/CAM), computer imaging systems, executive information systems
(EIS) and electronic meeting systems (EMS);
• new system development techniques based around information technologies, such as computer-
assisted software engineering (CASE), object-oriented programming and workflow technologies;
• continuing development of intelligent support systems incorporating expert systems, neural
networks, intelligent agents and other problem solving aids;
• new business re-engineering approaches based on effective integration of information
technologies and business processes.
6. The growth and change that has come about as a result of these trends has created a number of
important challenges that the accountancy profession must address:
• Information technologies are affecting the way in which organizations are structured,
managed and operated. One of the most dramatic developments affecting organizations is the
fusion of business and IT strategy. Entities can no longer develop business strategy separate from
IT strategy and vice versa. Accordingly, there is a need for the integration of sound business and
information technology planning and the incorporation of effective financial and management
controls within new systems. Traditionally, professional accountants have been entrusted with the
tasks of evaluating investments in business systems, evaluating business system designs and
reporting on potential weaknesses. Increasingly, information technology deployments are
supported by extensive organizational restructuring around such technologies. To maintain both
the accountancy profession’s credibility and capability in supporting new, strategic information
technology initiatives and the public’s trust and confidence, the competence of professional
accountants in IT strategy must be preserved and enhanced.
• Information technologies are changing the nature and economics of accounting activity. The
career plans of professional accountants and related training systems must be based on a realistic
view of the changing nature of accounting, the accountancy profession’s changing role in
providing services to business, government and the community at large, and the knowledge and
skills required for future success as a professional accountant. Some IT skills, such as the ability
to use an electronic spreadsheet, are now indispensable, and professional accounting bodies must
ensure that candidates possess core IT skills before they qualify as members of those bodies. In
addition, since an increasing number of professional accountants is engaged in providing IT-
related advisory and evaluative services, it is important that professional accountancy bodies
maintain the quality and credibility of these services through both prequalification and
postqualification education requirements.
• Information technologies are changing the competitive environment in which professional
accountants participate. Information technologies are either eliminating some areas of practice
that were once the exclusive domain of professional accountants or reducing their economic
attractiveness. For example:
– Accounting and accounting system developments were once the virtually exclusive domain of
professional accountants. Today, inexpensive, easy-to-use and powerful prepackaged
accounting software is reducing the demand for those activities or enabling non-accountants to
offer those services. At the same time, there is an increasing demand for professionals with a
combination of business and IT skills to help organizations structure their systems to provide
effective and efficient support for their primary objectives and activities.
IEG-11 Introduction
10
– Tax planning and tax return preparation have traditionally represented important activities for
many professional accountants. Today, inexpensive, easy-to-use and powerful prepackaged
software is reducing the demand for tax return preparation services. The professional tax-
planning expertise that was once the exclusive domain of individual practitioners is
increasingly being embedded within these same tax packages, reducing the demand for such
services as well.
– In the past, accountants with internal and external auditing expertise were needed in great
numbers to vouch and trace documents, to perform a variety of analyses and to document audit
work. Today, the computerization of business records and the availability of computer-assisted
auditing tools means these activities can be performed faster and more thoroughly, again
reducing the demand for such activities.
7. IT changes have created many new opportunities for professional accountants in areas such as
information development and information system design, information system management and
control and information system evaluation. For example:
• Information development and information system design: Professional accountants have
traditionally produced information to enhance management decision-making. With the advent of
new information technologies and expanded sources and means of access to information,
professional accountants can help bring richer sets of information to bear on specific managerial
decisions or help screen out essential information from the potentially overwhelming proliferation
of information. One of the implications of the growth of such services is the need to expand
professional accountants’ perspectives beyond their traditional focus on accounting information
to other important types of information and performance indicators, including non-financial
information.
Information systems are increasingly viewed as a potential means to achieve competitive
advantage. Professional accountants, by virtue of their broad business backgrounds, financial
skills and objectivity, can provide valuable advisory services related to assessing investments in
strategic information technologies and advising about control systems required to meet the needs
of management and, in some cases, the requirements of legislators and regulators.
Multiple objectives exist within most information systems installations. They will invariably lead
to cost vs. quality vs. control trade-offs; i.e., information systems personnel may resist
implementing additional controls if they perceive them to detract from the ease-of-use or
efficiency of a system, since these criteria may be important in their performance evaluations.
Professional accountants can provide a valuable advisory service by bridging communications
gaps, adding a sound business perspective to the consideration of IT control issues and vice versa.
• Information system management and control: Information system management skills are not
primarily technological but, rather, include an understanding of strategic and operational business
planning and associated IT issues, the ability to perform appropriate analyses of IT investments,
an understanding of IT related benefits and risks, the ability to stimulate and manage
organizational change and the ability to communicate effectively about IT topics.
Information system management has been characterized by a communication gap between top
management or functional managers lacking IT skills and technologists lacking in business
backgrounds. Professional accountants can provide a valuable service by bridging such
communications gaps, adding a sound business perspective to the consideration of IT issues and
vice versa.
• Information system evaluation: Professional accountants have traditionally provided evaluative
services in their roles as internal and external auditors. As information technologies proliferate,
there are increasing demands for objective assessments of information system controls such as
controls over information privacy and integrity and controls over system changes.
