Brink's Modern Internal Auditing
Brink's ModernInternal AuditingA Common Body of KnowledgeSeventh EditionROBERT R. MOELLERWILEYJohn Wiley & Sons, Inc.
ContentsPrefacexixAbout the AuthorXXVPART ONEFOUNDATIONS OF MODERN INTERNAL AUDITINGCHAPTER 1Foundations of Internal Auditing1.11.2CHAPTER 2Internal Auditing History and BackgroundOrganization of This BookNote5810Internal Audit's Common Body of Knowledge112.1 What Is a CBOK?: Experiences from Other Professions2.2 Institute of Internal Auditor's Research Foundation CBOK2.3 What Does an Internal Auditor Need to Know?2.4 Modern Internal Auditing's CBOK Going ForwardNotes1213181919PART TWOIMPORTANCE OF INTERNAL CONTROLS21CHAPTER 3Internal Control Framework: The COSO Standard233.13.223253.33.4Importance of Effective Internal ControlsInternal Controls Standards: Background(a) Internal Control Definitions: Foreign CorruptPractices Act of 1977(b) FCPA Aftermath: What Happened?Events Leading to the Treadway Commission(a) Earlier AICPA Standards: SAS No. 55(b) Treadway Committee ReportCOSO Internal Control Framework(a) Control Environment(b) Risk Assessment(c) Control Activities(d) Communications and Information(e) Monitoring2628283030313339414346
Contents3-53.6CHAPTER 4534.1544.34.4CHAPTER 6505151Sarbanes-Oxley and Beyond4.2CHAPTER 5Other Dimensions of the COSO Internal ControlsFrameworkInternal Audit CBOK NeedsNotesKey Sarbanes-Oxley Act Elements(a) Title I: Public Company AccountingOversight Board(b) Title II: Auditor Independence(c) SOx Title III: Corporate Responsibility(d) Title IV: Enhanced Financial Disclosures(e) Title V: Analyst Conflicts of Interest(f) Titles VI through X: Fraud Accountabilityand White-Collar Crime(g) Title XI: Corporate Fraud AccountabilityPerforming Section 404 Reviews under AS 5(a) Section 404 Internal Controls Assessments Today(b) Launching the Section 404 Compliance ReviewAS 5 Rules and Internal AuditImpact of the Sarbanes-Oxley ActNotesAnother Internal Controls Framework: n to CobiTCobiT Framework(a) CobiT Cube Components: IT Resources(b) CobiT Cube Components5.3* Using CobiT to Assess Internal Controls(a) Planning and Enterprise(b) Acquisition and Implementation(c) Delivery and Support(d) Monitoring and Evaluation5.4 Using CobiT in a SOx Environment5.5 CobiT Assurance Framework Guidance5.6 CobiT in isk Management: COSO ERM1136.11141151181211241261271291326.26.3Risk Management Fundamentals(a) Risk Identification(b) Key Risk Assessments(c) Quantitative Risk AnalysisCOSO ERM: Enterprise Risk ManagementCOSO ERM Key Elements(a) Internal Environment Component(b) Objective Setting(c) Event Identification
ContentsVll6.46.56.66.76.8(d) Risk Assessment(e) Risk Response(f) Control Activities(g) Information and Communication(h) MonitoringOther Dimensions of COSO ERM: Enterprise RiskObjectives(a) Operations Risk Management Objectives(b) Reporting Risk Management Objectives(c) Legal and Regulatory Compliance Risk ObjectivesEntity-Level Risks(a) Risks Encompassing the Entire Organization(b) Business Unit-Level RisksPutting It All TogetherAuditing Risk and COSO ERM ProcessesRisk Management and COSO ERM in 45146146147149PART THREE PLANNING AND PERFORMING INTERNAL AUDITS151CHAPTER 7Performing Effective Internal 11721731751751761787.37.47.57.67.7CHAPTER 8Organizing and Planning Internal AuditsInternal Audit Preparatory Activities(a) Determine the Audit Objectives(b) Audit Scheduling and Time Estimates(c) Preliminary SurveysStarting/the Internal Audit(a) Internal Audit Field Survey(b) Documenting the Internal Audit Field Survey(c) Field Survey Auditor ConclusionsDeveloping and Preparing Audit Programs(a) Audit Program Formats and Their Preparation(b) Types of Audit EvidencePerforming the Internal Audit(a) Internal Audit Fieldwork Initial Procedures(b) Audit Fieldwork Technical Assistance(c) Audit Management Fieldwork Monitoring(d) Potential Audit Findings(e) Audit Program and Schedule Modifications(f) Reporting Preliminary Audit Findings toManagementWrapping Up the Field Engagement Internal AuditPerforming an Individual Internal Audit178179180Standards for the Professional Practice of Internal Auditing1838.1184184Internal Auditing Professional Practice Standards(a) Background of the IIA Standards
