Add to collection(s) Add to saved
  1. Business
  2. Management

table of contents - The Institute of Internal Auditors

TABLE OF CONTENTS
Preface
Acknowledgments
About the Authors
Book design by Rule and Renco, www.ruleandrenco.com
Illustration by Linda Frichtel
Copyright © 2009 by The Institute of Internal Auditors Research Foundation (IIARF), 247 Maitland
Avenue, Altamonte Springs, Florida 32701-4201. All rights reserved. Printed in the United States of
America. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in
any form by any means — electronic, mechanical, photocopying, recording, or otherwise — without
prior written permission of the publisher.
The IIARF publishes this document for informational and educational purposes. This document is
intended to provide information, but is not a substitute for legal or accounting advice. The IIARF does
not provide such advice and makes no warranty as to any legal or accounting results through its
publication of this document. When legal or accounting issues arise, professional assistance should
be sought and retained.
The Institute of Internal Auditors’ (IIA’s) International Professional Practices Framework (IPPF) comprises the full range of existing and developing practice guidance for the profession. The IPPF provides
guidance to internal auditors globally and paves the way to world-class internal auditing.
The mission of The IIARF is to expand knowledge and understanding of internal auditing by providing relevant research and educational products to advance the profession globally.
The IIA and The IIARF work in partnership with researchers from around the globe who conduct valuable studies on critical issues affecting today’s business world. Much of the content presented in their
final reports is a result of IIARF-funded research and prepared as a service to The Foundation and the
internal audit profession. Expressed opinions, interpretations, or points of view represent a consensus
of the researchers and do not necessarily reflect or represent the official position or policies of The IIA
or The IIARF.
FUNDAMENTAL INTERNAL AUDIT CONCEPTS
Chapter 1 Introduction to Internal Auditing
Learning Objectives
Definition of Internal Auditing
The Relationship Between Auditing and Accounting
Financial Reporting Assurance Services:
External Versus Internal 1-7
The Internal Audit Profession
The Institute of Internal Auditors
Competencies Needed to Excel as an Internal Auditor
Internal Audit Career Paths
Summary
Review Questions
Multiple-choice Questions
Discussion Questions
Case
References
Chapter 2 The International Professional Practices Framework: Authoritative Guidance for the Internal Audit Profession 2-1
Learning Objectives
The History of Guidance Setting for the Internal Audit Profession
The International Professional Practices Framework
1-1
1-1
1-2
1-7
1-8
1-11
1-14
1-18
1-20
1-21
1-22
1-23
1-24
1-25
ISBN 978-0-89413-643-6
09/09
First Printing
2-1
Internal Auditing: Assurance and Consulting Services, 2nd Edition
Copyright 2009, The IIA Research Foundation
2-4
2-2
Mandatory Guidance
2-5
Strongly Recommended Guidance
How the International Professional Practices Framework is Kept Current 2-25
Standards Promulgated by Other Organizations
Summary
Review Questions
Multiple-choice Questions
Discussion Questions
Cases