IEG-11 Introduction
11
In addition, there are concerns about information system failure and the reliability of information
processing continuity provisions when systems do fail. Other areas of concern are the proliferation
of incompatible subsystems and inefficient use of systems resources.
8. All of the areas identified above represent important work domains in which significant numbers of
professional accountants participate. Although some of these are not the exclusive domain of
professional accountants and are not commonly associated with the accountancy profession, they all
represent important opportunities for professional accountants.
9. Professional and academic accountancy bodies throughout the world are grappling with the need to
define the body of knowledge and the competencies that their members must possess. Attempts at
defining a common body of knowledge and competencies are complicated by several important
factors. These include the facts that accountancy is a diverse profession whose members operate in
several domains, that within each of these domains professional accountants may be engaged in a
variety of roles, and that the spread of IT and related accounting services is not uniform throughout
the world.
10. Nevertheless, it is evident that IT is fundamentally changing professional accounting, whatever the
accountant’s work domain or role. Consequently, professional accountancy bodies must address
these changes through their educational processes by including coverage of important IT knowledge
and competency areas in prequalification education programs, prequalification work experience and
postqualification professional education in both general work domains and specialty areas.
IEG-11 Introduction
12
OUTLINE
Work Domains
11. The accountancy profession is a diverse profession whose members operate in several work
domains, such as:
• industry and commerce;
• public practice;
• public sector (government and other not-for-profit organizations).
12. This Guideline is intended to apply to all work domains. An organizing framework built around
roles, as discussed in the next section, is sufficiently broad to address the needs of all three of the
work domains identified above.
Roles
13. Within each of the work domains, professional accountants may be engaged in a variety of roles,
such as:
• user;
• financial manager (accountant, controller);
• designer of financial information systems (member of business system design team or task force,
producer of financial information, analyst);
• internal financial or operational auditor;
• external “advisor” (accountant, auditor, tax practitioner, consultant, insolvency practitioner).
14. Although specific needs and opportunities will vary in different environments, many aspects of IT
are common and it is possible and desirable to set out some of the broad elements of an educational
background that all professional accountants can be legitimately expected to share.
15. This Guideline establishes a framework for organizing IT-oriented education for professional
accountants and the core competency areas to be covered. This Guideline identifies the IT education
requirements for professional accountants under seven main headings:
• general IT knowledge;
• IT control knowledge;
• IT control competencies;
• the accountant as user of information technology;
• the accountant as manager of information systems;
• the accountant as designer of business systems (alone or as part of a team); and
• the accountant as evaluator of information systems.
16. While the four broad roles of user, manager, designer and evaluator are not as specific as the areas in
which many professional accountants actually work, they represent the key elements of knowledge
and competence professional accountants require and provide a useful framework for organizing an
educational approach.
IEG-11 Outline
13
17. The education requirements may be viewed as building blocks in the sense that the general IT
knowledge and IT control knowledge requirements form the foundation for the user-oriented
competency requirements. These, in turn, form a foundation for the other role-related competency
requirements. In addition, the competency requirements related to the roles of user, manager,
designer and evaluator may be viewed as building blocks for one another, in the sense that the
accountant’s design role may be enhanced by competencies developed as a user, the accountant’s
managerial role may be enhanced by competencies obtained through a combination of user and
design roles, and the accountant’s role as evaluator can be enhanced by competencies developed in
the user, designer and manager roles. Thus, an aspiring management accountant would be guided by
the portions of the Guideline dealing with general IT knowledge, IT control knowledge and IT
control competency requirements, user-oriented competency requirements and competency
requirements related to the manager role. An aspiring public accountant would be guided by the
portions of the Guideline dealing with general IT knowledge, IT control knowledge and IT control
competency requirements, user-oriented competency requirements and competency requirements
related to the evaluator role.
18. It is acknowledged that a professional accountant may operate in more than one of these roles during
a given time period and throughout his or her career. This Guideline does not, however, presume
that all professional accountants will work through these roles in a sequential fashion.
20. During the prequalification phase, the emphasis will be on broad IT competencies; in the
postqualification phase, there will be greater emphasis on specialized needs of the work domain and
role of the professional accountant.
14
23. IFAC recommends that member bodies work toward developing continuing professional education
(CPE) requirements related to IT for their members’ postqualification work domains to ensure that a
minimum level of service quality is maintained.
Specialization
24. Member bodies may wish to recognize the qualifications of members who have achieved specialist
status in a recognized domain of IT activity by granting them specialist designations or other
appropriate recognition.
Competencies
25. Competencies are the capabilities to perform professional tasks at a level defined by professional
standards. Professional activities include tasks that are both conceptual and concrete. In considering IT
competency requirements for professional accountants, it is important to emphasize the need for both
relevant conceptual knowledge of IT and practical IT skills.
26. Conceptual education generally aims at knowledge and comprehension of specified subject matter.
Practical skills include the abilities to apply conceptual knowledge, analyze, synthesize and evaluate
information. An education approach that consists solely of conceptual material will not be sufficient
for professional accountants in any work domain or for any role. It is also generally recognized that the
development of practical skills is facilitated by the prior development of knowledge and
comprehension. Thus, conceptual material must form the foundation for practical skills development.
