From education to employment

Internal audit practitioner

Reference Number: ST0587

Details of standard

Occupational Profile:

The role of internal audit departments is to provide an independent, objective assurance and consulting activity to add value and improve an organisation’s operations. Internal Audit helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal Audit has an enterprise-wide remit and mandate, which means assessing the adequacy and effectiveness of all areas of an organisation including the risk management, compliance and finance functions. Internal Audit is the last line of defence in an organisation and, as such, must remain impartial and independent in how it works alongside all areas of the organisation.

IAPracs will be competent in undertaking all aspects of internal audit engagements. They are typically part of an audit team operating under the management of the Internal Audit Professional (IAProf) or Head of Internal Audit.

The IAPrac’s typical responsibilities include:

  • researching the activities being audited by spending time with the area of the organisation being audited; walking through how they operate a task/process; review policy, processes and standards related to the activity being audited
  • data gathering, analysis and interpretation through face to face, email and other forms of data gathering practises used in the organisation
  • documenting the business process and control environment through process mapping, e.g. flowcharting, and validating the process via a ‘walkthrough’
  • identifying and evaluating the associated governance, risks and controls through mapping against governance policy set out in the organisation, reviewing the documented internal risk process including any documented management controls in place as set out by the business
  • performing tests and analyse to evaluate the effectiveness of controls (i.e. do the controls protect the organisation against potential risks, as identified by the organisation, management or internal control functions)
  • identifying vulnerabilities and exposures
  • communicating the results of their audit work to audit management

Internal auditor roles will be found in the public, private and voluntary sectors, where the Internal Audit function is acknowledged as a cornerstone of good corporate governance essential to the success of an organisation, as recognised by the UK Corporate Governance Code (or other sector-relevant codes of practice). The profession is overseen by the Chartered Institute of Internal Auditors (Chartered IIA), which sets out guidance and standards on how the profession should manage itself and deliver internal audit services for organisations. 



IAPracs, on completion of the apprenticeship standard, will meet the following knowledge requirements:

Commercial Awareness IAPracs will understand the internal (operational transactions of the organisation/business area being audited) and external (political, commercial, economic, social, cultural, technological, legislative, environmental) environment of the organisation being audited.
Corporate Governance and Risk Management IAPracs will demonstrate an awareness of the characteristics of good corporate governance and risk management, and the role of Internal Audit, and will be able to assess the contribution they make to organisational effectiveness and assurance. IAPracs will be expected to work with IAProfs in the audit of more complex topics, e.g. culture, risk management, strategy, fraud prevention.
Organisational Business Processes IAPracs will have an understanding of their organisation’s strategy and success measures, and be cognisant of how their work contributes to the success of the function/organisation’s industry. They will also understand the risk and control implications of different organisational structures, business processes and IT Systems, and how these relate to specific audit work. IAPracs will know where to find relevant internal policy, processes and standards relevant to business area being audited and external regulation/legislation which might impact the organisation.
Risk and Control / Audit Methodology IAPracs will know the different types of controls, management control techniques, and internal control framework characteristics (e.g. Committee Organisations Sponsoring Treadway Commission (COSO), International Standards Organisation (ISO), Control Objectives for Information & Related Technologies (COBIT)) used within their organisation and industry. IAPracs will demonstrate an understanding of how to apply internal auditing methodologies and standards throughout all stages of an internal audit assignment and will contribute to changes/updates to the Internal Audit manual based on internal audits undertaken and on an appreciation of what is and isn’t working for the organisation.



IAPracs, on completion of the apprenticeship standard, will have developed the following skills:

Building Relationships IAPracs will build sustainable relationships based on trust and respect, within their function and with stakeholders, on an audit by audit basis. This will drive two-way communication with the business being audited to inform the audit plan, support plan changes and aid Internal Audit’s understanding of the risk profile of the business, how the policy, processes and standards in an organisation are being applied by the business as detailed during process mapping, i.e. the walkthrough process.
Communication IAPracs will communicate clearly and succinctly both verbally and in writing. IAPracs will adapt their communication style to suit different situations. IAPracs will promote open communication, demonstrating the ability to apply appropriate interview techniques during delivery of their audit work and effectively articulating findings to IAProfs. IAPracs will be able to effectively contribute to meetings.
Collaboration IAPracs will collaborate effectively with other audit colleagues to gain understanding and insights to inform audits and gather data to deliver results, and will be team players.
Data Analysis With guidance, IAPracs will select and use tools/techniques to obtain relevant data/information for specific audit assignments. IAPracs will apply sampling, data analysis and other statistical techniques to analyse and assess data and draw preliminary conclusions.
Time Management IAPracs will manage their time effectively to deliver high quality work within appropriate timelines to deliver their audit assignments and other work requirements.
Systems and IT skills IAPracs will be proficient in the use appropriate business systems and software e.g. sending emails, using word processing and spreadsheet software, documenting workpapers using organisation’s appropriate audit systems etc.



IAPracs, on completion of the apprenticeship standard, will have developed the following behaviours:

Ethics and Integrity IAPracs will act with integrity to their profession and the ethical code of conduct of their organisation/auditee, will demonstrate organisational values in how they work, and will demonstrate confidentiality, independence and objectivity.
Add Value/Continuous Improvement IAPracs will add value to the organisation/department they are auditing by proactively sharing issues identified during the course of their audit work with their line manager. IAPracs will support the continuous improvement of the risk and control environment of the organisation/business being audited by suggesting new ideas.
Professional Development IAPracs will take responsibility for their own professional development by seeking out opportunities to learn and grow.
Proactive and Adaptable IAPracs will demonstrate drive and energy to get the job done and an open mindset in all their audit work, able to adapt in changing circumstances.
Professional Scepticism IAPracs will demonstrate an attitude that includes a questioning mind and being alert to conditions that may indicate possible misstatement of information due to error or fraud. IAPracs will be able to speak out courageously in their own organisation.



This is a level 4 apprenticeship


The length of this apprenticeship should typically be 18 to 24 months, depending on prior qualifications and relevant work experience.

Entry Requirements:

Individual employers will set the selection criteria for their apprenticeship, but apprentices are likely to have GCE A Levels or equivalent.


IAPracs will be required to complete the:

  • IIA Certificate in Internal Audit and Business Risk
  • Certified Internal Auditor (CIA) Part 1 – Essentials of Internal Auditing

Apprentices without Level 2 English and Mathematics will need to achieve this level prior to taking their End-Point Assessment. For those with an education, health and care plan or a legacy statement the English and Mathematics minimum requirement is Entry Level 3, and British Sign Language qualifications are an alternative to English qualifications where this is their primary language.  

Link to professional registration and progression:

The Chartered IIA is the recognised professional body for internal auditing in the UK and Ireland. The apprentice will apply for membership of the Chartered IIA at the outset of the apprenticeship. Completion of the IIA Certificate leads to the IACert designation, and completion of CIA Part 1 leads to award of the Internal Audit Practitioner designation. In addition, the CIA Part 1 must be completed for the individual to progress to gaining the full CMIIA designation (Chartered Internal Auditor) and to gain voting member status at the Chartered IIA.


This apprenticeship should be reviewed after three years.

Crown copyright © 2017. You may re-use this information (not including logos) free of charge in any format or medium, under the terms of the Open Government Licence. Visit

Related Articles