What is the pass mark for the Level 7 Internal Audit Professional EPA?

The EPA is graded as Pass, Merit, or Distinction. There is no fixed percentage; instead, the assessor evaluates your portfolio and professional discussion against the assessment criteria. To achieve a Pass, you must demonstrate competence in all areas, including technical knowledge, application, and professional behaviour. A Merit or Distinction requires deeper analysis, strategic insight, and evidence of leadership.

How long does the professional discussion last?

The professional discussion typically lasts 60-90 minutes. It is conducted remotely or in person with an independent assessor. You will be asked about your portfolio evidence, technical knowledge, and how you handle real-world scenarios. Prepare to speak for 5-10 minutes per question, using examples from your work.

Do I need to memorise the IIA Standards?

Yes, you should know the key Standards by number and content, especially Attribute Standards (1000-1320) and Performance Standards (2000-2600). However, the assessor is more interested in your ability to apply them than rote recall. Focus on understanding the intent behind each Standard and how you have implemented them in your audits.

What types of evidence should I include in my portfolio?

Your portfolio should include a variety of evidence such as audit plans, work papers, draft reports, final reports, feedback from stakeholders, and reflective statements. Each piece must be mapped to the relevant KSBs (Knowledge, Skills, Behaviours) in the assessment plan. Ensure you anonymise sensitive data and explain your role clearly.

Can I use data analytics tools in the EPA?

Yes, and it is encouraged. The EPA expects you to demonstrate competence in using data analytics for audit testing. You can include evidence of using tools like Excel, ACL, or IDEA in your portfolio. During the professional discussion, be ready to explain how you selected the tool, performed the analysis, and interpreted the results to identify risks or control weaknesses.

What happens if I fail the EPA?

If you fail, you can retake the assessment, usually within 12 months. You will need to address the areas of weakness identified by the assessor. Your training provider can support you with additional coaching. Note that you may need to resubmit your portfolio or retake the professional discussion, depending on which component you failed.

Level 7 - Internal Audit Professional - Core Content

CHARTERED INSTITUTE OF INTERNAL AUDITORS

vocational

This subtopic introduces the core principles and practices underpinning the internal audit profession at a strategic level. It covers the International Professional Practices Framework (IPPF), risk-based audit planning, governance, and control frameworks. Learners will apply these concepts to evaluate organisational risks and provide assurance on the effectiveness of governance and internal controls.

Learning Outcomes

Assessment Guidance

Key Skills

Key Terms

Assessment Criteria

Assessment criteria

Level 7 - Internal Audit Professional

Topic Overview

The Level 7 Internal Audit Professional End-Point Assessment (EPA) is the final stage of the Chartered Institute of Internal Auditors (CIIA) apprenticeship, designed to test your competence as a strategic internal audit leader. This assessment evaluates your ability to plan, execute, and report on complex internal audit engagements, while demonstrating ethical judgment and business acumen. It covers advanced topics such as risk management, governance, control frameworks, and the use of data analytics in auditing.

This EPA is crucial because it validates that you can operate at a senior level within an organisation, providing independent assurance and advisory services to enhance governance and risk management. It fits into the wider Accounting & Finance field by bridging traditional financial audit skills with modern, strategic internal audit practices, preparing you for roles such as Head of Internal Audit or Audit Director.

The assessment consists of two components: a portfolio of evidence demonstrating your work-based learning, and a professional discussion with an independent assessor. You must show deep understanding of the IIA's International Professional Practices Framework (IPPF), including mandatory guidance like the Core Principles, Definition of Internal Auditing, Code of Ethics, and Standards. Success requires not just technical knowledge, but the ability to apply it in real-world scenarios, often under pressure.

Key Concepts

Core ideas you must understand for this topic

→IPPF Mandatory Guidance: Understand the Core Principles (e.g., integrity, objectivity, confidentiality), the Definition of Internal Auditing, the Code of Ethics (principles and rules of conduct), and the International Standards for the Professional Practice of Internal Auditing (Standards), especially Attribute Standards (1000 series) and Performance Standards (2000 series).
→Risk-Based Audit Planning: Ability to develop a strategic audit plan using the organisation's risk appetite, risk register, and business objectives. This includes prioritising audit areas based on inherent risk, control effectiveness, and residual risk.
→Audit Evidence and Sampling: Mastery of audit procedures (inquiry, observation, inspection, re-performance, analytical procedures) and statistical vs. non-statistical sampling methods. You must justify sample sizes and selection methods to ensure sufficient, reliable evidence.
→Governance, Risk, and Control (GRC): Deep knowledge of the three lines of defence model, COSO Internal Control – Integrated Framework, and the role of internal audit in evaluating governance structures, risk management processes, and internal control systems.
→Data Analytics in Auditing: Use of tools like ACL, IDEA, or Excel to perform data extraction, analysis, and visualisation. You must be able to identify anomalies, trends, and control weaknesses through data interrogation techniques.

