The new IIA Competency Framework: Can the auditor of the future benefit from it?

My name is Alexander Rühle and I have been the CEO of zapliance for 6 years now.

But before I started zapliance together with partners, I worked as an auditor for many years – and just like it was for my colleagues, the topic of career planning was always on my mind.

After all, if you want to advance professionally, you shouldn’t just rely on others, but if possible, make your own plan and set your own goals.

That is why I would like to introduce you to the new Internal Audit Competency Framework of the IIA.

A tool that allows auditors at every career level to match their competencies with the competencies required at that level.

Take a moment to familiarize yourself with the framework here


The Competency Framework also makes it easier to prepare for the next career step – because it shows in detail which competencies are required for this.

In concrete terms, the Competency Framework is divided into four different categories:


Professionalism includes the competencies that an auditor needs to stand for authority, credibility, and ethically correct behavior. These competencies are essential for adding value in the internal audit department.


The umbrella term performance refers to competencies that are required for the planning and execution of internal audit assignments in compliance with the standards.


The term environment includes competencies that are required to identify and address the specific risks for the industry and the environment in which the organization operates.

Leadership & Communication

The keywords leadership and communication are understood to mean the skills required to provide strategic direction, communicate effectively, manage relationships and control staff and internal audit processes (IIA, 2020).

Each of these four categories is divided into several areas of knowledge.

The first area of professionalism, for example, includes personal objectivity, ethical conduct, professional diligence, or the internal audit rules of procedure.

Every auditor is on a different competency level.

In a next step, the required competencies are then described for each of these areas of knowledge according to the competence level.

Three competence levels are named:

General awareness, applied knowledge and expert knowledge.

Sounds complicated?

Well, it’s not.

Here is an example of how the Competency Framework could be used by an auditor in his first year of professional life:

I would assign the first level of competence, namely general awareness, to the first year of the profession.

So if a young professional wants to assess which competencies he or she should focus on improving in order to be prepared for the next higher level of competence (and thus possibly for a promotion), it is worth taking a look at the Competency Framework.

The Competency Framework describes competences in great detail.

Now the young professional has to decide between four categories and which one he wants to improve first – Let’s assume he chooses the category environment with its eleven areas of knowledge.

He now decides to countercheck his competences in the area of general business processes with the Competency Framework.

There the following is written for the first level of competence – general awareness:

“Describe the risk and control implications of business processes (HR, procurement, contracting, product development, project management, sales, marketing, logistics, outsourcing, etc.) (IIA, 2020, P. 5)

Now he can estimate which of these competences he has already acquired and for which competences there is a need to catch up.

At the same time, the young auditor can familiarize himself with the competences required in the second competence level – applied knowledge.

There it is written:

“Examine the risks and controls associated with the organization’s business processes. (IIA, 2020, P. 5)

These very concretely formulated contents of the second level of competence give the auditor the opportunity to familiarize himself with future challenges and to acquire the necessary competences now.

For example, with the help of books and online courses – but also through interesting conversations with other colleagues during the lunch break.

Does the Competency Framework fit the auditor of the future?

There is no doubt that the Competency Framework is an important support for auditors and those who want to become auditors.

But I was wondering to what extent the framework takes into account the requirements of the auditor of the future, who will have to work with more and more data and people – the umbrella article for the series of articles on the auditor of the future can be found here.

Does the Competency Framework take up aspects such as soft skills, which are becoming increasingly important?

What about an open mindset.

And does the framework actually consider the pressure on auditors to find their way through the ever-growing volume of data?

All these questions cannot be answered in one sentence – therefore let’s answer them step by step:

The topic of soft skills can be found in the Competency Framework!

This is in the category “Leadership and Communication”. However, only three soft skills are specifically mentioned – namely conflict management, influence, and persuasiveness.

Three skills that cover important areas of interpersonal communication in the auditing profession, but not the only areas.

The ability to deal competently with the opinions of others , for example, which would be most likely to be located in this area of knowledge, does not fall under the three soft skills mentioned.

Soft skills do not only describe social skills but are diverse.

In general, it appears as if the soft skills listed only include social skills – soft skills also include personal skills that relate to dealing with oneself.

For example, the point mentioned before, dealing with the other opinions:

If an auditor does not take qualified comments into account in a discussion, just because they come from an intern, this can have a considerable negative impact on his work.

If the auditor wants to change this fact, he must therefore start with himself and sharpen his personal soft skills.

But even though the Competency Framework mainly refers to social soft skills, it also includes a personal soft skill:

The open mindset.

A competence that is of great importance in our constantly dynamic working environment and is by no means a matter of course.

In the soft skills knowledge area, the appropriate phrase is:

“Recognize opportunities for change and enable change. Evaluate […] innovation in internal audit. Recommend improvements”.

But what about the third point that is highly relevant for the auditor of the future – the requirement to be able to handle data competently?

I can already say that it looks good.

After all, an important point in dealing with the growing volume of data is the use of suitable software.

And fortunately, this point is also reflected in the Competency Framework, which states:

“Use computer-aided auditing tools and techniques”.

At this point, however, I must say that a weighting of the individual knowledge areas would certainly have been advantageous.

After all, 47 different areas of knowledge are quite a lot, and there is a danger that a comparatively briefly formulated point such as the one just quoted, despite its immense importance for the auditor of the future, will be lost.

As you can see, the Competency Framework highlights important characteristics of the auditor of the future (including soft skills, open mindedness, data competence) and provides valuable support for career planning.

However, I see potential for improvement in weighting the individual areas of knowledge and a more differentiated approach to the topic of soft skills.

Exciting: The Competency Framework can also be used when working with the OKR method.

The OKR method, about which I wrote an article just a few weeks ago, can also benefit considerably from the Competency Framework.

Although the OKR method is mostly used to achieve corporate goals, this does not exclude using it to achieve personal goals.

However, it is of course up to each individual to decide whether to set these goals for themselves or whether they should be set together with their supervisor and measured against them.

Finally, two recommendations!

My advice to the younger auditors among us:

Take a look at the Competency Framework.

And you will see that a career in auditing can be planned with surprising clarity.

My advice to the more experienced auditors among us:

Take a look at the Competency Framework.

And you will see that it is a useful tool to support your team in acquiring competencies.

Perhaps you will also discover one or two points where you yourself have some catching up to do.

You don’t have to tell anyone about it.


The Institute of Internal Auditors (2020). Internal Audit Competency Framework. Lake Mary: IIA.

Artikel teilen