I.Mandatory Guidance(35-45%) 强制性指南(35-45%) A.Definition of Internal Auditing 内部审计定义 1.Define purpose,authority,and responsibility of the internal audit activity 明确内部审计的宗旨,权力和职责 B.Code of Ethics 职业道德规范 1.Abide by and promote compliance with The IIA Code of Ethics 遵守和促进对国际内部审计师协会(IIA)《职业道德规范》的遵循 C.International Standards 国际标准 1.Comply with The IIA's Attribute Standards 遵守国际内部审计师协会的属性标准 a.Determine if the purpose,authority,and responsibility of the internal audit activity are documented in audit charter,approved by the Board and communicated to the engagement clients 确定内部审计的宗旨、权力和职责是否在审计章程中加以说明,获得董事会批准并通报审计业务客户 b.Demonstrate an understanding of the purpose,authority,and responsibility of the internal audit activity 阐明内部审计的宗旨、权力和职责 2.Maintain independence and objectivity 保持独立性和客观性 a.Foster independence 加强独立性 1.Understand organizational independence 理解内部审计部门在组织上的独立性 2.Recognize the importance of organizational independence 认识内部审计部门在组织上保持独立性的重要性 3.Determine if the internal audit activity is properly aligned to achieve organizational independence 确定内部审计部门是否正确设置以获得其独立性 b.Foster objectivity 加强客观性 1.Establish policies to promote objectivity 制定政策以增进客观性 2.Assess individual objectivity 评估个人的客观性 3.Maintain individual objectivity 保持个人的客观性 4.Recognize and mitigate impairments to independence and objectivity 识别并减轻对独立性和客观性的损害 3.Determine if the required knowledge,skills,and competencies are available 确定是否具备必要的知识、技能和胜任能力 a.Understand the knowledge,skills,and competencies that an internal auditor needs to possess 理解内部审计师需要具备的知识、技能和胜任能力 b.Identify the knowledge,skills,and competencies required to fulfill the responsibilities of the internal audit activity 识别履行内部审计职责所必需的知识、技能和胜任能力 4.Develop and/or procure necessary knowledge,skills and competencies collectively required by the internal audit activity 开发和/或取得内部审计部门整体所需的知识、技能和胜任能力 5.Exercise due professional care 运用应有的职业审慎 6.Promote continuing professional development 促进持续专业发展 a.Develop and implement a plan for continuing professional development for internal audit staff 为内部审计人员制定并实施持续专业发展计划 b.Enhance individual competency through continuing professional development 通过持续专业发展提高个人能力 7.Promote quality assurance and improvement of the internal audit activity 促进内部审计活动的质量保证与改进 a.Monitor the effectiveness of the quality assurance and improvement program 监督质量保证与改进程序的效果 b.Report the results of the quality assurance and improvement program to the board or other governing body 将质量保证与改进程序的结果报告给董事会或其他治理机构 c.Conduct quality assurance procedures and recommend improvements to the performance of the internal audit activity 实施质量保证程序并建议改善内部审计业绩 II.Internal Control/Risk(25-35%)–Awareness Level(A) 内部控制/风险(25-35%)——要求了解(A) A.Types of Controls(e.g.,preventive,detective,input,output,etc.) 控制类型(如:预防型、检查型、输入、输出等) B.Management Control Techniques 管理控制技术 C.Internal Control Framework Characteristics and Use(e.g.,COSO,Cadbury) 内部控制框架特点和运用(如:COSO,Cadbury) 1.Develop and implement an organization-wide risk and control framework 建立和实施一个全组织的风险和控制框架 D.Alternative Control Frameworks 可选择的控制框架 E.Risk Vocabulary and Concepts 风险的词汇和概念 F.Fraud Risk Awareness 舞弊风险意识 1.Types of fraud 舞弊类型 2.Fraud red flags 舞弊危险信号 III.Conducting Internal Audit Engagements–Audit Tools and Techniques(28-38%) 开展内部审计业务——审计工具和技术(28-38%) A.Data Gathering(Collect and analyze data on proposed engagements): 资料收集(收集和分析拟审计的业务资料): 1.Review previous audit reports and other relevant documentation as part of a preliminary survey of the engagement area 审核之前的审计报告和其他相关文档,作为审计业务范围初步调查的一部分 2.Develop checklists/internal control questionnaires as part of a preliminary survey of the engagement area 编制检查清单/内部控制调查问卷,作为审计业务范围初步调查的一部分 3.Conduct interviews as part of a preliminary survey of the engagement area 进行面谈,作为审计业务范围初步调查的一部分 4.Use observation to gather data 通过观察搜集资料 5.Conduct engagement to assure identification of key risks and controls 开展审计业务,确保对关键风险和控制的识别 6.Sampling(non-statistical[judgmental]sampling method,statistical sampling,discovery sampling,and statistical analyses techniques) 抽样(非统计抽样方法,统计抽样,发现抽样,统计分析技术) B.Data Analysis and Interpretation: 资料分析与解读 1.Use computerized audit tools and techniques(e.g.,data mining and extraction,continuous monitoring,automated work papers,embedded audit modules) 运用计算机审计工具和技术(如:数据挖掘与抽取,连续监测,自动化工作底稿,嵌入式审计模块) 2.Conduct spreadsheet analysis 进行电子表格分析 3.Use analytical review techniques(e.g.,ratio estimation,variance analysis,budget vs.actual,trend analysis,other reasonableness tests) 运用分析性复核技术(如:比率估计,变量分析,预算与实际相比较,趋势分析,其他合理性测试) 4.Conduct benchmarking 进行基准比较 5.Draw conclusions 得出结论 C.Data Reporting 数据报告 1.Report test results to auditor in charge 向主管审计师汇报测试结果 2.Develop preliminary conclusions regarding controls 产生关于控制的初步结论 D.Documentation/Work Papers 文档/审计工作底稿 1.Develop work papers 编制工作底稿E.Process Mapping,Including Flowcharting 过程描述,包括流程图 F.Evaluate Relevance,Sufficiency,and Competence of Evidence 评估证据的相关性、充分性和证明力 1.Identify potential sources of evidence 识别证据的潜在来源 来源:微信号【ciaedu】,由中国CIA考试网【www.cia.cn】整理发布,原创文章,若需引用或转载,请注明来源! |