The IIA should abandon the NASBA learning model for Continuing Professional Education (CPE)

Part 1 in a series on the future of Continuing Professional Education for auditors.

---

Bottom line up front (BLUF): The National Association of State Boards of Accountancy (NASBA) learning model is outdated and no longer meets the dynamic needs of the Internal Audit profession. With the January 2024 release of the new Internal Audit Standards, I am concluding that not enough consideration was given to the professional development of auditors.

---

Preamble: If you haven’t listened to my Audit15fun podcast appearance, where I attempt to defend the existing continuing professional development framework, then you’re really missing out! Let me know if you think I won or lost the debate! Joking aside, it actually sets the stage for this new analysis. With this post, I’ll be critiquing the current continuing professional education (CPE) program used by the Institute of Internal Auditors (IIA). Yes, I’ll also propose ideas for one possible way forward in subsequent posts.

Audit Ri.sk is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

---

Introduction

The IIA has long adopted the NASBA learning model for its continuing professional education (CPE). This model has served the IIA well for many years. However, recent developments and shifts in the learning environment suggest that it may be time for the IIA to reconsider this approach and explore other educational models that could better serve their members.Before we get started, let’s review the NASBA program levels as a refresher.

NASBA Program Levels

Below is a summary with the official link (here).

The National Association of State Boards of Accountancy (NASBA) specifies five program knowledge levels for continuing professional education (CPE) programs. These levels are:

1. Basic: Most beneficial to CPAs new to a skill or an attribute. It is suitable for individuals at the staff or entry level in organizations, although seasoned professionals with limited exposure to the area may also benefit.
2. Intermediate: This level builds on a basic program and is most appropriate for CPAs with detailed knowledge in an area. Individuals at a mid-level within the organization, with operational or supervisory responsibilities, or both, may find this level suitable.
3. Advanced: This level is often appropriate for seasoned professionals within organizations and is designed for individuals with specialized knowledge in the subject area.
4. Update: Provides a general review of new developments and is for participants with a background in the subject area who desire to keep current.
5. Overview: Provides a general review of a subject area from a broad perspective and may be appropriate for professionals at all organizational levels

My initial thoughts…

I don’t know how the IIA came to originally peg the learning requirements to the NASBA learning framework. The “new Standards” maintain this status quo. The Requirements of Standard 3.2 Continuing Professional Development read as follows.

Internal auditors must maintain and continually develop their competencies to improve the effectiveness and quality of internal audit services. Internal auditors must pursue continuing professional development including education and training. Practicing internal auditors who have attained professional internal audit certifications must follow the continuing professional education policies and fulfill the requirements applicable to their certifications. Source: IIA Global Internal Audit Standards

The ‘Considerations for Implementation’ section goes into more detail by providing additional context. The Global Internal Audit Standards doesn’t mention NASBA explicitly or their framework. As the IIA doesn’t refer to the NASBA framework as part of the Standards, I won’t either. Perhaps we can call it the “NASBA benchmark” or some other crowdsourced name. All that to say, we auditors continue to be connected to NASBA after the release of the new Standards.

Case In Point

Let’s take a look at a random on-demand course offered by the IIA (link). Note: this is not a product endorsement. It’s merely a quick review of the CPE course details associated with this particular course.

The NASA Program details are front and center. If you are a Certified Public Accountant (CPA), the NASBA classifications are not new. If you are not a CPA then the classifications may sound cryptic to you. I’m not a CPA, but I’ve been in the audit industry for a while. You do eventually learn them, but is it cryptic? Yes!

If you scroll all of the way down to the bottom of the course details, you’ll see the IIA Topic and Competencies for the course.

I’m an auditor, but am not a CPA. Reviewing the IIA Competencies section has more relevance to me. Demonstrating the audit ‘Competencies’ is a requirement for the practice of internal auditing. There is an official logo. Here it is.

