Professional Documents
Culture Documents
CIA New Content2
CIA New Content2
CIA New Content2
Managementcontroltechniques Internalcontrolframeworkcharacteristics&use(e.g.COSO,Cadbury) Alternativecontrolframeworks Riskvocabularyandconcepts Fraudriskawareness 1.Typesoffraud 2.Fraudredflags DomainIII ConductingInternalAuditEngagements AuditTools&Techniques(2838%) A B C D E F DataGathering: 1.Reviewpriorauditreportsandotherrelevantdocumentationaspart ofapreliminarysurveyoftheengagementarea 2.Developchecklists/internalcontrolquestionnairesaspartofa preliminarysurveyoftheengagementarea 3.Conductinterviewsaspartofapreliminarysurveyoftheengagement area 4.Useobservationtogatherdata 5.Conductengagementtoassureidentificationofkeyrisks&controls 6.Usenonstatistical(judgmental)samplingmethod DataAnalysis&Interpretation: 1.Usecomputerizedaudittoolsandtechniques(e.g.,dataminingand extraction,continuousmonitoring) 2.Conductspreadsheetanalysis 3.Useanalyticalreviewtechniques(e.g.,ratioestimation,variance analysis,budgetvs.actual,trendanalysis,otherreasonablenesstests) 4.Drawconclusions DataReporting 1.Reporttestresultstoauditorincharge Documentation/WorkPapers 1Developworkpapers ProcessMapping Evaluaterelevance,sufficiency,&competenceofevidence 1.Identifypotentialsourcesofevidence
B C
P P
P P P P P P P P P
P P P P
DomainII A B C D
ManagingIndividualEngagements(4050%) PlanEngagements 1.Establishengagementobjectives/criteriaandfinalizethescopeofthe engagement 2.Planengagementtoassureidentificationofkeyrisks&controls 3.Completeadetailedriskassessmentofeachauditarea(prioritizeor evaluaterisk/controlfactors) 4.Determineengagementproceduresandprepareengagementwork program 5.Determinethelevelofstaffandresourcesneededforthe engagement 6.Constructauditstaffscheduleforeffectiveuseoftime SuperviseEngagement 1.Direct/superviseindividualengagements 2.Nurtureinstrumentalrelations,buildbonds,andworkwithothers towardsharedgoals 3.Coordinateworkassignmentsamongauditteammemberswhen servingastheauditorinchargeofaproject 4.Reviewworkpapers 5.Conductexitconference 6.Completeperformanceappraisalsofengagementstaff CommunicateEngagementResults 1.Initiatepreliminarycommunicationwithengagementclients 2.Communicateinterimprogress 3.Developrecommendationswhenappropriate 4.Preparereportorothercommunication 5.Approveengagementreport 6.Determinedistributionofthereport 7.Obtainmanagementresponsetothereport 8.Reportoutcomestoappropriateparties MonitorEngagementOutcomes 1.Identifyappropriatemethodtomonitorengagementoutcomes
2.Monitorengagementoutcomesandconductappropriatefollowup bytheinternalauditactivity 3.Conductfollowupandreportonmanagement'sresponsetointernal auditrecommendations 4.Reportsignificantauditissuestoseniormanagementandtheboard periodically DomainIII FraudRisksandControls(515%) A Considerthepotentialforfraudrisksandidentifycommontypesof fraudassociatedwiththeengagementareaduringtheengagement planningprocess
B C D E F G H
Determineiffraudrisksrequirespecialconsiderationwhenconducting anengagement Determineifanysuspectedfraudmeritsinvestigation Completeaprocessreviewtoimprovecontrolstopreventfraudand recommendchanges Employauditteststodetectfraud Supportacultureoffraudawarenessandencouragethereportingof improprieties Interrogation/investigativetechniques Forensicauditing
P P P P P A A
Part III - Internal Audit Knowledge Elements 100 Questions: 2 hours (120 minutes)