ContentsV1U8.28.3CHAPTER .69.79.8CHAPTER 11186187187188191196198Testing, Assessing, and Evaluating Audit Evidence9.5CHAPTER 10(b) IIA's Current Standards: What Has Changed(c) 2009 New Internal Audit StandardsContent of the IIA Standards(a) Internal Audit Attribute Standards(b) Internal Audit Performance StandardsCodes of Ethics: The IIA and ISACANotesGathering Appropriate Audit EvidenceAudit Assessment and Evaluation TechniquesInternal Audit Judgmental SamplingStatistical Sampling: An Introduction(a) Statistical Sampling Concepts(b) Developing a Statistical Sampling Plan(c) Audit Sampling ApproachesMonetary Unit Sampling(a) Selecting the Monetary Unit Sample: An Example(b) Performing the Monetary Unit Sampling Test(c) Evaluating Monetary Unit Sample Results(d) Monetary Unit Sampling Advantages andLimitationsVariables and Stratified Variables SamplingOther Audit Sampling Techniques(a) Multistage Sampling(b) Replicated Sampling(c) Bayesian SamplingMaking Efficient and Effective Use of Audit SamplingNotesAudit Programs and Establishing the Audit Universe22822923223223223323323623710.1 Denning the Scope and Objectives of the Internal AuditUniverse10.2 Assessing Internal Audit Capabilities and Objectives10.3 Audit Universe Time and Resource Limitations10.4 "Selling" the Audit Universe to the Audit Committeeand Management10.5 Assembling Audit Programs: Audit Universe KeyComponents(a) Audit Program Formats and Their Preparation(b) Types of Program Audit Evidence10.6 Audit Universe and Program Maintenance247248251252Control Self-Assessments and Benchmarking25311.1 Importance of Control Self-Assessments11.2 CSA Model253254238242244245
ContentsIX11.311.411.511.6PART FOUR. CHAPTER 1225525725926l26l262263265269269ORGANIZING AND MANAGING INTERNAL AUDITORACTIVITIES271Internal Audit Charters and Building the InternalAudit Function27312.112.212.312.412.512.6CHAPTER 13Launching the CSA Process(a) Performing the Facilitated CSA Review(b) Performing the Questionnaire-Based CSAReview(c) Performing the Management-Produced AnalysisCSA ReviewEvaluating CSA ResultsBenchmarking and Internal Audit(a) Implementing Benchmarking to ImproveProcesses(b) Benchmarking and the IIA's GAIN InitiativeBetter Understanding Internal Audit ActivitiesNotesEstablishing an Internal Audit FunctionAudit Charter: Audit Committee and ManagementAuthorityBuilding the Internal Audit Staff(a) Role of the CAE(b) Internal Audit Management Responsibilities(c) Internal Audit Staff Responsibilities(d) / Information Systems Audit Specialists(e) Other Internal Auditor SpecialistsInternal Audit Department Organization Approaches(a) Centralized versus Decentralized Internal AuditOrganization Structures(b) Organizing the Internal Audit FunctionInternal Audit Policies and ProceduresProfessional Development: Building a Strong InternalAudit 2292Internal Audit Key 294296296298301301302Importance of Internal Audit Key CompetenciesInternal Auditor Interview SkillsAnalytical SkillsTesting and Analysis SkillsInternal Auditor Documentation SkillsRecommending Results and Corrective ActionsInternal Auditor Communication SkillsInternal Auditor Negotiation Skills
