Table of Contents
Preface ix
CIA Exam Content Syllabus and Specifications xiii
CIA Exam-Taking Tips xvii
Professional Standards 1
i.1 New IPPF Defined 2
i.2 Introduction to the IIA’s Standards 2
i.3 IIA’s International Standards 4
Domain 1 Foundations of Internal Auditing 57
1.1 Mission of Internal Audit 57
1.2 Definition of Internal Auditing 58
1.3 Core Principles 60
1.4 Internal Audit Charter 63
1.5 Types of Audit Services 66
1.6 IIA’s Code of Ethics 67
1.7 Roles and Responsibilities of Management 69
1.8 Sample Practice Questions 72
Domain 2 Independence and Objectivity 75
2.1 Independence Defined 75
2.2 Factors Threatening and Supporting Independence 77
2.3 Objectivity Defined 81
2.4 Factors Threatening and Supporting Objectivity 82
2.5 Policies to Promote Objectivity 87
2.6 Sample Practice Questions 89
Domain 3 Proficiency and Due Professional Care 91
3.1 Proficiency and Competency Defined 91
3.2 Due Professional Care Defined 93
3.3 Continuing Professional Development 94
3.4 Professional Judgment and Competence 95
3.5 Competency Levels for Internal Auditors 96
3.6 Sample Practice Questions 104
Domain 4 Quality Assurance and Improvement Program 107
4.1 Required Elements 107
4.2 Reporting Requirements 110
4.3 Conformance versus Nonconformance 111
4.4 TQM in Internal Audit Operations 112
4.5 Sample Practice Questions 114
Domain 5 Governance, Risk Management, and Control 117
5.1 Governance Principles, Components, and Problems 118
5.2 Governance Models and Frameworks 130
5.3 Roles of the Board of Directors 140
5.4 Characteristics of Effective and Ineffective Boards 151
5.5 Roles of Executives and Officers 157
5.6 Roles of the Audit Committee 173
5.7 Roles of Board‐Level Committees 176
5.8 Roles of Shareholders and Stakeholders 183
5.9 Scope of Board‐Level Audits 188
5.10 Organizational Culture 202
5.11 Organizational Ethics 211
5.12 Corporate Social Responsibility 229
5.13 Risk Concepts, Risk Types, and Risk Management Processes 235
5.14 Globally Accepted Risk Management Frameworks 264
5.15 Effectiveness of Risk Management 287
5.16 Internal Audit’s Role in the Risk Management Process 291
5.17 Internal Control Concepts and Types of Controls 294
5.18 Globally Accepted Internal Control Frameworks 328
5.19 Effectiveness and Efficiency of Internal Controls 345
5.20 Compliance Management 349
5.21 Sample Practice Questions 355
Domain 6 Fraud Risks 361
6.1 Interpretation of Fraud Risks 362
6.2 Types of Fraud 368
6.3 Indicators of Fraud 380
6.4 Awareness of Fraud 388
6.5 Controls to Prevent or Detect Fraud Risks 389
6.6 Audit Tests to Detect Fraud, Including Discovery Sampling 392
6.7 Integrating Analytical Relationships to Detect Fraud 401
6.8 Interrogation or Investigative Techniques 411
6.9 Forensic Auditing and Computer Forensics 420
6.10 Use of Computers in Analyzing Data for Fraud and Crime 425
6.11 GAO’s Framework for Managing Fraud Risks 429
6.12 COSO’s Framework for Fraud Risk Management 432
6.13 Fraud Analytics 434
6.14 Fraud and the Internal Auditor 439
6.15 Sample Practice Questions 440
Sample Practice Questions, Answers and Explanations 443
Appendix A: Characteristics of Effective Auditors and Audit Function 475
Appendix B: Sarbanes-Oxley Act of 2002 483
Appendix C: Big Data and Data Mining 491
General Glossary 519
Risk Glossary 561
About the Author 585
Index 587