Learning Objectives

What you need to know and understand

Critically evaluate the application of the IPPF Standards in a given organisational context
Design a risk-based internal audit plan aligned with strategic objectives
Assess the effectiveness of governance, risk management, and control processes
Apply professional judgement to resolve ethical dilemmas in internal audit
Communicate audit findings and recommendations effectively to senior management and the board
Demonstrate leadership in promoting an ethical culture within the organisation

Assessment Criteria

Key criteria assessors look for in your portfolio

Award credit for demonstrating an understanding of the mandatory elements of the IPPF
Credit given for linking audit universe to organisational risk appetite in audit planning
Marks allocated for evaluating control design weaknesses using a recognised framework (e.g. COSO)
Look for evidence of appropriate communication style tailored to the audience in reporting
Award marks for identifying potential ethical conflicts and proposing solutions aligned with the Code of Ethics

Assessment Guidance

Guidance for achieving higher grades

💡In scenario-based questions, explicitly reference relevant IPPF standards to demonstrate applied knowledge
💡When developing an audit plan, justify your choice of audits by linking to the organisation's risk register and strategic objectives
💡For written reports, ensure findings are constructive and balanced, highlighting both strengths and areas for improvement
💡Practice time management for the professional discussion; prepare structured answers using the competency framework
💡Remember that internal audit adds value through insight and foresight; show how your recommendations enhance governance
💡In the professional discussion, use the STAR technique (Situation, Task, Action, Result) to structure your answers. For example, when asked about a challenging audit, describe the specific situation, your role, the actions you took (linking to Standards), and the outcome. This shows practical application.
💡Always link your answers to the IPPF Standards. For instance, if discussing audit planning, explicitly mention Standard 2010 – Planning. This demonstrates your knowledge of the framework and earns marks for technical accuracy.
💡Prepare for ethical scenario questions. The assessor may present a dilemma (e.g., pressure from management to suppress a finding). Show how you would apply the Code of Ethics and Standards, and explain your reasoning step-by-step. This is a common area where students lose marks.

Common Mistakes

Common errors to avoid in your coursework

Confusing internal audit's role with external audit, leading to a narrow focus on financial statement accuracy
Failing to align the audit plan with the organisation's strategic risks, resulting in a generic plan
Overlooking the importance of soft skills and stakeholder management in audit effectiveness
Applying a checklist approach to IPPF standards without contextualising to the organisation's size or sector
Neglecting to document the rationale for audit judgements, weakening the evidential basis
Misconception: Internal audit is just about finding errors. Correction: While error detection is part of it, the primary role is to provide assurance and advisory on governance, risk, and control. The EPA expects you to focus on strategic value, not just compliance.
Misconception: The Code of Ethics is optional guidance. Correction: The Code of Ethics is mandatory under the IPPF. You must demonstrate understanding of its principles (integrity, objectivity, confidentiality, competency) and how they apply in practice, especially when facing ethical dilemmas.
Misconception: Audit evidence must be 100% conclusive. Correction: Audit evidence is persuasive, not conclusive. You need to gather sufficient and appropriate evidence to support your conclusions, but absolute certainty is not required. The EPA assessors look for reasoned judgment, not perfection.

Frequently Asked Questions

Common questions students ask about this topic

Before You Start

Prior knowledge that will help with this topic

•Level 4 Internal Audit Practice or equivalent knowledge of basic audit principles and techniques.
•Understanding of financial accounting and reporting (e.g., IFRS, UK GAAP) to evaluate financial controls.
•Risk management fundamentals, including risk identification, assessment, and mitigation strategies.

Key Terminology

Essential terms to know

IPPF Standards and Code of Ethics
Risk-based audit methodology
Governance and control frameworks
Assurance and consulting services
Professional scepticism and judgement
Stakeholder communication

Ready to learn?

AI-powered learning tailored to this unit

Level 7 - Internal Audit Professional - Core Content

Assessment criteria

Topic Overview

Key Concepts

Learning Objectives

Assessment Criteria

Assessment Guidance

Common Mistakes

Frequently Asked Questions

Before You Start

Key Terminology

Ready to learn?

Related Topics in CHARTERED INSTITUTE OF INTERNAL AUDITORS vocational Accounting & Finance

Level 4 Internal Audit Practitioner - Core Content