Part 1 – Internal Audit Basics 内部审计基础知识
125 questions | 2.5 Hours (150 minutes)
题量:125个问题,答题时间:2.5小时(150分钟)
I. Mandatory Guidance (35-45%)
强制性指南(35-45%)
A. Definition of Internal Auditing
内部审计定义
1. Define purpose, authority, and responsibility of the internal audit activity
明确内部审计的宗旨,权力和职责
B. Code of Ethics
职业道德规范
1. Abide by and promote compliance with The IIA Code of Ethics
遵守和促进对国际内部审计师协会(IIA)《职业道德规范》的遵循
C. International Standards
国际标准
1. Comply with The IIA's Attribute Standards
遵守国际内部审计师协会的属性标准
a. Determine if the purpose, authority, and responsibility of the internal audit activity are documented in audit charter, approved by the Board and communicated to the engagement clients
确定内部审计的宗旨、权力和职责是否在审计章程中加以说明,获得董事会批准并通报审计业务客户
b. Demonstrate an understanding of the purpose, authority, and responsibility of the internal audit activity
阐明内部审计的宗旨、权力和职责
2. Maintain independence and objectivity
保持独立性和客观性
a. Foster independence
加强独立性
1. Understand organizational independence
理解内部审计部门在组织上的独立性
2. Recognize the importance of organizational independence
认识内部审计部门在组织上保持独立性的重要性
3. Determine if the internal audit activity is properly aligned to achieve organizational independence
确定内部审计部门是否正确设置以获得其独立性
b. Foster objectivity
加强客观性
1. Establish policies to promote objectivity
制定政策以增进客观性
2. Assess individual objectivity
评估个人的客观性
3. Maintain individual objectivity
保持个人的客观性
4. Recognize and mitigate impairments to independence and objectivity
识别并减轻对独立性和客观性的损害
3. Determine if the required knowledge, skills, and competencies are available
确定是否具备必要的知识、技能和胜任能力
a. Understand the knowledge, skills, and competencies that an internal auditor needs to possess
理解内部审计师需要具备的知识、技能和胜任能力
b. Identify the knowledge, skills, and competencies required to fulfill the responsibilities of the internal audit activity
识别履行内部审计职责所必需的知识、技能和胜任能力
4. Develop and/or procure necessary knowledge, skills and competencies collectively required by the internal audit activity
开发和/或取得内部审计部门整体所需的知识、技能和胜任能力
5. Exercise due professional care
运用应有的职业审慎
6. Promote continuing professional development
促进持续专业发展
a. Develop and implement a plan for continuing professional development for internal audit staff
为内部审计人员制定并实施持续专业发展计划
b. Enhance individual competency through continuing professional development
通过持续专业发展提高个人能力
7. Promote quality assurance and improvement of the internal audit activity
促进内部审计活动的质量保证与改进
a. Monitor the effectiveness of the quality assurance and improvement program
监督质量保证与改进程序的效果
b. Report the results of the quality assurance and improvement program to the board or other governing body
将质量保证与改进程序的结果报告给董事会或其他治理机构
c. Conduct quality assurance procedures and recommend improvements to the performance of the internal audit activity
实施质量保证程序并建议改善内部审计业绩
II. Internal Control / Risk (25-35%) – Awareness Level (A)
内部控制/风险(25-35%)——要求了解(A)
A. Types of Controls (e.g., preventive, detective, input, output, etc.)
控制类型(如:预防型、检查型、输入、输出等)
B. Management Control Techniques
管理控制技术
C. Internal Control Framework Characteristics and Use (e.g., COSO, Cadbury)
内部控制框架特点和运用(如:COSO,Cadbury)
1. Develop and implement an organization-wide risk and control framework
建立和实施一个全组织的风险和控制框架
D. Alternative Control Frameworks
可选择的控制框架
E. Risk Vocabulary and Concepts
风险的词汇和概念
F. Fraud Risk Awareness
舞弊风险意识
1. Types of fraud
舞弊类型
2. Fraud red flags
舞弊危险信号
III. Conducting Internal Audit Engagements – Audit Tools and Techniques (28-38%)
开展内部审计业务——审计工具和技术(28-38%)
A. Data Gathering (Collect and analyze data on proposed engagements):
资料收集(收集和分析拟审计的业务资料):
1. Review previous audit reports and other relevant documentation as part of a preliminary survey of the engagement area
审核之前的审计报告和其他相关文档,作为审计业务范围初步调查的一部分
2. Develop checklists/internal control questionnaires as part of a preliminary survey of the engagement area
编制检查清单/内部控制调查问卷,作为审计业务范围初步调查的一部分
3. Conduct interviews as part of a preliminary survey of the engagement area
进行面谈,作为审计业务范围初步调查的一部分
4. Use observation to gather data
通过观察搜集资料
5. Conduct engagement to assure identification of key risks and controls
开展审计业务,确保对关键风险和控制的识别
6. Sampling (non-statistical [judgmental] sampling method, statistical sampling, discovery sampling, and statistical analyses techniques)
抽样(非统计抽样方法,统计抽样,发现抽样,统计分析技术)
B. Data Analysis and Interpretation:
资料分析与解读
1. Use computerized audit tools and techniques (e.g., data mining and extraction, continuous monitoring, automated work papers, embedded audit modules)
运用计算机审计工具和技术(如:数据挖掘与抽取,连续监测,自动化工作底稿,嵌入式审计模块)
2. Conduct spreadsheet analysis
进行电子表格分析
3. Use analytical review techniques (e.g., ratio estimation, variance analysis, budget vs. actual, trend analysis, other reasonableness tests)
运用分析性复核技术(如:比率估计,变量分析,预算与实际相比较,趋势分析,其他合理性测试)
4. Conduct benchmarking
进行基准比较
5. Draw conclusions
得出结论
C. Data Reporting
数据报告
1. Report test results to auditor in charge
向主管审计师汇报测试结果
2. Develop preliminary conclusions regarding controls
产生关于控制的初步结论
D. Documentation / Work Papers
文档/审计工作底稿
1. Develop work papers
编制工作底稿
E. Process Mapping, Including Flowcharting
过程描述,包括流程图
F. Evaluate Relevance, Sufficiency, and Competence of Evidence
评估证据的相关性、充分性和证明力
1. Identify potential sources of evidence
识别证据的潜在来源
内审师课程试听