References
2-23
2-28
2-31
2-32
2-32
2-35
2-36
2-40
Chapter 3 Governance
3-1
Learning Objectives
Governance Concepts
The Evolution of Governance
Summary
Appendix 3-A: Summary of Key U.S. Regulations
Appendix 3-B: Summary of Governance and
Risk Management Codes From Other Countries
Appendix 3-C: Other Governance References
Review Questions
Multiple-choice Questions
Discussion Questions
Cases
References
3-1
3-2
3-14
3-17
3-18
3-20
3-24
3-26
The Impact of ERM on Internal Audit Assurance
4-19
Summary
Review Questions
Multiple-choice Questions
Discussion Questions
Cases
References
Chapter 5 Business Processes and Risks
Learning Objectives
Business Processes
Documenting Business Processes
Business Risks
Business Process Outsourcing
Summary
Appendix 5-A: Student Organization Risk Assessment Example
Review Questions
Multiple-choice Questions
Discussion Questions
Cases
References
Chapter 6 Internal Control
Learning Objectives
Frameworks
Definition of Internal Control
4-21
4-22
4-22
4-25
4-26
4-27
5-1
5-1
5-2
5-8
5-9
5-23
5-25
5-29
5-29
5-32
5-33
5-37
3-26
3-27
3-29
3-30
6-1
6-1
6-2
6-9
Chapter 4 Risk Management
4-1
The Components of Internal Control
Learning Objectives
4-1
Internal Control Roles and Responsibilities
Overview of Risk Management
Limitations of Internal Control
The Role of the Internal Audit Function in ERM
Viewing Internal Control from Different Perspectives
4-2
4-16
Internal Auditing: Assurance and Consulting Services, 2nd Edition
Copyright 2009, The IIA Research Foundation
6-10
6-16
6-18
6-21
5-26
Mandatory Guidance
2-5
Strongly Recommended Guidance
How the International Professional Practices Framework is Kept Current 2-25
Standards Promulgated by Other Organizations
Summary
Review Questions
Multiple-choice Questions
Discussion Questions
Cases
References
2-23
2-28
2-31
2-32
2-32
2-35
2-36
2-40
Chapter 3 Governance
3-1
Learning Objectives
Governance Concepts
The Evolution of Governance
Summary
Appendix 3-A: Summary of Key U.S. Regulations
Appendix 3-B: Summary of Governance and
Risk Management Codes From Other Countries
Appendix 3-C: Other Governance References
Review Questions
Multiple-choice Questions
Discussion Questions
Cases
References
3-1
3-2
3-14
3-17
3-18
3-20
3-24
3-26
The Impact of ERM on Internal Audit Assurance
4-19
Summary
Review Questions
Multiple-choice Questions
Discussion Questions
Cases
References
Chapter 5 Business Processes and Risks
Learning Objectives
Business Processes
Documenting Business Processes
Business Risks
Business Process Outsourcing
Summary
Appendix 5-A: Student Organization Risk Assessment Example
Review Questions
Multiple-choice Questions
Discussion Questions
Cases
References
Chapter 6 Internal Control
Learning Objectives
Frameworks
Definition of Internal Control
4-21
4-22
4-22
4-25
4-26
4-27
5-1
5-1
5-2
5-8
5-9
5-23
5-25
5-29
5-29
5-32
5-33
5-37
3-26
3-27
3-29
3-30
6-1
6-1
6-2
6-9
Chapter 4 Risk Management
4-1
The Components of Internal Control
Learning Objectives
4-1
Internal Control Roles and Responsibilities
Overview of Risk Management
Limitations of Internal Control
The Role of the Internal Audit Function in ERM
Viewing Internal Control from Different Perspectives
4-2
4-16
6-10
6-16
6-18
Internal Auditing: Assurance and Consulting Services, 2nd Edition
Copyright 2009, The IIA Research Foundation
6-21
5-26
1.