27. This Guideline simplifies several stages of competency development into two main categories –
knowledge and competence. Member bodies may wish to refine the classification used here into more
specific requirements corresponding to more specific education and training objectives.
28. Implicit in the use of the term “knowledge,” as applied to the concepts listed in this guideline, is
understanding the implications of the concepts in a professional context. Competence is the ability to
perform specified tasks at the level required by professional standards established by member bodies.
29. Core IT knowledge and competence requirements may be viewed from the perspectives of both
breadth and depth. This Guideline addresses the breadth requirements by using work domains as a way
of categorizing knowledge and competency areas.
30. The depth requirements result from the following building blocks aimed at providing increasing depth
of coverage of core IT knowledge and competency:
• a set of general IT knowledge requirements related to business systems;
• a set of knowledge requirements related to IT controls;
• a set of competency requirements related to IT controls;
• a set of competency requirements related to the user role; and
• a set of role-related competency requirements associated with the manager, designer and
evaluator roles.
IEG-11 Outline
15
32. Tests of professional competence in connection with IT must go beyond testing knowledge and
comprehension, and focus primarily on testing higher-level competencies such as application,
analysis, synthesis and evaluation, applied in a context representative of the work domain in which
the entry-level professional accountant is likely to work.
IEG-11 Outline
16
PREQUALIFICATION IT KNOWLEDGE AND COMPETENCY REQUIREMENTS
Introduction
35. This part of the Guideline addresses each of the four roles identified earlier and identifies broad IT
knowledge and competency requirements for professional accountants. This broad statement of
requirements is supplemented by more detailed Appendices to this Guideline, which break down the
knowledge and competency requirements into detailed topics.
36. During the prequalification stage, all professional accountants must obtain the general IT knowledge
summarized in paragraph 40 and Appendix 1, “General Information Technology Knowledge
Requirements.”
37. Also during the prequalification stage, all professional accountants must obtain the IT controls
knowledge and competencies summarized in paragraphs 41-42 and Appendices 2a and 2b,
“Information Technology Controls Knowledge and Competency Requirements.”
38. In addition, all professional accountants must obtain the competencies summarized in paragraphs
50-55 and Appendix 3, “The Professional Accountant as a User of Information Technology.”
39. Furthermore, as part of their prequalification education, all professional accountants are expected to
concentrate on at least one of the three other roles identified in this Guideline and acquire the
competencies identified for the role(s) in which they are expected to function at an entry level.
These roles are discussed as follows:
• Manager of information systems — paragraphs 56-62
and Appendix 4 to this Guideline
• Designer of business systems — paragraphs 63-70
and Appendix 5 to this Guideline
• Evaluator of information systems — paragraphs 71-78
and Appendix 6 to this Guideline
17
Information Technology Controls Knowledge Requirements
41. All professional accountants, irrespective of their primary work domain or role, must acquire the
following essential body of IT control knowledge related to business systems:
– control frameworks;
– control objectives;
– layers of control;
– responsibility for control;
– control environment;
– control over system acquisition/development;
– risk assessment;
– control activities;
– information and communication; and
– monitoring of control compliance.
Appendix 2a to this Guideline provides a further breakdown of the topics within these broad areas
that all professional accountants should master prior to qualification.
18
46. Appendices 1, 2a and 2b to this Guideline provide a further breakdown of the specific topics that
make up the general IT and IT controls knowledge and competencies (set out in paragraphs 40-42)
that all professional accountants must acquire prior to qualification. It is acknowledged that specific
topics may change over time as IT evolves; however, the broad knowledge and competency areas
identified in the appendices represent the topics widely regarded as the minimum coverage required
in an IT curriculum for accounting professionals.
47. The coverage of some of the topics identified in this Guideline could be spread over, and integrated
into, courses and other learning contexts that are not specifically identified as IT courses. For example,
coverage of some aspects of computer-based business systems could be integrated into a financial
accounting course; coverage of some aspects of management information systems could be integrated
into a management accounting course; coverage of some aspects of internal control in a computer
environment could be integrated into an auditing course; and so on.
48. Some member bodies may wish to offer their own courses, or to supplement courses at post-secondary
institutions with their own or employer-provided training programs. This might be necessary where
post-secondary institutions do not have sufficient resources to offer some parts of the required program
of studies or to supplement theoretical knowledge obtained at post-secondary institutions with practical
experience to assist in competency development.
49. Professional accountants must have effective practical skills as well as theoretical knowledge. Case
studies, interactions with experienced professionals and similar techniques can be used to help develop
practical skills. On-the-job training could also provide valuable practical exposure to these topics.
Member bodies must ensure that prequalification education and on-the-job training are designed to
provide aspiring professional accountants with opportunities to obtain competence in the topics
identified in paragraphs 40-42.
19
Appendix 3 to this Guideline outlines the specific competencies within these broad areas. Ideally,
these competencies would be developed in an accounting context, such as through their use in
connection with an accounting course or an assignment in the work place.