Contents13-913-10CHAPTER standing the Environment: Launching anInternal AuditDocumenting and Understanding the Internal ControlsEnvironmentPerforming Appropriate Internal Audit ProceduresWrapping Up the Internal AuditPerforming Internal AuditsDocumenting Results through Process Modelingand Workpapers16.116.216.316.416.5CHAPTER 17Project Management Processes(a) Project Management Book of Knowledge(b) Developing a Project Management PlanPMBOK Program and Portfolio ManagementOrganizational Process Maturity ModelUsing Project Management for Effective InternalAudit PlansProject Management Best Practices and Internal AuditNotesPlanning and Performing Internal Audits15.1CHAPTER 16304304Understanding Project Management14.214.314.4CHAPTER 15Internal Auditor Commitment to LearningImportance of Internal Auditor Core CompetenciesInternal Audit Documentation RequirementsProcess Modeling for Internal Auditors(a) Understanding the Process Modeling Hierarchy(b) Describing and Documenting Key Processes(c) Process Modeling and the Internal AuditorInternal Audit Workpapers(a) Workpaper Standards(b) Workpaper Formats(c) Workpaper Document Organization(d) Workpaper Preparation Techniques(e) Workpaper Review ProcessesInternal Audit Document Records ManagementImportance of Internal Audit 331332332334335338339340344347347349350Reporting Internal Audit Results35117.117.2351353354358Purposes and Types of Internal Audit ReportsPublished Audit Reports(a) Approaches to Published Audit Reports(b) Elements of an Audit Report Finding
ContentsXI17.317.417.5PART FIVECHAPTER 18362363366368371372373376IMPACT OF INFORMATION TECHNOLOGYON INTERNAL AUDITING379IT General Controls and ITIL Best .718.8CHAPTER 19(c) Balanced Audit Report Presentation Guidelines(d) Alternative Audit Report FormatsInternal Audit Reporting Cycle(a) Draft Audit Reports(b) Audit Reports: Follow-Up and Summary(c) Audit Report and Workpaper RetentionEffective Internal Audit Communications OpportunitiesAudit Reports and Understanding the People in InternalAuditingImportance of IT General ControlsClient-Server and Smaller Systems' General IT Controls(a) General Controls for Small Business Systems(b) Smaller Systems' IT Operations Internal Controls(c) Auditing IT General Controls for SmallerIT SystemsComponents and Controls of Mainframe andLegacy Systems(a) Characteristics of Larger IT Systems(b) Classic Mainframe or Legacy Computer Systems(c) Operating Systems SoftwareLegacy System General Controls ReviewsITIL Service Support and Delivery InfrastructureBest Practices(a) ITIL Service Support Incident Management(b) Service Support Problem ManagementService Delivery Best Practices(a) Service Delivery Service-Level Management(b) Service Delivery Financial Management forIT Services(c) Service Delivery Capacity Management(d) Service Delivery Availability Management(e) Service Delivery Continuity ManagementAuditing IT Infrastructure ManagementInternal Auditor CBOK Needs for IT General 19421422422423424Reviewing and Assessing IT Application Controls42519.1426427429434IT Application Control Components(a) Application Input Components(b) Application Programs(c) IT Application Output Components
xiiContents19.219.319.419.519.619-7CHAPTER 20Selecting Applications for Internal Audit ReviewsPreliminary Steps to Performing ApplicationsControls Reviews(a) Conducting an Application Walk-Through(b) Developing Application Control ObjectivesCompleting the IT Application's Controls Audit(a) Clarifying and Testing Audit Internal ControlObjectives(b) Completing the Application Controls ReviewApplication Review Example: Client-ServerBudgeting System(a) Reviewing Capital Budgeting SystemDocumentation(b) Identifying Capital Budgeting ApplicationKey Controls(c) Performing Application Tests of ComplianceAuditing Applications under Development(a) Objectives and Obstacles of PreimplementationAuditing(b) Preimplementation Review Objectives(c) Preimplementation Review Problems(d) Preimplementation Review ProceduresImportance of Reviewing IT Application 52453454455459459Cybersecurity and Privacy 1472474474475477IT Network Security Fundamentals(a) Security of Data(b) Importance