The COSO Enterprise Risk Management Certificate provides CPE credit towards the Performance competency. There is no mention of the applicable knowledge area(s) however. Yes! There are knowledge areas within each competency! The image below is the high level list, but there is a detailed list as well.

I’ve never taken this course, so am unsure of all of the applicable knowledge areas. Perhaps the course details could be updated as follows.

IIA Competencies: Performance – Risk Management, Internal Control

Training providers creating courses for the continuing professional development of auditors should align their materials to the IIA Competencies. This includes the IIA! Moving the competencies to the top of the course summary section would be a great way to create greater awareness of the competency knowledge areas. With these two changes, an internal auditor can quickly asses the knowledge areas a course addresses.

I think there are opportunities to improve the IIA Competencies as it relates to skills development, but will reserve that for a future post. At the very least, the audit profession should promote the IIA Competencies. Some people use the phrase “eating your own dog food”. I prefer the phrase “drinking your own champagne”. À votre santé (translation: To your health…)

NASBA framework requirements

Ok, “abandon” is too strong of a word. I’m not suggesting the removal of the NASBA framework: Knowledge Level, Delivery Method, Field of Study. I know displaying them is a requirement for all NASBA accredited training providers, including the IIA. I’m merely suggesting promoting the IIA Competencies prominently (thereby de-emphasizing the NASBA framework). Leading with a “NASBA first” approach for continuing professional development has downsides, which we will explore next.

Limitations of the NASBA Model

The NASBA model, while reputable and widely used, has certain limitations that are becoming increasingly apparent. It operates on a credit-hour system, meaning that the value of the education is measured by the amount of time spent in a learning activity. This system, while straightforward, does not necessarily promote the most effective or efficient learning. It encourages participants to focus on accumulating hours rather than truly understanding and applying the material.

Further, the program levels (Basic, Intermediate, Advanced, Update, Overview) may sounds simplistic and straightforward. Simplicity is valuable. We should all try to remove complexity from our lives, but there are trade offs that must be considered.

Here’s a quick critical analysis highlighting some assumptions and biases:

1. Basic:
   • Strength: Tailored for beginners to ensure a solid foundation for individuals new to a skill or attribute.
   • Weakness: Can oversimplify certain topics, potentially limiting the depth of understanding for more experienced professionals.
   • Biases:
     • Experience Bias: Assumes that all beginners are at a similar starting point, potentially neglecting the varied experiences and prior knowledge of participants.
     • Assumption of Homogeneity: Assumes that all beginners have similar learning needs, potentially overlooking the diversity in learning preferences and backgrounds.
2. Intermediate:
   • Strength: Addresses the needs with detailed knowledge, offering a level of complexity suitable for those with mid-level responsibilities.
   • Weakness: Might assume a certain level of prior knowledge, potentially excluding individuals who fall between basic and intermediate competency levels.
   • Biases:
     • Linear Progression Bias: Assumes a linear progression from Basic to Advanced, potentially neglecting the diverse and nonlinear nature of professional development.
     • Expertise Bias: Implicitly assumes that detailed knowledge equates to a certain level of expertise, potentially overlooking the value of a broad skill set.
3. Advanced:
   • Strength: Targets seasoned professionals with specialized knowledge, acknowledging the expertise required for individuals in expert roles.
   • Weakness: May pose challenges for individuals transitioning from intermediate to advanced levels, potentially creating a gap in skill development.
   • Biases:
     • Specialization Bias: Implicitly values specialization over a broad skill set, potentially overlooking the importance of professionals with diverse expertise.
     • Seniority Bias: Assumes that only seasoned professionals require advanced knowledge, potentially neglecting the learning needs of younger professionals with advanced capabilities.
4. Update:
   • Strength: Focuses on keeping participants current with new developments, demonstrating a commitment to ongoing learning.
   • Weakness: May not be suitable for those without a background in the subject area, potentially excluding individuals seeking a comprehensive introduction to new topics.
   • Biases:
     • Assumed Background Bias: Assumes all participants have a background in the subject area, potentially neglecting those entering a new field or transitioning from related disciplines.
     • Timeliness Bias: Emphasizes the importance of current developments, potentially undervaluing foundational knowledge and timeless principles.
5. Overview:
   • Strength: Provides a broad perspective suitable for professionals at all organizational levels, offering a comprehensive review of a subject area.
   • Weakness: Lack the depth required by more experienced professionals, leading to oversimplification. Taking too many overview level courses may lead to superficial understanding on topics.
   • Biases:
     • Homogeneity Bias: Assumes that professionals at all organizational levels have similar learning needs, potentially overlooking the diverse experiences and knowledge levels.
     • Experience Bias: Assumes that professionals with varying levels of experience will equally benefit from the same overview, potentially neglecting the different learning requirements of beginners and experienced professionals.