55. It is estimated that the equivalent of one course, as described in paragraph44, would enable an
aspiring accountant to develop the user role competencies outlined in paragraphs 50-54. The
development of user role knowledge and competencies could be spread over, and integrated into,
courses that are not specifically identified as IT courses. Because many of the user role competency
requirements involve practical skills, they would be best met through a combination of in-class
instruction and practical application of skills in a professional work environment.
60. Both the educational material and the prequalification job content should provide aspiring
professional accountants with opportunities to obtain the requisite practical IT skills prior to
qualification. Education programs could use case studies, interactions with experienced
professionals and similar techniques to help develop practical skills. On-the-job training in a junior
managerial capacity could also help develop the competencies listed in Appendix 4.
61. In addition to the IT competencies listed in Appendix 4, the professional accountant’s competencies
must include the communication and interpersonal skills required to support the manager’s
interactions with top management, users, steering committees and suppliers of information system
services, both internal employees and external contractors. In contrast with general communication
and interpersonal skill requirements, these skills must be developed in an IT context.
20
62. It is estimated that, in addition to the general IT knowledge, IT control knowledge and IT control
competency requirements and the user role competency requirements, the equivalent of one course,
as described in paragraph44, would enable an aspiring accountant to develop the competencies
outlined in paragraphs 56-61. Because many of the manager role competency requirements involve
practical skills, they would be best met through a combination of in-class instruction and practical
application of skills in a professional work environment.
66. While at the prequalification level the depth of practical skill that a candidate could acquire in
connection with the design role would, of necessity, be limited, it is nevertheless desirable for
candidates to have practical exposure to some of the important techniques used in key phases of
system design. Both the educational material and the prequalification job content should provide
aspiring professional accountants with opportunities to obtain the requisite practical IT skills prior to
qualification. Education programs could use case studies, interactions with experienced
professionals and similar techniques to help develop practical skills. On-the-job training could also
provide hands on design experience prior to qualification.
67. Since system design skills are generally applied in an interactive context, interpersonal and
communication skills in an IT context are an essential ingredient of the skill set required to support
the professional accountant’s information system design role.
68. A professional accountant’s information system design skills must be developed in the context of
designing systems to meet organizations’ business and service objectives. Thus, IT education
programs and courses aimed at developing practical system design skills must have a managerial
rather than a technical orientation.
21
69. While some practical exposure to specific techniques is desirable, the main emphasis in IT
education programs aimed at developing system design skills must be on higher-order skills
necessary to provide effective advisory services such as the ability to analyze design problems,
synthesize user information and control requirements and evaluate alternative designs in light of an
entity’s business or service objectives.
70. It is estimated that, in addition to the general IT knowledge, IT control knowledge and IT control
competency requirements and the user role competency requirements, the equivalent of one course,
as described in paragraph44, would enable an aspiring accountant to develop the competencies
outlined in paragraphs 63-69. Because many of the designer role competency requirements involve
practical skills, they would be best met through a combination of in-class instruction and practical
application of skills in a professional work environment.
22
76. All professional accountants involved in an evaluative role at the prequalification stage must have
the ability, with limited supervision, to plan, execute and communicate the results of an evaluation
approach tailored to the specific types of evaluations relevant to their work domain in the context of
specific circumstances that involve information systems.
77. The following broad areas of competency relate to the evaluator role:
– plan system evaluation;
– evaluate system (including application of computer-assisted audit techniques (CAATs);
– communicate results of evaluations and follow up.
Appendix 6 to this Guideline outlines the specific competencies within these broad areas.
78. It is estimated that, in addition to the general IT knowledge, IT control knowledge and IT control
competency requirements and the user role competency requirements, the equivalent of one course, as
described in paragraph44, would enable an aspiring accountant to acquire the competencies outlined
in paragraphs 71-77. Because many of the evaluator role competency requirements involve practical
skills, they would be best met through a combination of in-class instruction and practical application
of skills in a professional work environment.
79. The previous paragraphs in this section outlined the minimum prequalification knowledge and
competency requirements for professional accountants. These requirements amount to the equivalent
of four courses addressing: general IT knowledge, IT controls knowledge, user role competencies and
one of designer, manager or evaluator role competencies.
80. Member bodies may, however, wish to go beyond the minimum requirements to develop professional
accountants with enhanced IT competencies. The following additional courses (or their equivalents)
are suggested as potential candidates for a concentration in Accounting and Information Systems:
– Two of the following three:
– designer role knowledge and skill (e.g., programming, data and object structures;
analysis, modeling and design; systems integration);
– manager role knowledge and skill (e.g., project and change management; IT policy and
strategy);
– evaluator role knowledge and skill (e.g., computer-assisted audit techniques; new
assurance services).
– One of the following three:
– enterprise resource planning;
– knowledge management;
– IT consulting .
– Electronic commerce.
23
POSTQUALIFICATION IT KNOWLEDGE AND SKILL REQUIREMENTS
Introduction
81. This part of the Guideline addresses postqualification IT knowledge and skill requirements. In general,
this part focuses on higher levels of knowledge and addresses more specialized skill sets.
Postqualification education requirements related to IT are oriented to ensuring that professional
accountants maintain standards of competence and service quality in their chosen field of IT-related
activity after qualification.