of IT Passwords(c) Viruses and Malicious Program Code(d) Phishing and Other Identity Threats(e) IT System Firewalls(f) Other Computer Security Issues20.2 IT Systems Privacy Concerns(a) Data Profiling Privacy Issues(b) Online Privacy and E-Commerce Issues(c) Radio Frequency Identification(d) Absence of U.S. Federal Privacy Protection Laws20.3 Auditing IT Security and Privacy20.4 Security and Privacy in the Internal Audit Department(a) Security and Control for Auditor Computers(b) Workpaper Security(c) Audit Reports and Privacy(d) Internal Audit Security and Privacy Standards andTraining20.5 PCI-DSS Fundamentals20.6 Internal Audit's Privacy and Cybersecurity RolesNotes477477479479
ContentsCHAPTER 21xiuComputer-Assisted Audit Tools and Techniques21.121.221.321.421.521.6CHAPTER 22Understanding Computer-Assisted Audit Toolsand TechniquesDetermining the Need for CAATTsCAATT Software Tools(a) Types of CAATTs: Generalized Audit Software(b) Report Generators Languages(c) Desktop and Laptop CAATTs(d) Test Data or Test Deck Approaches(e) Specialized Audit Test and Analysis Software(D Embedded Audit ProceduresSelecting Appropriate CAATT ProcessesSteps to Building Effective CAATTsUsing CAATTs for Audit Evidence 503504Business Continuity Planning and IT Disaster Recovery50522.1 IT Disaster and Business Continuity Planning Today22.2 Auditing Business Continuity Planning Processes(a) Internal Auditor Centralized Data CenterBCP Reviews(b) Client-Server Continuity Planning Internal AuditProcedures(c) Continuity Planning for Desktop and LaptopApplicationsBuildingthe IT Business Continuity Plan22.3(a) Risks, Business Impact Analysis, and the Impact ofPotential Emergencies(b) Preparing for Possible Contingencies(c) Disaster Recovery: Handling the Emergency(d) Business Continuity Plan Enterprise Training22.4 Business Continuity Planning and Service-LevelAgreements22.5 Newer Business Continuity Plan Technologies: DataMirroring Techniques22.6 Auditing Business Continuity Plans22.7 Business Continuity Planning Going ForwardNotes506508PART SIXINTERNAL AUDIT AND ENTERPRISE GOVERNANCE529CHAPTER 23Board Audit Committee Communications53123.1 Role of the Audit Committee23.2 Audit Committee Organization and Charters23.3 Audit Committee's Financial Expert and 26526527536
ContentsXIV23.4CHAPTER 24CHAPTER 25CHAPTER 26Audit Committee Responsibilities for Internal Audit(a) Appointment of the Chief Audit Executive(b) Approval of Internal Audit Charter(c) Approval of Internal Audit Plans and Budgets(d) Audit Committee Review and Action on SignificantAudit Findings23.5 Audit Committee and Its External Auditors23.6 Whistleblower Programs and Codes of Conduct23.7 Other Audit Committee Roles539541542543545546546547Ethics and Whistleblower Programs54924.1550551553Enterprise Ethics, Compliance, and Governance(a) Ethics First Steps: Developing a Mission Statement(b) Understanding the Ethics Risk Environment(c) Summarizing Ethics Survey Results: Do We Havea Problem?24.2 Enterprise Codes of Conduct(a) Code of Conduct Contents: What Should Be theCode's Message?(b) Communications to Stakeholders and AssuringCompliance(c) Code Violations and Corrective Actions(d) Keeping the Code of Conduct Current24.3 Whistleblower and Hotline Functions(a) Federal Whistleblower Rules(b) SOx Whistleblower Rules and Internal Audit(c) Launching an Enterprise Help or Hotline Function24.4 Auditing the Enterprise's Ethics Functions24.5 Improving Corporate Governance PracticesNotes55956056l562563564565567569569Fraud Detection and 580582583585585Understanding and Recognizing FraudRed Flags: Fraud Detection Signs for Internal AuditorsPublic Accounting's Role in Fraud DetectionIIA Standards for Detecting and Investigating FraudFraud Investigations for Internal AuditorsInformation Technology Fraud Prevention ProcessesFraud Detection and the Internal AuditorNotes556556557HIPAA, GLBA, and Other Compliance Requirements58726.1588589HIPAA: Healthcare and Much More(a) HIPAA Patient Record Privacy Rules(b) Cryptography, PKI, and HIPAA SecurityRequirements591
