CICS Certification Exam General Framework



The Global Internal Control Professional Knowledge Base (CBOK) guides the certification program. CBOK was prepared by practitioner professionals in the internal control profession. The CBOK is being updated and developed in accordance with the developments in periodic applications, procedures and legislation.


Existing CBOK includes eight skill criteria. These constitute the general framework of the examination as a compulsory key activity to be understood and judged to pass the exam successfully



1. Internal Control - Principles, Terms and Concepts

It is imperative that people have knowledge about the principles of risk and control. Control concepts include control types, benefit / cost control, control responsibilities, the concept of plan-do-control-implement and the control responsibilities and standards set by the FASB, SEC, NY Stock Exchange, AICPA and other similar institutions.


2. Internal Control Environment

Values, policies, procedures and management leadership form the control environment to encourage people to report designing, evaluating, using, monitoring and control violations and assisting people in these matters.


3. Risk Management

Risk management includes understanding of the risk factors to be encountered in practice for operational, managerial, financial and legal matters, making preferences regarding risk factors, establishing risk policies and assigning risk responsibilities throughout the organization.


4. Evaluation of Application Controls

This includes the assessment of the adequacy of the control system in the process of reducing the risks of business applications to an acceptable level. Assessment should be a risk-focused, formal process.


5. Business System Controls Assessment

Business system controls represent a control system that will control a business application. Control system; Business risks and controls necessary to minimize these risks should include the reporting of inter-control relationships and control infringements to ensure control of overall business practice and the method of action to be taken when violations occur.


6. Risk Assessment

Comprehension of business risks that institutions face; Dominance of methods for determining the magnitude of these risks; The efficiency / value of the controls to be used to minimize these risks; Detection of where the most abuse of the abuser has leaked to their business systems involves the conduct of risk assessment to cover all business practices.


7. Internal Control Measurement and Reporting

This includes the methods used for the determination, recording and reporting of the results of internal control systems, including the status of control systems and reporting results. This area includes an understanding of the measurement of data used by employees, supervisory staff, operational managers, senior management and the board of directors. However, violations and misconduct also include the naming, identification, registration, protection and consoling processes to determine the problem that arises in the business application and / or control process. Error management reports are used to determine the size of control deficiencies and the points at which controls can be improved in the control system.


8. Governance Practices

It includes the involvement of the corporate community and community in the Professional Ethics Code, good corporate citizenship programs, corporate leadership programs, and methods to be used to develop and use the Professional Ethics Code in-house downwardly in the organization to ensure that codes of conduct and values ​​in an organization are part of daily operations.


+263 4 443124 / +263 772 675 810 / +263 732 469 893

© 2017 Internal Control Institute of Zimbabwe, Inc. All rights reserved.