82. In the postqualification curriculum, accountants may choose to continue working in the same domain
as before qualification, to change to another area or to focus on some more specialized aspect of a
more general role. For example, a management accountant who initially qualifies as an accountant in
the public-sector domain may subsequently choose to work in industry. Similarly, an individual who
initially qualifies as a public accountant may eventually choose to work primarily in a management
advisory capacity in connection with a specific industry or in connection with a specific hardware or
software platform.
Specialization
87. After qualification, some professional accountants will choose to focus their involvement with IT by
specializing. Examples of specialist areas that are not themselves IT fields, but are fields in which the
use of IT may be significant, include treasury and finance, financial planning services, taxation,
insolvency and reconstruction, and small business advisory services. Examples of IT specialist practice
areas involving professional accountants are IT strategy, IT governance and IT security and control.
Other potential areas include industry specialization, such as financial institution information systems,
health care information systems, and so on.
88. Member bodies may wish to recognize the qualifications of members who have achieved specialist
status in an acknowledged domain of IT activity by granting them specialist designations or other
appropriate recognition.
24
89. Specialist status would normally be achieved through an appropriate combination of prescribed
theoretical education, practical skills development and specific experience in a specialized work
domain. Supervised practical experience of a reasonable duration in a given area and, in some cases,
tests of professional competence at the specialist level, should be required to qualify the accountant as
a specialist.
90. The following sections discuss postqualification knowledge and skill level requirements for each of the
four roles identified earlier.
Theoretical Content
92. At the postqualification stage, professional accountants who are users of IT must have a sound
conceptual knowledge of the information technologies most appropriate to their work domain. For
example, management accountants must have a reasonable knowledge of the major types of
business systems in use, their inherent risks and effective internal control practices. Professional
accountants working in the tax advisory services domain must have a reasonable knowledge of the
main personal and corporate tax preparation packages, their strengths and weaknesses, electronic
filing systems, tax-planning software and tax research databases. Auditors must have a reasonable
knowledge of the main computer-assisted auditing techniques, their strengths, requirements and
limitations.
Practical Content
93. At the postqualification stage, professional accountants who are users of IT must have practical
skills in the relevant information technologies. For example, all professional accountants should be
able to utilize Internet tools for professional research and communication. Professional accountants
serving in an audit role should be able to use at least one major computer-assisted auditing package,
a work paper generation package, an on-line or local database system or professional research tools
and relevant time management technologies such as time-keeping and billing systems. Professional
accountants working in the tax advisory services domain should have a working knowledge of at
least one personal and one corporate tax preparation package and, where feasible, have practical
training in the use of an electronic filing system, tax-planning software and a tax research database.
25
Theoretical Content
96. At the postqualification stage, professional accountants serving as managers of information systems
must have a sound understanding of the business functions that information systems can fulfill and
the related managerial processes of directing, leading, controlling and communicating in an IT
context. The professional accountant must, therefore, have a fairly detailed understanding of
information system organizations best suited to different entities; approaches to IT staffing,
budgeting, personnel development and performance evaluation; computer system operations
procedures and controls, including environment controls, security, backup and recovery procedures;
project management techniques and controls applicable to information systems development
projects.
97. The level of knowledge required is that necessary to effectively apply the practical skills required to
manage in an information system context.
Practical Content
98. At the postqualification stage, professional accountants serving as managers of information systems
must be able to plan and coordinate, organize and staff, direct and lead, and monitor and control.
These skills include communication skills and interpersonal skills required to support the manager’s
interactions with top management, users, steering committees and suppliers of information system
services, both internal employees and external contractors. In contrast with general communication
and interpersonal skill requirements, these skills must be developed in an IT context.
99. The level of competence required is the ability to manage information systems professionally,
adhering to sound business practices and applicable statutes, standards and guidelines.
Theoretical Content
102. At the postqualification level, professional accountants serving in a design capacity must know
about alternative system design approaches and techniques, their strengths and weaknesses and their
suitability in a specific context. Also, professional accountants serving in this domain must have a
broad familiarity with the major system architectures in use and related hardware and software
systems, their strengths and weaknesses, and effective management and internal control practices. In
addition, they must have detailed knowledge of relevant codified standards, guidelines and preferred
system development methods.
103. The level of knowledge required is that necessary to effectively apply, or advise on the application
of, appropriate techniques in the development of specific business systems.
Practical Content
104. At the postqualification stage, professional accountants serving in a design capacity must have
significant practical exposure to some of the important techniques used in key phases of system
design, such as preparation of a feasibility study, information requirements elicitation and
documentation techniques, data file design and documentation techniques, and document, screen
and report design techniques.
26
105. The level of competence required is the ability to apply, or advise on the application of, appropriate
system techniques, particularly internal controls, in the development of specific business systems
without supervision.
Theoretical Content
108. At the postqualification stage, in their evaluator role, professional accountants must be able to
distinguish between information systems evaluation issues and approaches that are appropriate for
addressing specific evaluation purposes relevant in their work domain. In this regard, a professional
accountant must have detailed knowledge of the steps involved in applying a particular evaluation
approach in an IT context, relevant standards and practices governing the conduct of a particular
evaluation approach and the potential contribution that a particular evaluation could make in a
specific context.