Contentsxv26.226.3(c) HIPAA Security Administrative Procedures(d) Technical Security Services and Mechanisms(e) Going Forward: HIPAA and E-CommerceGramm-Leach-Bliley Act Internal Audit Rules(a) GLBA Financial Privacy Rules(b) GLBA Safeguards Rule(c) GLBA Pretexting ProvisionsOther Personal Privacy and Security T SEVENTHE PROFESSIONAL INTERNAL AUDITOR603CHAPTER 27Professional Certifications: CIA, CISA, and More605Certified Internal Auditor Responsibilitiesand Requirements(a) The CIA Examination(b) Maintaining Your CIA Certification27.2 Beyond the CIA: Other IIA Certifications(a) CCSA Requirements(b) CGAP Requirements(c) CFSAW Requirements(d) Importance of the CIA Specialty CertificationExaminations27.3 Certified Information Systems Auditor (CISA)Requirements27,4 Certified Information Security Manager Certification27.5 Certified Fraud Examiner27.6 CISSP Information Systems Security ProfessionalCertification27.7 ASQ Internal Audit Certifications27.8 Other Internal Auditor Certifications27.1CHAPTER al Auditors as Enterprise Consultants62928.1 Standards for Internal Audit as an Enterprise Consultant28.2 Launching an Internal Audit Internal ConsultingCapability28.3 Ensuring an Audit and Consulting Separation of Duties28.4 Consulting Best Practices (a) First Steps: Launching a Consulting Assignment(b) Consulting Engagement Letters(c) Consulting Process: Denning "As Is" and "To Be"Objectives(d) Implementing Consulting Recommendations(e) Documenting and Completing the ConsultingEngagement28.5 Expanded Internal Audit Services to ManagementNote630631633635636637638640640640641
ContentsXVICHAPTER 29Continuous Assurance Auditing and XBRL64329.1644645648651Implementing Continuous Assurance Auditing(a) What Is a CAA Monitoring Process?(b) Resources for Implementing CAA29.2 Benefits of CAA29.3 XBRL: Internet-Based Extensible Business ReportingLanguage(a) XBRL Defined(b) Implementing XBRL29.4 Data Warehouses, Data Mining, and OLAP(a) Importance of Storage Tools(b) Data Warehouses and Data Mining(c) Online Analytical Processing29.5 Newer Technologies, the Continuous Close, andInternal AuditNotes651652652655655656658659660PART EIGHT INTERNAL AUDITING PROFESSIONAL CONVERGENCECBOK REQUIREMENTS661CHAPTER 30ISO 27001, ISO 9000, and Other International Standards66330.130.2664666CHAPTER 31Importance of ISO Standards in Today's Global WorldISO Standards Overview(a) ISO 9001 Quality Management Systems andSarbanes-Oxley(b) IT Security Standards: ISO 17799 and 27001(c) IT Security Technique Requirements: ISO 27001(d) Service Quality Management: ISO 2000030.3 ISO 19011 Quality Management Systems Auditing30.4 ISO Standards and Internal AuditorsNotes667672674675676678678Quality Assurance Auditing and ASQ Standards67931.131.231.331.431-5680681685687Duties and Responsibilities of Quality AuditorsRole of the Quality AuditorPerforming ASQ Quality AuditsQuality Auditors and the IIA Internal AuditorQuality Assurance Reviews of the Internal AuditFunction(a) Benefits of an Internal Audit Quality-AssuranceReview(b) Elements of an Internal Audit Quality-AssuranceReview(c) Who Performs the Quality-Assurance Review?31.6 Launching the Internal Audit Quality-Assurance Review(a) Quality-Assurance Review Approaches688689690692694695
