CIA《內(nèi)部審計(jì)在治理、風(fēng)險(xiǎn)和控制中的作用》考試大綱
內(nèi)部審計(jì)在治理、風(fēng)險(xiǎn)和控制中的作用考試大綱PartI-TheInternalAuditActivitysRoleinGovernance,Risk,andControl第一部分:內(nèi)部審計(jì)在治理、風(fēng)險(xiǎn)和控制中的作用A.ComplyWiththeIIA'sAttributeStandards(1525percent)(ProficiencyLevel)遵守國(guó)際內(nèi)部審計(jì)師協(xié)'會(huì)的屬性標(biāo)準(zhǔn)(15%25%)(要求熟練掌握)1 .Definepurpose,authority,andresponsibilityoftheinternalauditactivity.明確內(nèi)部審計(jì)的宗旨、權(quán)力和職責(zé)。a.Determineifpurpose,authority,andresponsibilityofinternalauditactivityareclearlydocumentedandapproved.確定內(nèi)部審計(jì)的宗旨、權(quán)力和職責(zé)是否清楚地以書面形式記錄并獲得批準(zhǔn)。b.Determineifpurpose,authority,andresponsibilityofinternalauditactivityarecommunicatedtoengagementclients.確定內(nèi)部審計(jì)的宗旨、權(quán)力和職責(zé)是否通報(bào)審計(jì)業(yè)務(wù)客戶。c.Demonstrateanunderstandingofthepurpose,authority,andresponsibilityoftheinternalauditactivity.闡明內(nèi)部審計(jì)的宗旨、權(quán)力和職責(zé)。2 .Maintainindependenceandobjectivity.保持獨(dú)立性和客觀性。a.Fosterindependence.加強(qiáng)獨(dú)立性。1) Understandorganizationalindependence.理解內(nèi)部審計(jì)部門在組織上的獨(dú)立性。2) Recognizetheimportanceoforganizationalindependence.認(rèn)識(shí)內(nèi)部審計(jì)部門在組織上保持獨(dú)立性的重要性。3) Determineiftheinternalauditactivityisproperlyalignedtoachieveorganizationalindependence.確定內(nèi)部審計(jì)部門是否正確設(shè)置以獲得其獨(dú)立性。b.Fosterobjectivity.加強(qiáng)客觀性。1 )Establishpoliciestopromoteobjectivity.制定政策以增進(jìn)客觀性。2 )Assessindividualobjectivity.評(píng)估個(gè)人的客觀性。3 )Maintainindividualobjectivity.保持個(gè)人的客觀性。4 )Recognizeandmitigateimpairmentstoindependenceandobjectivity.識(shí)別和減輕對(duì)獨(dú)立性和客觀性的損害。5 .Determineiftherequiredknowledge,skills,andcompetenciesareavailable.確定是否具備必要的知識(shí)、技能和勝任能力。a.Understandtheknowledge,skills,andcompetenciesareavailable.理解是否具備必要的知識(shí)、技能和勝任能力。b.Identifytheknowledge,skills,andcompetenciesrequiredtofulfilltheresponsibilitiesoftheinternalauditactivity.識(shí)別履行內(nèi)部審計(jì)職責(zé)所必需的知識(shí)、技能和勝任能力。skills and competencies collectively6 .Developand/orprocurenecessaryknowledge,requiredbyinternalauditactivity.開發(fā)和/或取得內(nèi)部審計(jì)部門整體所必需的知識(shí)、技能和勝任能力。7 .Exercisedueprofessionalcare.運(yùn)用應(yīng)有的職業(yè)審慎。8 .Promotecontinuingprofessionaldevelopment.促進(jìn)持續(xù)專業(yè)發(fā)展。a.Developandimplementaplanforcontinuingprofessionaldevelopmentforinternalauditstaff.為內(nèi)部審計(jì)人員制定并實(shí)施持續(xù)專業(yè)發(fā)展計(jì)劃。b.Enhanceindividualcompetencythroughcontinuingprofessionaldevelopment.通過(guò)持續(xù)專業(yè)發(fā)展提高個(gè)人能力。9 .Promotequalityassuranceandimprovementoftheinternalauditactivity.促進(jìn)內(nèi)部審計(jì)活動(dòng)的質(zhì)量保證與改進(jìn)。a.Establishandmaintainaqualityassuranceandimprovementprogram.建立和保持質(zhì)量保證與改進(jìn)程序。b.Monitortheeffectivenessofthequalityassuranceandimprovementprogram.監(jiān)督質(zhì)量保證與改進(jìn)程序的效果。c.Reporttheresultsofthequalityassuranceandimprovementprogramtotheboardorothergoverningbody.將質(zhì)量保證與改進(jìn)程序的結(jié)果報(bào)告董事會(huì)或其他治理機(jī)構(gòu)。d.Conductqualityassuranceproceduresandrecommendimprovementstotheperformanceoftheinternalauditactivity.實(shí)施質(zhì)量保證程序并建議改善內(nèi)部審計(jì)業(yè)績(jī)。10 AbidebyandpromotecompliancewiththeIIACodeofEthics.遵守和促進(jìn)對(duì)IIA職業(yè)道德規(guī)范的遵循。B.EstablishaRisk-basedPlantoDeterminethePrioritiesoftheInternalAuditActivity11525percent)(ProficiencyLevel)以風(fēng)險(xiǎn)為基礎(chǔ)制定計(jì)劃,確定內(nèi)部審計(jì)活動(dòng)的優(yōu)先次序(15%25%)(要求熟練掌握)1 .Establishaframeworkforassessingrisk.