109. The level of knowledge required is that necessary to effectively apply the practical skills required to
evaluate an information system.
Practical Content
110. At the postqualification stage, the professional accountant must be able to tailor standard evaluation
approaches to specific contexts and to offer practical recommendations for information system
improvement where appropriate. In addition, the accountant must be able to apply relevant IT tools
and techniques when conducting the evaluation process.
111. The level of competence required is the ability to plan, execute and communicate the results of an
evaluation approach in an IT context without supervision, while meeting relevant professional
standards governing the particular evaluation objective.
27
IEG-11 Postqualification IT Knowledge and Skill Requirements
28
Appendices
Core IT Knowledge and Competency Areas for Professional Accountants by Role
This section contains the following appendices:
General Information Technology Knowledge Requirements................................................................... 1
Information Technology Controls Knowledge Requirements.................................................................2a
Information Technology Control Competencies .................................................................................... 2b
Competencies for the Professional Accountant as a User of Information Technology ........................... 3
Competencies for the Professional Accountant as a Manager of Information Systems .......................... 4
Competencies for the Professional Accountant as a Designer of Business Systems .............................. 5
Competencies for the Professional Accountant as an Evaluator of Information Systems ...................... 6
These appendices should be read in conjunction with this Guideline. They define broad areas of
competence that should be covered in the IT curriculum and training of professional accountants, organized
by role.
The General IT and IT Control Knowledge Requirements set out in this Guideline specify that, prior to
qualification, all professional accountants must have at least a general level of knowledge of each of the
content areas identified above. For greater clarity, this appendix lists the key topics within these content
areas under three columns headed: “Broad knowledge/skill area,” “Main topic coverage” and
“Illustrative sub-topics.”
A general level of knowledge requires professional accountants to understand the meaning of the topics
listed under the column headed “Main topic coverage” and their importance in the context of business
systems. The topics listed under “Illustrative sub-topics” are provided to clarify the coverage expected for
each topic; however, detailed knowledge of every sub-topic listed is not required as part of the General IT
Education Requirements.
In addition to the general level of knowledge required as part of the General IT Knowledge and IT Control
Knowledge Requirements, this Guideline requires that, prior to qualification, all professional accountants
acquire IT control competencies and other competencies associated with their role as users of IT and at
least one of the roles of designer, manager and evaluator, depending on their anticipated work domain upon
qualification. This appendix contains specific sections dealing with each of these roles. The required level
of competence in these sections goes beyond general knowledge and comprehension of the topics listed,
and requires an ability to apply the knowledge represented by the competency in an appropriate client or
employer setting with limited supervision. The competencies identified presume that professional
accountants who possess the competencies identified herein also possess the related knowledge required by
the competency. Thus, except for the IT control area, no separate knowledge areas are defined for the
competency areas.
Appendices
29
General Information Technology Knowledge Requirements
General systems concepts Nature and types of systems General systems theory, system objectives
Open/closed systems
Well/ill structured
Formal/informal
Operational/tactical/strategic
Transaction processing vs. DSS vs. EIS
vs. AI
Appendix 1 to IEG 11
30
Broad knowledge/skill area Main topic coverage Illustrative sub-topics
General systems concepts Role of information within business Users: internal, external
(cont'd) Monitoring, problem finding, action,
decision support, etc.
Decision theory
Human information processing
Communication of information
Reporting concepts and systems
Transaction processing system (TPS)
Process transactions, maintain master
files, produce reports, process inquiries,
support planning and control, etc.
Knowledge management systems (KMS)
Management information system (MIS)
Decision support system (DSS)
Executive information system (EIS)
Expert system (ES), neural network (NN)
Appendix 1 to IEG 11
31
Broad knowledge/skill area Main topic coverage Illustrative sub-topics
Appendix 1 to IEG 11
32
Broad knowledge/skill area Main topic coverage Illustrative sub-topics
Appendix 1 to IEG 11
33
Broad knowledge/skill area Main topic coverage Illustrative sub-topics
Networks, and electronic data Network components, configurations Local area networks/wide area networks
transfer and designs Wireless/mobile systems
Distributed processing networks
Data transmission options, carrier
services, etc.
Internet protocols
Packet switching
Transmission Control Protocol/Internet
Protocol (TCP/IP)
Uniform Resource Locator (URL)
Domain Name Server (DNS)
File Transfer Protocol (FTP)
Hypertext Transfer Protocol (HTTP)
Internet Relay Chat Protocol (IRC)
Appendix 1 to IEG 11
34
Broad knowledge/skill area Main topic coverage Illustrative sub-topics
Networks, and electronic data Internet/intranet/extranet applications Mail, file transfer, web browser, chat,
transfer newsgroup
Electronic commerce, knowledge
management
Telnet
Appendix 1 to IEG 11
35
Broad knowledge/skill area Main topic coverage Illustrative sub-topics
Appendix 1 to IEG 11
36
Broad knowledge/skill area Main topic coverage Illustrative sub-topics
Data organization and access Data structures and file organization Data coding: characters, records, files,
methods multi-media
Precision of data
File/record design
Appendix 1 to IEG 11
37
Broad knowledge/skill area Main topic coverage Illustrative sub-topics
Data organization and access Data base management systems Data storage, access, and sharing
methods (Cont’d) (features, functions, architectures) Design principles-
characters/fields/records
Data base administration
Conceptual data modeling
Defining/ documenting data base
requirements
File layout/ schema/ data dictionary
Model data bases, distributed systems
38
Information Technology Control Knowledge Requirements
Control frameworks Risks and exposures in computer- Error, fraud, vandalism/abuse, business
based information systems interruption, competitive disadvantage,
excessive cost, deficient revenues,
statutory sanctions, social costs, etc.
