CCSA Fundamentals

Domain I: CSA Fundamentals (5-10%)

(P) = Candidates must exhibit proficiency (thorough understanding; ability to apply concepts) in these topic areas.

(A) = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these topic areas.

A. Code of Ethics (P) 

B. Ownership and accountability for control (P)

C. Reliance on operational expertise (P)

D. Comparison to traditional techniques of risk and control evaluation (P)

E. Control awareness and education (P)

F. Cooperation, participation, and partnership (P)

Domain II: CSA Program Integration (15-25%)

(P) = Candidates must exhibit proficiency (thorough understanding; ability to apply concepts) in these topic areas.

(A) = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these topic areas.

A. Alternative approaches to CSA (A)

B. Supporting technology alternatives (A)

1. Database
2. Electronic voting
3. Presentation software and hardware
4. Project management software

C. Cost/benefit analysis for implementation of the CSA process (A)

D. Organizational theory and behavior (A)

1. Structure
2. Philosophy
3. Culture
4. Management style
5. Governance

E. Strategic and operational planning processes (A)

F. Change management and business process reengineering (A)

G. Presentation techniques for successful integration (A)

H. Organizational risk and control processes (A)

1. Quality management
2. Risk management
3. Safety audits
4. Environmental audits
5. Internal and external audit

I. Client feedback mechanisms (e.g., interviews, surveys) (A)

J. Strategic CSA program planning methodologies or techniques, including resource allocation (A)

Domain III: Elements of the CSA Process (15-25%)

(P) = Candidates must exhibit proficiency (thorough understanding; ability to apply concepts) in these topic areas.

(A) = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these topic areas.

A. Management's priorities and concerns (P)

B. Project and logistics management (P)

C. Business objectives, processes, challenges, and threats for the area under review (P)

D. Resource identification and allocation (A)

1. Participants
2. CSA team

E. Culture of area under review (P)

F. Question development techniques (P)

G. Technology supporting the CSA process (P)

H. Facilitation techniques and tools (P)

I. Group dynamics (P)

J. Fraud awareness (A)

1. Red flags/symptoms of fraud
2. Communication and investigation channels
3. Responding to evidence

K. Evaluation/analytical tools and techniques (trend analysis, data synthesis, scenarios) (A)

L. Formulating recommendations or action plans (practical, feasible, cost-effective) (P)

M. Nature of evidence (sufficiency, relevance, adequacy) (A)

N. Reporting techniques and considerations (types, audience, sensitive issues, access to information) (P)

O. Motivational techniques (creating support and commitment for recommendations) (A)

P. Monitoring, tracking, and follow-up techniques (A)

Q. Awareness of legal, regulatory, and ethical considerations (A)

R. Measuring CSA program effectiveness (A)

Domain IV: Business Objectives and Organizational Performance (10-15%)

(P) = Candidates must exhibit proficiency (thorough understanding; ability to apply concepts) in these topic areas.

(A) = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these topic areas.

A. Strategic and operational planning processes (A)

B. Objective setting, including alignment to the organization's mission and values (P)

C. Performance measures (P)

1. Financial
2. Operational
3. Qualitative

D. Performance management (P)

1. Aligning individual, group, and organizational objectives/goals
2. Designing congruent incentives

E. Data collection and validation techniques (e.g., benchmarking, auditing, consensus testing, etc.) (A)

Domain V: Risk Identification and Assessment (15-20%)

(P) = Candidates must exhibit proficiency (thorough understanding; ability to apply concepts) in these topic areas.

(A) = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these topic areas.

A. Risk Theory (P)

1. Defining risk
2. Relationship of risk to strategic, operational, or process objectives
3. Risk tolerance, residual risk, and exposure
4. Impact assessment

B. Risk models/frameworks (including COSO's Enterprise Risk Management/Integrated Framework) (P)

C. Understanding the risks inherent in common business processes (P)

D. Application of risk identification and assessment techniques (P)

E. Risk management techniques/cost-benefit analysis (P)

1. Transfer, manage, or accept
2. Impact/cost-benefit analysis

F. Using CSA in enterprise risk management (P) 

Domain VI: Control Theory and Application (20-25%)

(P) = Candidates must exhibit proficiency (thorough understanding; ability to apply concepts) in these topic areas.

(A) = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these topic areas.

A. Corporate governance, control theory, and models (P)

1. Accountability and responsibility for control
2. Defining control
3. Relationship between risk, control, and objectives

B. Methods for judging and communicating the overall effectiveness of the system of internal control (P)

1. Using CSA to support management's assertion on controls

C. Relationship between informal and formal controls (P)

D. Techniques for evaluating formal controls (manual or automated) (P)

E. Techniques for evaluating informal controls/control environment (P)

F. Control documentation techniques (P)

1. Flowcharting
2. Business process mapping
3. Control charts
4. Control questionnaires
5. Internal Control over financial reporting

G. Control design and application (P)

1. Defining control objectives
2. Control design (e.g., preventive, detective, corrective; informal, formal)
3. Cost/benefits

H. Techniques for determining control track record for the organization (e.g., reviews, audits, other assessments) (A)