Types of Controls
6-22
Evaluating the System of Internal Controls – An Overview
Summary
Review Questions
Multiple-choice Questions
Discussion Questions
Case
References
6-28
6-29
6-29
6-31
6-33
6-34
Chapter 7 Information Technology Risks and Controls
7-1
Learning Objectives
Key Components of Modern Information Systems
IT Opportunities and Risks
IT Governance
IT Risk Management
IT Controls
Implications of IT for Internal Auditors
Sources of IT Audit Guidance
Summary
Review Questions
Multiple-choice Questions
Discussion Questions
Case
References
7-1
7-7
7-9
7-3
6-26
Key Principles for Managing Fraud Risk
8-12
Governance Over the Fraud Risk Management Program
Fraud Risk Assessment
Fraud Prevention
Fraud Detection
Fraud Investigation and Corrective Action
Understanding Fraudsters
Implications for Internal Auditors and Others
Summary
Review Questions
Multiple-choice Questions
Discussion Questions
Cases
References
Chapter 9 Managing the Internal Audit Function
Learning Objectives
Positioning the Internal Audit Function in the Organization
Planning
Communication and Approval
Resource Management
9-9
Policies and Procedures
9-13
Coordination with Independent Outside Auditors
Reporting to the Board and Senior Management
Governance
Risk Management
Control
Quality Assurance and Improvement Program (Quality Program Assessments) 9-20
Performance Measurements for the Internal Audit Function
Use of Technology to Support the Internal Audit Process
8-15
8-18
8-22
8-24
8-26
8-28
8-30
8-34
8-35
8-35
8-38
8-40
8-43
7-10
7-12
7-17
7-20
7-21
7-23
7-24
7-25
7-28
7-30
Chapter 8 Fraud Risks and Controls
8-1
Learning Objectives
Overview of Fraud in Today’s Business World
Definitions of Fraud
The Fraud Triangle
8-1
8-2
8-5
8-9
Internal Auditing: Assurance and Consulting Services, 2nd Edition
Copyright 2009, The IIA Research Foundation
9-1
9-1
9-3
9-7
9-9
9-13
9-14
9-16
9-17
9-19
9-22
9-24
1.
Types of Controls
6-22
Evaluating the System of Internal Controls – An Overview
Summary
Review Questions
Multiple-choice Questions
Discussion Questions
Case
References
6-28
6-29
6-29
6-31
6-33
6-34
Chapter 7 Information Technology Risks and Controls
7-1
Learning Objectives
Key Components of Modern Information Systems
IT Opportunities and Risks
IT Governance
IT Risk Management
IT Controls
Implications of IT for Internal Auditors
Sources of IT Audit Guidance
Summary
Review Questions
Multiple-choice Questions
Discussion Questions
Case
References
7-1
7-7
7-9
7-3
6-26
Key Principles for Managing Fraud Risk
8-12
Governance Over the Fraud Risk Management Program
Fraud Risk Assessment
Fraud Prevention
Fraud Detection
Fraud Investigation and Corrective Action
Understanding Fraudsters
Implications for Internal Auditors and Others
Summary
Review Questions
Multiple-choice Questions
Discussion Questions
Cases
References
Chapter 9 Managing the Internal Audit Function
Learning Objectives
Positioning the Internal Audit Function in the Organization
Planning
Communication and Approval
Resource Management
9-9
Policies and Procedures
9-13
Coordination with Independent Outside Auditors
Reporting to the Board and Senior Management
Governance
Risk Management
Control
Quality Assurance and Improvement Program (Quality Program Assessments) 9-20
Performance Measurements for the Internal Audit Function
Use of Technology to Support the Internal Audit Process
8-15
8-18
8-22
8-24
8-26
8-28
8-30
8-34
8-35
8-35
8-38
8-40
8-43
7-10
7-12
7-17
7-20
7-21
7-23
7-24
7-25
7-28
7-30
Chapter 8 Fraud Risks and Controls
8-1
Learning Objectives
Overview of Fraud in Today’s Business World
Definitions of Fraud
The Fraud Triangle
8-1
8-5
8-9
8-2
9-1
9-1
9-3
9-7
9-9
9-13
9-14
9-16
9-17
9-19
Internal Auditing: Assurance and Consulting Services, 2nd Edition
Copyright 2009, The IIA Research Foundation
9-22
9-24
Summary
9-27
Review Questions
Multiple-choice Questions
Discussion Questions
Case
References
9-28
9-29
9-31
Chapter 12 Introduction to the Engagement Process
9-32
9-34