Effect of IT audit on organization,
controls
Economic, technical, operational,
behavioral considerations
Cost/benefit
Appendix 2a to IEG 11
39
Broad knowledge/skill area Main topic coverage Illustrative sub-topics
Responsibility for control Roles and responsibilities of key Board, top management
parties IT management and IT personnel
User departments, individuals
Auditors
Appendix 2a to IEG 11
40
Broad knowledge/skill area Main topic coverage Illustrative sub-topics
Appendix 2a to IEG 11
41
Broad knowledge/skill area Main topic coverage Illustrative sub-topics
Appendix 2a to IEG 11
42
Broad knowledge/skill area Main topic coverage Illustrative sub-topics
Control over system Control over system maintenance Maintenance standards and controls
acquisition/development (cont’d) and program changes Infrastructure
Software
Personnel competencies
Information architecture
Business processes
Authorization controls
Documentation standards and controls
Version management
Implementation controls
Custody; change authorization
Migration planning
Emergency change controls
Testing and quality assurance
Appendix 2a to IEG 11
43
Broad knowledge/skill area Main topic coverage Illustrative sub-topics
Appendix 2a to IEG 11
44
Broad knowledge/skill area Main topic coverage Illustrative sub-topics
Information and communication Information processing system People, procedures, data, software,
infrastructure
Key processes
Identification and recording of all valid
transactions
Proper/timely classification of
transactions
Appropriate measurement/valuation
Appropriate timing/cut-off
Appropriate presentation
Appendix 2a to IEG 11
45
Broad knowledge/skill area Main topic coverage Illustrative sub-topics
Monitoring of control compliance Roles of management users, auditors Internal monitoring processes
(internal, external) Performance review processes
External monitoring processes
Processes for addressing non-compliance
Appendix 2a to IEG 11
46
IT Control Competencies
Units Elements
Select suitable Identify relevant IT control framework to apply to the analysis and evaluation of internal
control criteria control
to analyze and Identify relevant IT control objectives to apply to the analysis and evaluation of internal control
evaluate Identify relevant layers of control to be included in the analysis and evaluation
controls Identify areas of responsibility for identified control objectives
Evaluate control Analyze and evaluate effectiveness of board of directors or audit committee participation
environment Analyze and evaluate effectiveness of management philosophy and operating style
Analyze and evaluate the effectiveness of organizational structures
Analyze and evaluate the effectiveness of assignment of authority and responsibility;
management control methods
Analyze and evaluate the effectiveness of human resource policies and practices
Analyze and evaluate the effectiveness of financial policies and practices
Evaluate system Analyze and evaluate effectiveness of systems acquisition/development methodology, including
acquisition/ make/buy criteria
development Analyze and evaluate effectiveness of standards for systems development project management
process and and control
controls Analyze and evaluate compliance with standards for system investigation and feasibility study
Analyze and evaluate compliance with standards for determination of user requirements and
initial system design
Analyze and evaluate compliance with standards for system design, selection,
acquisition/development
Analyze and evaluate compliance with standards for system implementation, including system
testing, training, data conversion and quality assurance
Analyze and evaluate compliance with standards for system maintenance and program changes
Evaluate risk Analyze and evaluate process for identifying the entity's exposures to risks
assessment Analyze and evaluate process for estimating probability of loss
processes and Analyze and evaluate process for estimating monetary and non-monetary consequences
activities Analyze and evaluate process for developing cost-effective preventive/detective/corrective
strategies to address risk
Appendix 2b to IEG 11
47
Evaluate system Analyze and evaluate effectiveness of entity's information processing activities in support of
processing organizational objectives
operations and Analyze and evaluate effectiveness of information processing control procedures
controls Analyze and evaluate effectiveness of controls over data integrity, privacy and security
Analyze and evaluate effectiveness of segregation of incompatible functions
Analyze and evaluate effectiveness of continuity of processing/ disaster recovery planning and
control
Analyze and evaluate effectiveness of controls over integrity of system processing
Evaluate Analyze and evaluate internal monitoring processes, including their effectiveness in leading to
monitoring changes in controls or control environment
processes and Analyze and evaluate performance review process
activities Analyze and evaluate external monitoring processes
Analyze and evaluate process for addressing non-compliance or deterioration in compliance
identified by monitoring activities of management, users, internal auditors, external auditors
Appendix 2b to IEG 11
48
User Role Competencies
Units Elements
Apply Apply operating system (Dos, Windows, Other)
appropriate IT Apply word processing software in a relevant accounting/business context
systems/tools to Apply spreadsheet software in a relevant accounting/business context
business/ Apply database software in a relevant accounting/business context
accounting Apply Internet tools (E-mail, Web Browser, FTP, Other) software in a relevant
problems accounting/business context
Apply professional research tools in a relevant accounting/business context
(See Note 1) Apply business presentation software in a relevant accounting/business context
Apply anti-virus and other security software in a relevant accounting/business context
Apply utility software and other relevant software in a relevant accounting/business context
Define and fill Identify requirements (hardware, software, network, data, supplies, assistants, controls, other)
