November 12, 2018

Government Auditors Say the Institute of Internal Auditors Is Making a ‘Big Mistake’ By Phasing Out the CGAP Credential

The Certified Government Auditing Professional (CGAP) is one of three specialty certifications that are being phased out by the Institute of Internal Auditors (IIA)—and several government auditors who hold the CGAP aren’t very happy about it.

“I’m disappointed but not surprised by the IIA’s short-sighted decision to phase out new applications to the CGAP,” Chris Horton, PhD, CIA, CGAP, CCSA, CRMA, county auditor for Arlington County, Va., told Going Concern. “I’m disappointed because having the premier global audit association elevate the craft of government auditing through an exam-based certification helps all government auditors better tell the story of our value to our organizations and communities. However, I’m not surprised either, as my experience in the IIA has shown that government auditors are generally not seen as critical stakeholders for the IIA.”

A chief audit executive, who holds the CGAP and Certified Internal Auditor (CIA) credentials, told Going Concern that the IIA’s decision is a “big mistake because government auditors play a major role as the eyes and ears of taxpayers.”

“My CIA certificate shows that I understand auditing, but the [CGAP] certification shows that I understand the role of a government auditor,” said the chief audit executive, who wanted to remain anonymous. “Government auditors play a large role today and face many things that a corporate auditor does not face on a day-to-day basis. This certification provides credibility.”

CGAP transitioning to assessment-based certificate

The CGAP, along with the Certified Financial Services Auditor (CFSA) and Certification in Control Self-Assessment (CCSA) credentials, are being “repositioned” so the IIA can shine a brighter light on its core CIA certification.

That means the CGAP and the CFSA are transitioning from exam-based certifications to assessment-based certificates. According to a FAQ about the CGAP, CFSA, and CCSA transition, an assessment-based certificate program includes the following pieces:

  • A curriculum;
  • A course of instruction based on the curriculum, which could be offered by IIA Global or IIA affiliates;
  • An exam based on the curriculum, to assess participants’ achievement; and
  • A certificate awarded only to those who pass the exam.

By comparison, the CGAP exam included 115 multiple-choice questions, covered four domains, and required a completion time of two hours and fifty-five minutes. The four domains included:

  1. Standards, Governance, and Risk/Control Frameworks (10 to 20%)
  2. Government Auditing Practice (35 to 45%)
  3. Government Auditing Skills and Techniques (20 to 25%)
  4. Government Auditing Environment (20 to 25%)

IIA President and CEO Richard Chambers said in a press release that internal audit practitioners “must master specialized competencies within specific industries and lines of business, and be able to tackle a dizzying array of emerging risks. Assessment-based certificates will be an effective way to obtain the necessary education and training.”

And because internal control is becoming a significant part of risk management, the CCSA program will be integrated into the Certification in Risk Management Assurance (CRMA) through the next CRMA exam update, according to the IIA.

During this transition, the IIA is emphasizing that the CGAP, CFSA, and CCSA certifications will remain valid and continue to be recognized by the IIA. Those who currently hold the specialty certifications “may continue using the designation as long as they meet CPE requirements,” according to the IIA. But the IIA added that it will no longer accept new CGAP, CFSA, and CCSA certification applications after Dec. 31, 2018.

CIA “challenge exam”

As of June 30, 2018, there were 47,434 CIAs in the United States, according to data provided to Going Concern by the IIA. There were 2,241 practitioners who hold the CGAP, 4,245 who hold the CFSA, and 1,591 who hold the CCSA—but many of these professionals are not CIAs. Therefore, starting in 2019, the IIA will be offering a 150-question “challenge exam” to active CGAP, CFSA, and CCSA holders who want to obtain the CIA.

Jennifer Ruttman, CPA, CFE, CGAP, city auditor for the city of Mesa, Ariz., doesn’t think the IIA has provided enough information on how the proposed assessment-based certificate program compares to the current program.

“To earn my CGAP designation in 2014, I took a four-part review course, I studied the curriculum, and I passed an extensive formal examination. That sounds exactly like the new program they describe in their FAQ document,” Ruttman told Going Concern. “The bottom line is, if they are completely phasing out the CGAP designation, allowing me to keep mine is of little value to me or anyone else. I also find it very disappointing that the IIA has not more proactively communicated this to those of us who hold the certifications.”

She chose to pursue the CGAP because she works for a government entity and has spent her entire career as a government auditor.

“I thought it was more relevant to me and my employer than the CIA. The CIA is a respected credential, but I have found it to be primarily associated with the private sector,” Ruttman said. “For me, the CGAP demonstrates a commitment to excellence in the government auditing field, and it tells the people I work for—elected officials and citizens—that I have the support of the profession behind me. That means something to them because they don’t necessarily understand exactly what we do.”

An audit manager, who asked to remain anonymous, told Going Concern that the CGAP “is a necessary distinction” for government auditors.

“Having worked in a government audit shop for most of my career and also having some experience in an audit shop in the banking field, I have found that the distinction is representative of my commitment to public service auditing and allows me to be recognized as being knowledgeable in government audit,” she said. “I also hold a CIA and have concerns that the once four-part exam is now being reduced to one 150-question challenge exam. That means the requisite knowledge required for the CIA designation is being greatly reduced.”

An internal audit director, who wanted to remain anonymous, said having the CGAP helped him earn at least three promotions in the government audit profession.

“The best thing about being a CGAP is the validation to others that I’m considered an expert in government auditing and it lends more credit to my work,” he told Going Concern. He added that the IIA’s decision to phase out the CGAP “denigrates the importance of the certification.”

IIA responds to criticism

When asked by Going Concern to respond to government auditors’ concerns about the CGAP being repositioned, Chambers said in an email:

“I understand the views of those Certified Government Audit Professionals (CGAPs) who may have concerns about the transition. I have been a CGAP myself for more than 15 years. But I am confident that the CGAP will remain a credible and important credential for those of us who hold it for many years to come. The IIA Board of Directors carefully reviewed results of a global market study and the recommendations of a global task force of volunteer leaders before making the decision regarding the CGAP. The fact that current CGAPs are being afforded the opportunity to acquire the Certified Internal Auditor (CIA) through a ‘challenge exam’ is a reflection of the in-depth knowledge already acquired in successfully earning the CGAP designation. It acknowledges the time and effort practitioners spent obtaining the certification.”

The Accounting News Roundup newsletter is back! Every Friday you’ll get a recap of recent content posted on Going Concern, On This Date in Going Concern History, list of hot remote and hybrid accounting jobs, and more. Sign up here today.

Image: iStock/iammotos

Related articles

Add Another Hoop to the Audit Process

signature.jpgIn a move that probably just adds one more annoying hoop to jump through for auditors, audit engagements will now go through quality review with adoption of AS No. 7, Engagement Quality Review (EQR).
According to the press release, “The EQR standard provides a framework for the engagement quality reviewer to objectively evaluate the significant judgments made and related conclusions reached by the engagement team in forming an overall conclusion about the engagement.”
We’re hoping the engagement quality reviewers will be given free range to document their “overall conclusions” as they wish. Some that we would suggest: “You call yourselves auditors?“, “I’m recommending that the PCAOB inspect this engagement” or “What in God’s holy name are you blathering about?“. It would be a shame for the firms to institute a check-the-box method that would compromise artistic integrity.
In other PCAOB news, the Board is asking for comments on its Concept Release “to consider the effects of a potential requirement for the engagement partner to sign the audit report.” We speculated last week that signatures in blood or dog excrement might be appropriate in many cases but if you’ve got other ideas, you’ve got 45 days to give them better suggestions.
Press Release [PCAOBUS.org]