DomainI A B C Governance/BusinessEthics(515%) Corporate/organizationalgovernanceprinciples Environmentalandsocialsafeguards Corporatesocialresponsibility RiskManagement(1020%) Riskmanagementtechniques Organizationaluseofriskframeworks OrganizationalStructure/ BusinessProcesses&Risks(1525%) Risk/controlimplicationsofdifferentorganizationalstructures Structure(e.g.,centralized/decentralized) Typicalschemesinvariousbusinesscycles(e.g.,procurement,sales, knowledge,supplychainmanagement) Businessprocessanalysis(e.g.,workflowanalysisandbottleneck management,theoryofconstraints) Inventorymanagementtechniquesandconcepts Electronicfundstransfer(EFT)/Electronicdatainterchange(EDI) Businessdevelopmentlifecycles TheInternationalOrganizationforStandardization(ISO)framework Outsourcingbusinessprocesses Communication(510%) Communication(e.g.,theprocess,organizationaldynamics,impactof computerization) Stakeholderrelationships Management/LeadershipPrinciples(1020%) Levelof Difficulty A A A Levelof Difficulty A A Levelof Difficulty A A A A A A A A A Levelof Difficulty A A Levelof Difficulty
DomainII A B
DomainIII A B C D E F G H I
DomainIV A B
DomainV
A B
StrategicManagement 1.Forecasting 2.Qualitymanagement(e.g.,TQM,Sixsigma) 3.Decisionanalysis OrganizationalBehavior 1.OrganizationalTheory 2.Organizationalbehavior(e.g.,motivation,impactofjobdesign, rewards,schedules) 3.Groupdynamics(e.g.,traits,developmentstages,organizational politics,effectiveness) 4.Knowledgeofhumanresourceprocesses(e.g.,individual performancemanagement,supervision,personnelsourcing/staffing, staffdevelopment) 4.Risk/controlimplicationsofdifferentleadershipstyles ManagementSkills 1.Lead,inspire,andguidepeople,buildingorganizationalcommitment andentrepreneurialorientation 2.Creategroupsynergyinpursuingcollectivegoals ConflictManagement 1.Conflictresolution(e.g.,competitive,cooperative,andcompromise) 2.Negotiationskills 3.Conflictmanagement 4.Addedvaluenegotiating ProjectManagement/ChangeManagement 1.Changemanagement 2.Projectmanagementtechniques IT/BusinessContinuity(1525%) Security 1.Systemsecurity(e.g.,firewalls,accesscontrol) 2.Informationprotection(e.g.,viruses,privacy) 3.Applicationauthentication 4.Encryption ApplicationDevelopment 1.Endusercomputing 2.Changecontrol 3.Systemsdevelopmentmethodology 4.Applicationdevelopment 5.Informationsystemsdevelopment SystemInfrastructure 1.Workstations
A A A A A A A
C D E
A A A A A A A A A Levelof Difficulty A A A A A A A A A A
DomainVI A B C
2.Databases 3.ITcontrolframeworks(e.g.,eSAC,COBIT) 4.FunctionalareasofIToperations(e.g.,datacenteroperations) 4.Enterprisewideresourceplanning(ERP)software(e.g.,SAPR/3) 5.Dataandnetworkcommunications/connections(e.g.,LAN,VAN,and WAN) 6.Server 7.Softwarelicensing 8.Mainframe 9.Operatingsystems BusinessContinuity 1.ITcontingencyplanning FinancialManagement(1323%) FinancialAccounting&Finance 1.Basicconceptsandunderlyingprinciplesoffinancialaccounting(e.g., statements,terminology,relationships) 2.Intermediateconceptsoffinancialaccounting(e.g.,bonds,leases, pensions,intangibleassets,R&D) 3.Advancedconceptsoffinancialaccounting(e.g.,consolidation, partnerships,foreigncurrencytransactions) 4.Financialstatementanalysis(e.g.,ratios) 5.Typesofdebtandequity 6.Financialinstruments(e.g.,derivatives) 7.Cashmanagement(e.g.,treasuryfunctions) 8.Valuationmodels 9.Businessvaluation 10.Inventoryvaluation 11.Capitalbudgeting(e.g.,costofcapitalevaluation) 12.Taxationschemes(e.g.,taxshelters,VAT) ManagerialAccounting 1.Managerialaccounting:generalconcepts 2.Costingsystems(e.g.,activitybased,standard) 3.Costconcepts(e.g.,absorption,variable,fixed) 4.Relevantcost 5.Costvolumeprofitanalysis 6.Transferpricing 7.Responsibilityaccounting 8.Operatingbudget GlobalBusinessEnvironment(010%)
DomainVII A B
DomainVIII
A B C D
A A A A