Chapter 10 Audit Evidence and Working Papers
Learning Objectives
Audit Evidence
Audit Procedures
Working Papers
Summary
Review Questions
Multiple-choice Questions
Discussion Questions
Cases
References
10-1
10-1
10-1
10-4
10-13
10-16
10-17
10-20
10-23
11-1
Learning Objectives
Introduction to Audit Sampling
Statistical Audit Sampling in Tests of Controls
Nonstatistical Audit Sampling in Tests of Controls
Statistical Sampling in Tests of Monetary Values
Summary
Review Questions
Multiple-choice Questions
Discussion Questions
Cases
11-1
11-1
11-4
11-14
11-16
11-18
11-20
11-20
11-23
11-25
References
11-27
Learning Objectives
Types of Internal Audit Engagements
Overview of the Assurance Engagement Process
The Consulting Engagement Process
Summary
Review Questions
Multiple-choice Questions
Discussion Questions
Case
References
12-1
12-3
12-3
12-12
12-13
12-14
12-15
12-17
12-19
12-20
Chapter 13 Conducting the Assurance Engagement
12-1
10-17
10-22
Chapter 11 Audit Sampling
CONDUCTING INTERNAL AUDIT ENGAGEMENTS
Internal Auditing: Assurance and Consulting Services, 2nd Edition
Copyright 2009, The IIA Research Foundation
13-1
Learning Objectives
Determine Engagement Objectives and Scope
Understand the Auditee
13-8
Identify and Assess Risks
13-22
Identify Key Controls
Evaluate the Adequacy of Control Design
Create a Test Plan
Develop a Work Program
Allocate Resources to the Engagement
Conduct Tests to Gather Evidence
Evaluate Evidence Gathered and Reach Conclusions
Develop Observations and Formulate Recommendations
Summary
Review Questions
13-1
13-3
13-28
13-30
13-31
13-43
13-48
13-33
13-36
13-38
13-39
13-41
Summary
9-27
Review Questions
Multiple-choice Questions
Discussion Questions
Case
References
9-28
9-29
9-31
Chapter 12 Introduction to the Engagement Process
9-32
9-34
Chapter 10 Audit Evidence and Working Papers
Learning Objectives
Audit Evidence
Audit Procedures
Working Papers
Summary
Review Questions
Multiple-choice Questions
Discussion Questions
Cases
References
10-1
10-1
10-1
10-4
10-13
10-16
10-17
10-20
11-1
Learning Objectives
Introduction to Audit Sampling
Statistical Audit Sampling in Tests of Controls
Nonstatistical Audit Sampling in Tests of Controls
Statistical Sampling in Tests of Monetary Values
Summary
11-1
Review Questions
Multiple-choice Questions
Discussion Questions
Cases
References
11-1
11-18
11-27
Learning Objectives
Types of Internal Audit Engagements
Overview of the Assurance Engagement Process
The Consulting Engagement Process
Summary
Review Questions
Multiple-choice Questions
Discussion Questions
Case
References
12-1
12-3
12-3
12-12
12-13
12-14
12-15
12-17
12-19
12-20
Chapter 13 Conducting the Assurance Engagement
10-23
11-25
12-1
10-17
10-22
Chapter 11 Audit Sampling
CONDUCTING INTERNAL AUDIT ENGAGEMENTS
11-20
11-20
11-23
11-4
11-14
11-16
13-1
Learning Objectives
Determine Engagement Objectives and Scope
Understand the Auditee
13-8
Identify and Assess Risks
13-22
Identify Key Controls
Evaluate the Adequacy of Control Design
Create a Test Plan
Develop a Work Program
Allocate Resources to the Engagement
Conduct Tests to Gather Evidence
Evaluate Evidence Gathered and Reach Conclusions
Develop Observations and Formulate Recommendations
Summary
Review Questions
13-1
13-3
13-28
13-30
13-31
13-33
13-36
13-38
13-43
13-48
Internal Auditing: Assurance and Consulting Services, 2nd Edition
Copyright 2009, The IIA Research Foundation
13-39
13-41
Multiple-choice Questions
Discussion Questions
Case
References
13-49
13-51
Chapter 15 The Consulting Engagement
13-54
15-1
Learning Objectives
The Difference Between Assurance and Consulting Services
Types of Consulting Services
Chapter 14 Communicating Assurance Engagement Outcomes and Performing Follow-up Procedures 14-1
Selecting Consulting Engagements to Perform
Learning Objectives
The Consulting Engagement Process
Engagement Communication Obligations
Consulting Engagement Working Papers
Perform Observation Evaluation and Escalation Process