personal system Document requirements
requirements Evaluate and select products and suppliers
Contract for products, services and supplies
(See Note 2) Test and decide on acceptability
Implement
Maintain/update/ manage change for IT resources
Appendix 3 to IEG 11
49
Manager Role Competencies
Units Elements
Manage entity’s Participate in strategic planning (via membership on steering committee)
IT strategy Develop an IT strategic plan to support the entity’s business plan
Align/integrate information systems with entity’s business/program objectives and success
factors
Translate strategic business/program objectives into operating principles for IT planning
Facilitate business process re-engineering through the use of IT
Manage IT Measure, analyze and evaluate consistency and compatibility of system components
operations Analyze, evaluate and plan IT capacity
effectiveness Analyze and evaluate impact of IT on management, jobs and office procedures
and efficiency Develop/maintain data/information architecture
Develop/maintain responsive IT infrastructure (hardware, facilities, communication networks)
Develop/maintain software (systems, applications, utilities)
Plan and schedule system operations priorities and allocate resources
Measure, analyze and evaluate IS effectiveness and productivity
Measure, analyze and evaluate IT function performance, productivity and service quality,
quality assurance processes, continuous improvement
Manage IT Implement physical and logical safeguards for hardware, facilities, software and information
controls Implement system availability and continuity (back-up/recovery, disaster planning) controls
Implement access controls (physical, logical/electronic)
Implement privacy and confidentiality controls
Implement input/output reception/distribution control
Implement processing integrity controls
Appendix 4 to IEG 11
50
Manage system Identify and evaluate appropriate development/ acquisition alternatives such as in-house/
acquisition, bureau/ outsourcing
development Implement and monitor system acquisition/ development and implementation standards
and Determine and provide system project staffing requirements and budgets
implementation Implement project management processes to manage and monitor system projects
Use appropriate methodologies to identify, analyze, evaluate and select appropriate supplier(s)
and system(s)
Manage expectations by communicating system acquisition/development plans and status to
users, top management/steering committee
Manage system Implement and monitor standards and controls applicable to IS maintenance activities
maintenance Implement and monitor version management
and change Manage custody of systems, change authorization
Implement and monitor process for migrating systems from legacy to state of the art
Implement and monitor emergency change controls
Implement and monitor testing and quality assurance for all system changes
Appendix 4 to IEG 11
51
Designer Role Competencies
Units Elements
Analyze and Facilitate the development of the entity’s strategic vision for IT
evaluate role of Analyze and evaluate the business impact of entity’s strategic vision for IT on the entity, its
information in customers, suppliers and employees
the entity’s Facilitate communication between users, technologists and management
business Analyze, evaluate and design role of data bases and data base management systems including
processes and knowledge management systems, data warehouses
organization Analyze, evaluate and design entity’s business processes: transaction processing in business and
accounting applications
Analyze, evaluate and design entity’s system development life cycle (SDLC) phases, tasks
Analyze and evaluate system risks
Analyze, evaluate and design controls
Appendix 5 to IEG 11
52
Apply detailed Prepare and document detailed design specifications
system design, Evaluate and acquire infrastructure
acquisition/ Evaluate and acquire/develop required system, application and utility software
development Select suppliers and service providers
methods Prepare hardware contracts, facilities leases, software licenses, network service level
agreements
Prepare documentation and operations manuals
Appendix 5 to IEG 11
53
Evaluator/Auditor Role Competencies
Units Elements
Plan system Identify IT assurance service requirement or opportunity
evaluation Analyze/evaluate and advise on entity's IT assurance needs based on legal, ethical, professional
standards and other requirements and best practices.
Identify nature of particular IT assurance engagement or project and standards and other
requirements governing the engagement.
Analyze and evaluate and decide whether to accept the IT assurance engagement or project
Define the scope of the IT assurance engagement or project
Identify, analyze and evaluate risk factors and business issues affecting the IT assurance
engagement or project and their implications
Define precision requirements (level/frequency of system errors, flaws and failures that are
deemed significant/material)
Design effective and efficient procedures including CAATs to comply with professional
standards and meet engagement objectives.
Assign and schedule staff with appropriate IT skills, including IT specialist personnel, to
perform the IT assurance engagement or project
Evaluate system Collaborate with colleagues, client and others, including IT specialist personnel
Perform planned procedures, including CAATs, exercising required controls over their
execution.
Adjust program for changes in circumstances
Document procedures
Analyze and evaluate evidence/results of procedures
Perform supervision, review and quality assurance procedures
Communicate Prepare appropriate type of communication, including verbal communication, "seal" or printed
results of report
evaluations and Present communication verbally, electronically or in printed format to client or other intended
follow up recipients
Update communication as frequently as required (e.g., refresh the "seal" or report posted on a
web site)
Follow up as required
Appendix 6 of IEG 11
54