It’s true. The NASBA program levels provide a structured framework, but I believe there are too many areas where it falls short in meeting the developmental goals of the audit industry. This is a non-exhaustive list of shortcomings:

1. Rigidity: The dynamic needs of the audit profession has outgrown the simplicity offered by the tiered NASBA structure. A more adaptive approach, capable of swift adjustment to emerging trends and technologies, would better meet the needs of the industry. I think the IIA Competencies are more flexible. Has a new knowledge area gained prominence? Add it to the applicable competency, and there you go!
2. Limited Practical Application: Completing Basic, Intermediate, Advanced courses doesn’t lead to practical application. Extensive use of real-world scenarios and case studies is a better indicator of success for auditors to seamlessly translate theoretical knowledge into effective practice.
3. Lack of Interdisciplinary Approach: Auditors today often need interdisciplinary skills. The NASBA levels, while focused on accounting and auditing, could benefit from integrating elements of data analytics, technology, and risk management to address the holistic skill set required in the contemporary audit landscape.
4. Limited Focus on Soft Skills: Effective communication, critical thinking, and problem-solving are crucial for auditors. The NASBA levels could enhance their impact by explicitly incorporating and assessing these soft skills essential for success in the field. Thankfully, the IIA emphasizes the development of soft skills through the “Leadership and Communication” Performance competency.
5. Assessment Methods: The effectiveness of the NASBA program heavily relies on the appropriateness of assessment methods. If assessments do not align with real-world audit challenges or lack authenticity, they may not adequately measure the practical competence of auditors. There is NO Assurance of learning! More on this in a future post.

NASBA could enhance the framework by addressing these shortcomings. Realistically, this is not likely to happen in the time frame we needed, hence the call for the IIA to deviate from the NASBA framework. I’m advocating that IIA emphasize the Competencies instead. Doing so should cater to the dynamic nature of the audit industry and meet the multifaceted educational goals sought by professionals and employers. There are other educational challenges that the NASBA framework doesn’t address.

Shift Towards Outcome-Based Learning

There is a growing trend in professional education towards outcome-based learning. This approach focuses on the learner’s achievement of specific competencies or skills, rather than the amount of time spent learning. For internal auditors, who operate in a rapidly changing and increasingly complex environment, this approach could offer a more relevant and practical education. It would encourage auditors to focus on developing the specific skills and knowledge they need to excel in their work.

The Need for Customizable Learning Paths

In today’s diverse and dynamic professional landscape, there is a growing need for customizable learning paths that reflect individual learners’ unique needs and goals. A more flexible model could allow auditors to tailor their continuing education to their specific career paths, industry sectors, or areas of interest, which could greatly enhance the value and relevance of their learning.

Conclusion

While the NASBA model has served the IIA and its members well in the past, it may no longer be the best fit for the current learning landscape. The limitations of the credit-hour system, the shift towards outcome-based learning, and the need for customizable learning paths all suggest that it’s time for the IIA to explore other educational models. By doing so, the IIA could better support its members in their continuing professional education and growth, ultimately enhancing the profession of internal auditing as a whole. We will explore a path forward in future posts.