The Changing Landscape of Consulting Services
Conduct Interim and Preliminary Engagement
Communications 14-15
Capabilities Needed
Summary
Develop Final Engagement Communications
Review Questions
Distribute Formal and Informal Final Communications
Multiple-choice Questions
Perform Monitoring and Follow-up
Discussion Questions
Other Types of Engagements
Cases
Summary
References
Review Questions
Multiple-choice Questions
Discussion Questions
Cases
References
13-57
14-1
14-2
14-5
14-16
14-25
14-27
14-27
14-20
15-1
15-5
15-7
15-9
15-15
15-17
15-18
15-19
15-20
15-20
15-22
15-23
15-25
14-29
14-29
14-32
14-35
14-38
GLOSSARY
APPENDICES
Appendix A
Appendix B The IIA’s International Standards for the
Professional Practice of Internal Auditing
INDEX
Internal Auditing: Assurance and Consulting Services, 2nd Edition
Copyright 2009, The IIA Research Foundation
The IIA’s Code of Ethics
15-4
Multiple-choice Questions
Discussion Questions
Case
References
13-49
13-51
Chapter 15 The Consulting Engagement
13-54
15-1
Learning Objectives
The Difference Between Assurance and Consulting Services
Types of Consulting Services
Chapter 14 Communicating Assurance Engagement Outcomes and Performing Follow-up Procedures 14-1
Selecting Consulting Engagements to Perform
Learning Objectives
The Consulting Engagement Process
Engagement Communication Obligations
Consulting Engagement Working Papers
Perform Observation Evaluation and Escalation Process
The Changing Landscape of Consulting Services
Conduct Interim and Preliminary Engagement
Communications 14-15
Capabilities Needed
Summary
Develop Final Engagement Communications
Review Questions
Distribute Formal and Informal Final Communications
Multiple-choice Questions
Perform Monitoring and Follow-up
Discussion Questions
Other Types of Engagements
Cases
Summary
References
Review Questions
Multiple-choice Questions
Discussion Questions
Cases
References
13-57
14-1
14-27
14-27
14-35
14-38
14-25
14-2
14-5
14-16
14-20
15-1
15-5
15-7
15-9
15-15
15-17
15-18
15-19
15-20
15-20
15-22
15-23
15-25
14-29
14-29
14-32
GLOSSARY
APPENDICES
Appendix A
The IIA’s Code of Ethics
Appendix B The IIA’s International Standards for the
Professional Practice of Internal Auditing
INDEX
Internal Auditing: Assurance and Consulting Services, 2nd Edition
Copyright 2009, The IIA Research Foundation
15-4
CONTENTS OF CD-ROM
Compliance and Ethics Program Maturity Assessment
ACL Software
Summary
IDEA Software
Case Study
The IIA’s Code of Ethics
Background Information
The IIA’s International Standards for the Professional Practice
of Internal Auditing
Scenario 1: Code of Ethics and Business Conduct
Case Studies
Scenario 1 Activities
Scenario 2: Employee Opinion Survey
Case Study 1 Auditing Entity-level Controls
Scenario 2 Activities
Learning Objectives
Scenario 3: Compliance and Ethics Program Maturity Assessment
Importance of Entity-level Controls
Scenario 3 Activities
Historical and Current Perspectives on Entity-level Controls
Scenario 4: Test of Compliance with SHR’s Gift Exchange Policy
Definitions of Different Levels of Controls
Scenario 4 Activities
A Framework for Determining the Impact of Entity-level Controls on Testing
Case Study 3 Performing a Blended Consulting Engagement
Entity-level Controls and the COSO Internal Control – Integrated Framework
Learning Objectives
Testing Entity-level Controls
Performing Risk Assessments
Summary
Performing Consulting Engagements
Case Study
Case Study
Background Information
Background Information
Scenario 1: Ethical Behavior is Good Business
Scenario 1: Risk Assessment and Consulting Processes
Scenario 1 Activities
Scenario 1 Activities
Scenario 2: Using IT to Gain a Competitive Edge
Scenario 2: Retail Operations Expansion
Scenario 2 Activities
Scenario 2 Activities
Scenario 3: Brokerage Capability Expansion – International Online Trading
Scenario 3 Activities (Advanced)
Case Study 2 Auditing the Compliance and Ethics Program
Learning Objectives
What is Compliance?
