|
The CITP credential holder possesses a breadth of business and technology experience. The CITP Body of Knowledge represents the qualifying areas of information assurance and management knowledge for both business experience and life long learning. The Body of Knowledge essentially contains the two areas of services as follows:
-
-
All CITP professionals should possess a mastery of the following knowledge and skills.
1.) Audit and Attest Services
a. Types of Audit and Attest Services:
Provide assurance to the public on financial statements, a client service, or a specific segment or piece of an entity’s operations
i. Financial Statement audit
ii. Audits on Service Organizations (SAS 70)
iii. Trust Services engagement
iv. Agreed-Upon procedures
v. Other compliance engagements
b. Internal Controls over Financial Reporting:
Provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes/ use
i. Understanding of Internal Controls
ii. Management considerations
iii. Preparing an IT Audit plan
c. Fraud Considerations:
Consider the risks of material misstatement due to fraud and determine specific IT techniques to detect fraud
i. Prevention and deterrence
ii. Digital evidence
iii. Detection & investigation
d. Risk assessment:
Initial evaluation of risks that may impact the possibility of a material misstatement or the vulnerability of an organization’s assets with initial assumptions, research, and uncertainties
i. Types of risk assessments
ii. Understanding business environment & processes
iii. Audit Risk Model for F/S audits
iv. Develop walkthrough plan
v. Draft risk assessment report
vi. Complete the IT Audit plan
e. Information Technology General Controls:
Control objectives relate to the confidentiality, integrity, and availability of data and the overall management of the IT function of the business enterprise
i. Control environment
ii. Systems Development, Deployment, and maintenance
iii. Logical and physical security
iv. Backup & recovery process
f. Auditing techniques & procedures:
Techniques and options to design and execute testing procedures
i. Planning for test of controls
ii. Application control testing
iii. Evidence gathering
iv. Sampling considerations
v. Technical tools/ techniques (CAATTs)
g. Assessment of controls:
Evaluation process of controls and the entity’s environment after examination and testing
i. Deficiency evaluation for IT related controls
ii. Materiality/ impact to the Entity
iii. Assessment reporting
Back to top
2.) Financial Data Components, Analysis, and Reporting
a. Information Management:
Ensuring that information is managed such that it provides value in a number of aspects
i. Information quality
ii. Information presentation
iii. Information timeliness
iv. Information auditability
v. Information life cycle management
vi. Information and data modeling
vii. Information security
b. Business Process Improvement:
Identifying opportunities and understand the value of using information technology to create work flows and processes that enable more effective use of resources
i. Business process management
ii. System solution management
iii. Application integration management
c. Data Analysis & Reporting Techniques:
Process of gathering, modeling, and transforming data with the goal of highlighting useful information, suggesting conclusions, and supporting decision making
i. Infrastructure/ platforms employed
ii. Data collection and aggregation
iii. Available tools/ approaches and functionalities
iv. Tool selection process
d. Performance management:
Apply data analysis and reporting concepts to analyze enterprise performance and help the organization achieve its accountability goals and objectives, using financial and non-financial information
i. Budget & profitability management
ii. Performance metrics and reporting
Back to top
|