Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search

Printer Friendly View

CITP Body of Knowledge

The CITP credential holder possesses a breadth of business and technology experience. The CITP Body of Knowledge represents the qualifying areas of information assurance and management knowledge for both business experience and life long learning.  The Body of Knowledge essentially contains the two areas of services as follows:

 

All CITP professionals should possess a mastery of the following knowledge and skills.

 

1.)  Audit and Attest Services

a.      Types of Audit and Attest Services:

     Provide assurance to the public on financial statements, a client service, or a specific segment or piece of an entity’s operations

                                                              i.      Financial Statement audit

                                                             ii.      Audits on Service Organizations (SAS 70)

                                                           iii.      Trust Services engagement

                                                          iv.      Agreed-Upon procedures

                                                            v.      Other compliance engagements

 

b.      Internal Controls over Financial Reporting:

     Provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes/ use

                                                              i.      Understanding of Internal Controls

                                                             ii.      Management considerations

                                                           iii.      Preparing an IT Audit plan

 

c.      Fraud Considerations:

     Consider the risks of material misstatement due to fraud and determine specific IT techniques to detect fraud

                                                              i.      Prevention and deterrence

                                                             ii.      Digital evidence

                                                           iii.      Detection & investigation

 

d.      Risk assessment:

     Initial evaluation of risks that may impact the possibility of a material misstatement or the vulnerability of an organization’s assets with initial assumptions, research, and uncertainties

                                                              i.      Types of risk assessments

                                                             ii.      Understanding business environment & processes

                                                           iii.      Audit Risk Model for F/S audits

                                                          iv.      Develop walkthrough plan

                                                            v.      Draft risk assessment report

                                                           vi.      Complete the IT Audit plan

 

e.      Information Technology General Controls:

     Control objectives relate to the confidentiality, integrity, and availability of data and the overall management of the IT function of the business enterprise

                                                              i.      Control environment

                                                             ii.     Systems Development, Deployment, and maintenance

                                                           iii.      Logical and physical security

                                                          iv.      Backup & recovery process

 

f.      Auditing techniques & procedures:

    Techniques and options to design and execute testing procedures

                                                              i.      Planning for test of controls

                                                             ii.      Application control testing

                                                           iii.      Evidence gathering

                                                          iv.      Sampling considerations

                                                            v.      Technical tools/ techniques (CAATTs)

 

g.      Assessment of controls:

     Evaluation process of controls and the entity’s environment after examination and testing

                                                              i.      Deficiency evaluation for IT related controls

                                                             ii.      Materiality/ impact to the Entity

                                                           iii.      Assessment reporting

 

Back to top

 

2.)  Financial Data Components, Analysis, and Reporting

a.      Information Management:

     Ensuring that information is managed such that it provides value in a number of aspects

                                                              i.      Information quality

                                                             ii.      Information presentation

                                                           iii.      Information timeliness

                                                          iv.      Information auditability

                                                            v.      Information life cycle management

                                                           vi.      Information and data modeling

                                                          vii.      Information security

 

b.      Business Process Improvement:

     Identifying opportunities and understand the value of using information technology to create work flows and processes that enable more effective use of resources

                                                              i.      Business process management

                                                             ii.      System solution management

                                                           iii.      Application integration management

 

c.      Data Analysis & Reporting Techniques:

     Process of gathering, modeling, and transforming data with the goal of highlighting useful information, suggesting conclusions, and supporting decision making

                                                              i.      Infrastructure/ platforms employed

                                                             ii.      Data collection and aggregation

                                                           iii.      Available tools/ approaches and functionalities

                                                          iv.      Tool selection process

 

d.      Performance management:

     Apply data analysis and reporting concepts to analyze enterprise performance and help the organization achieve its accountability goals and objectives, using financial and non-financial information

                                                              i.      Budget & profitability management

                                                             ii.      Performance metrics and reporting 

 

Back to top

 

 

Copyright © 2009 by the American Institute of Certified Public Accountants, Inc., New York, New York.