Taking an Integrated Systems Approach to Establishing and
Maintaining a Compliance and Ethics Program
The Federal Sentencing Guidelines and the Criteria for an
Effective Compliance and Ethics Program
Roles and Responsibilities for the Compliance and Ethics Program
Internal Auditing: Assurance and Consulting Services, 2nd Edition
Copyright 2009, The IIA Research Foundation
CONTENTS OF CD-ROM
Compliance and Ethics Program Maturity Assessment
ACL Software
Summary
IDEA Software
Case Study
The IIA’s Code of Ethics
Background Information
The IIA’s International Standards for the Professional Practice
of Internal Auditing
Scenario 1: Code of Ethics and Business Conduct
Case Studies
Scenario 1 Activities
Scenario 2: Employee Opinion Survey
Case Study 1 Auditing Entity-level Controls
Scenario 2 Activities
Learning Objectives
Scenario 3: Compliance and Ethics Program Maturity Assessment
Importance of Entity-level Controls
Scenario 3 Activities
Historical and Current Perspectives on Entity-level Controls
Scenario 4: Test of Compliance with SHR’s Gift Exchange Policy
Definitions of Different Levels of Controls
Scenario 4 Activities
A Framework for Determining the Impact of Entity-level Controls on Testing
Case Study 3 Performing a Blended Consulting Engagement
Entity-level Controls and the COSO Internal Control – Integrated Framework
Learning Objectives
Testing Entity-level Controls
Performing Risk Assessments
Summary
Performing Consulting Engagements
Case Study
Case Study
Background Information
Background Information
Scenario 1: Ethical Behavior is Good Business
Scenario 1: Risk Assessment and Consulting Processes
Scenario 1 Activities
Scenario 1 Activities
Scenario 2: Using IT to Gain a Competitive Edge
Scenario 2: Retail Operations Expansion
Scenario 2 Activities
Scenario 2 Activities
Scenario 3: Brokerage Capability Expansion – International Online Trading
Scenario 3 Activities (Advanced)
Case Study 2 Auditing the Compliance and Ethics Program
Learning Objectives
What is Compliance?
Taking an Integrated Systems Approach to Establishing and
Maintaining a Compliance and Ethics Program
The Federal Sentencing Guidelines and the Criteria for an
Effective Compliance and Ethics Program
Roles and Responsibilities for the Compliance and Ethics Program
Internal Auditing: Assurance and Consulting Services, 2nd Edition
Copyright 2009, The IIA Research Foundation
Related documents
Recent Changes to IIA Standards
Recent Changes to IIA Standards
QUALITY ASSURANCE: Obstetrics Auditing, Records & Reports
QUALITY ASSURANCE: Obstetrics Auditing, Records & Reports
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
COVER LETTER SAMPLE
COVER LETTER SAMPLE
Continuous Auditing - Global Institute of Internal Auditors
Continuous Auditing - Global Institute of Internal Auditors
CIS 349 – Information Technology Audit and Control
CIS 349 – Information Technology Audit and Control
GREEN EARTH
GREEN EARTH
Download