Contentsxvii(b)31.7CHAPTER 32Example Quality-Assurance Review of an InternalAudit Function(c) Reporting the Results of an Internal AuditQuality-Assurance ReviewFuture Directions for Quality-Assurance ternational Internal Auditing and Accounting Standards33-133.233.333-433.5CHAPTER 34Index702704705Six Sigma and Lean TechniquesSix Sigma Background and ConceptsImplementing Six Sigma(a) Six Sigma Leadership Roles and Responsibilities(b) Launching the Six Sigma Project32.3 Lean Six Sigma32.4 Auditing Six Sigma Processes32.5 Six Sigma in Internal Audit OperationsNoteCHAPTER 33696"International Accounting and Auditing Standards: HowDid We Get Here?Financial Reporting Standards ConvergenceIFRS: What Internal Auditors Need to KnowInternational Internal Auditing StandardsNext Steps in Internal Audit Standards723724725727728729CBOK for the Modern Internal Auditor73134.1 Part One: Foundations of Modern Internal Auditing34.2 Part Two: Importance of Internal Controls34.3 Part Three: Planning and Performing Internal Audits34.4 Part Four: Organizing and Managing Internal AuditActivities34.5 Part Five: Impact of Information Technology on InternalAuditing34.6 Part Six: Internal Audit and Enterprise Governance34.7 Part Seven: The Professional Internal Auditor34.8 Part Eight: Internal Auditing Professional ConvergenceCBOK Requirements34.9 A CBOK for Internal AuditorsNote732732733733734735735736736737739
12.3 Building the Internal Audit Staff 275 (a) Role of the CAE 277 (b) Internal Audit Management Responsibilities 278 (c) Internal Audit Staff Responsibilities 278 (d) / Information Systems Audit Specialists 281 (e) Other Internal Auditor Specialists 281 12.4 Internal Audit
Chapter 05 - Auditing and Advanced Threat Analytics 1h 28m Topic A: Configuring Auditing for Windows Server 2016 Overview of Auditing The Purpose of Auditing Types of Events Auditing Goals Auditing File and Object Access Demo - Configuring Auditing Topic B: Advanced Auditing and Management Advanced Auditing
of Auditing and Assurance-Introduction (Auditing 1) and Auditing and Assurance-Intermediate (Auditing 2). This course is designed to provide an introduction to auditing and assurance services. Level of Proficiency in Auditing 1: Foundation Subject Learning Outcome Upon completion of the subj
SECTION-1 (AUDITING) INTRODUCTION TO AUDITING STRUCTURE: 1.1 Objectives 1.2 Introduction -an overview of auditing 1.3 Origin and evolution 1.4 Definition 1.5 Salient features 1.6 Scope of auditing 1.7 Principles of auditing 1.8 Objects of audit 1.9 Detection and prevention of fraud 1.2 1.10 Concept of " true and fair view"
5 GMP Auditing 6 GCP Auditing 7 GLP Auditing 8 Pharmacovigilance Auditing 9 Vendor/Supplier Auditing 10 Remediation 11 Staff Augmentation 12 Data Integrity & Computer System Validation . the training it needs to maintain quality processes in the future. GxP Auditing, Remediation, and Staff Augmentation The FDAGroupcom 9
auditing, performance auditing, comprehensive auditing, internal auditing and forensic auditing, as well as providing assurance on subject matter other than historical financial information. Major chapter sections The framework for assurance engagements and the types of assurance engagements
the Professional Practice of Internal Auditing under which internal auditing operates Subjects that are examined: 1. Introduction to Internal Audit Concept 2. Standards for the professional practice of Internal Auditing 3. Audit Planning and Strategy (macro) 4. Audit Engagement Planning (micro) 5. Internal Audit execution 6.
Provides risk-based assurance. 9. Is insightful, proactive, and future-focused. 10. Promotes organizational improvement. 14 Definition of Internal Auditing. The Definition of Internal Auditing states the fundamental purpose, nature, and scope of internal auditing. Internal auditing is an independent, objective assurance and consulting activity .
AutoCAD 2D Tutorial - 166 - Creating Local Blocks (BMAKE) 19.1 1. Choose Draw, Block, Make. or 2. Click the Make Block icon. or 3. Type BMAKE at the command prompt. Command: BMAKE or BLOCK 4. Type the name of the block. 5. Pick an insertion point. 6. Select objects to be included in the block definition. 7. Click OK
