Table of Contents
Preface xi
CIA Exam Content Syllabus and Specifications ix
CIA Exam-Taking Tips xiv
Professional Standards (100%) 1
Attribute Standards 2
Performance Standards 22
Domain 1: Foundations of Internal Auditing (15%) 28
Mission of Internal Audit 28
Definition of Internal Auditing 29
Core Principles 32
Internal Audit Charter 34
Types of Audit Services 40
IIA’s Code of Ethics 42
Roles and Responsibilities of Management 45
Domain 2: Independence and Objectivity (15%) 46
Independence Defined 47
Factors Threatening and Supporting Independence 51
Objectivity Defined 56
Factors Threatening and Supporting Objectivity 57
Policies to Promote Objectivity 66
Domain 3: Proficiency and Due Professional Care (18%) 68
Proficiency Defined 69
Competency Defined 70
Due Professional Care Defined 74
Continuing Professional Development 75
Professional Judgment and Competence 77
Competency Levels for Internal Auditors 80
Domain 4: Quality Assurance and Improvement Program (7%) 99
Required Elements 100
Reporting Requirements 108
Conformance versus Nonconformance 110
TQM in Internal Audit Operations 112
Domain 5: Governance, Risk Management, and Control (35%) 115
Governance Principles, Components, and Problems 117
Governance Models and Frameworks 126
Roles of the Board of Directors 140
Characteristics of Effective and Ineffective Boards 142
Roles of Executives and Officers 146
Roles of the Audit Committee 148
Roles of Internal Auditors in Corporate Governance, Risk Management, and Control Processes 150
Roles of Board-Level Committees 151
Roles and Rights of Shareholders and Stakeholders 153
Scope of Board-Level Audits 163
Organizational Culture 169
Organizational Ethics 180
Risk Concepts, Risk Types, and Risk Management Processes 199
Globally Accepted Risk Management Frameworks 235
Effectiveness of Risk Management 269
Internal Audit’s Role in the Risk Management Processes 274
Internal Control Concepts and Types of Controls 281
Globally Accepted Internal Control Frameworks 305
Effectiveness and Efficiency of Internal Controls 326
Compliance Management 333
Domain 6: Fraud Risks (10%) 336
Interpretation of Fraud Risks 337
Acts, Traits, and Profiles of Fraud Perpetrators 342
Types of Fraud 347
Indicators of Fraud 360
Awareness of Fraud 366
Awareness of Fraud (continued) 367
Controls to Prevent or Detect Fraud Risks 368
Audit Tests to Detect Fraud, Including Discovery Sampling 373
Integrating Analytical Relationships to Detect Fraud 378
Interrogation or Investigative Techniques 380
Forensic Auditing and Computer Forensics 384
Use of Computers in Analyzing Data for Fraud and Crime 390
GAO’s Framework for Managing Fraud Risks 393
COSO’s Framework for Fraud Risk Management 400
Fraud Analytics 405
Fraud and the Internal Auditor 413
Appendix Risks to Internal Audit Activity 415
The IIA’s Three-Lines-of-Defense Model 423
Audit Metrics and Key Performance Indicators 428
Characteristics of Effective Auditors and Audit Function 435
Sarbanes-Oxley Act of 2002 449
About the Author 461
Index 463