建立評(píng)估風(fēng)險(xiǎn)的框架。2 .Usetheframeworkto:應(yīng)用評(píng)估風(fēng)險(xiǎn)的框架:a.Identifysourcesofpotentialengagements(e.g.,audituniverse,managementrequest,regulatorymandate)。確定潛在審計(jì)業(yè)務(wù)的來(lái)源(如審計(jì)域、管理層的要求、法規(guī)要求)。b.Assessorganization-widerisk.評(píng)估全組織范圍內(nèi)的風(fēng)險(xiǎn)。c.Solicitpotentialengagementtopicsfromvarioussources.從不同來(lái)源尋求潛在審計(jì)業(yè)務(wù)。d.Collectandanalyzedataonproposedengagements.收集和分析擬審計(jì)業(yè)務(wù)的資料。e.Rankandvalidateriskpriorities.對(duì)風(fēng)險(xiǎn)高低進(jìn)行評(píng)分和證實(shí)。3.Identifyinternalauditresourcerequirements.識(shí)別內(nèi)部審計(jì)資源需求。4.Coordinatetheinternalauditactivity'seffortswith與以下方面協(xié)調(diào)內(nèi)部審計(jì)工作:a.Externalauditor.外部審計(jì)師b.Regulatoryoversightbodies.法規(guī)監(jiān)管機(jī)構(gòu)c.Otherinternalassurancefunctions(e.g.,healthandsafetydepartment)。其他內(nèi)部保證部門(如健康和安全部門)。5.Selectengagements:選擇審計(jì)業(yè)務(wù):a.Participateintheengagementselectionprocess.參與審計(jì)業(yè)務(wù)選擇過(guò)程。b.Selectengagements.選擇審計(jì)業(yè)務(wù)。c.Communicateandobtainapprovaloftheengagementplanfromboard.與董事會(huì)溝通以獲得其對(duì)審計(jì)業(yè)務(wù)計(jì)劃的批準(zhǔn)。C.UnderstandtheInternalAuditActivity'RoleinOrganizationalGovernance11020percent)(ProficiencyLevel)理解內(nèi)部審計(jì)在公司治理中的作用(10%20%)(要求熟練掌握)1.Obtainboard'sapprovalofauditcharter.獲得董事會(huì)對(duì)內(nèi)部審計(jì)章程的批準(zhǔn)。2.Communicateplanofengagements.溝通審計(jì)業(yè)務(wù)計(jì)劃。3.Reportsignificantauditissues.報(bào)告重大審計(jì)事項(xiàng)。4.Communicatekeyperformanceindicatorstoboardonaregularbasis.定期向董事會(huì)報(bào)告關(guān)鍵績(jī)效指標(biāo)。5.Discussareasofsignificantrisk.討論重大風(fēng)險(xiǎn)領(lǐng)域。6.Supportboardinenterprise-wideriskassessment.支持董事會(huì)開展全面的風(fēng)險(xiǎn)評(píng)估。7.Reviewpositioningoftheinternalauditfunctionwithintheriskmanagementframeworkwithintheorganization.檢查內(nèi)部審計(jì)部門在組織內(nèi)風(fēng)險(xiǎn)管理框架中的定位。8.Monitorcompliancewiththecorporatecodeofconduct/businesspractices.監(jiān)督遵守公司行為規(guī)范和商業(yè)慣例情況。9.Reportontheeffectivenessofthecontrolframework.報(bào)告控制框架的有效性。10.Assistboardinassessingtheindependenceoftheexternalauditor.協(xié)助董事會(huì)評(píng)估外部審計(jì)師的獨(dú)立性。11.Assessethicalclimateoftheboard.評(píng)估董事會(huì)的道德氛圍。12.Assessethicalclimateoftheorganization.評(píng)估組織的道德氛圍。13 .Assesscompliancewithpoliciesinspecificareas(e.g.,derivatives).評(píng)估在特定領(lǐng)域遵守政策的程度(如衍生產(chǎn)品)。14 .Assessorganization'sreportingmechanismtotheboard.評(píng)估組織向董事會(huì)報(bào)告的機(jī)制。15 .Conductfollow-upandreportonmanagementresponsetoregulatorybodyreviews.跟蹤并報(bào)告管理層對(duì)法規(guī)監(jiān)管機(jī)構(gòu)檢查結(jié)果的落實(shí)情況。16 .Conductfollow-upandreportonmanagementresponsetoexternalaudit.跟蹤并報(bào)告管理層對(duì)外部審計(jì)結(jié)果的落實(shí)情況。17 .Assesstheadequacyoftheperformancemeasurementsystem,achievementofcorporateobjective.評(píng)估業(yè)績(jī)測(cè)評(píng)系統(tǒng)的充分性和整體目標(biāo)的實(shí)現(xiàn)情況。18 .Supportacultureoffraudawarenessandencouragethereportingofimproprieties.樹立舞弊防范意識(shí),鼓勵(lì)報(bào)告不正當(dāng)?shù)男袨?。D.PerformOtherInternalAuditRolesandResponsibilities(010percent)(ProficiencyLevel)執(zhí)行其他內(nèi)部審計(jì)任務(wù)和職責(zé)(010%)(要求熟練掌握)1 .Ethics/compliance:道德規(guī)范/合規(guī)性:a.Investigateandrecommendresolutionforethics/compliancecomplaints.對(duì)道德規(guī)范/合規(guī)情況的投訴進(jìn)行調(diào)查并提出解決辦法。b.Determinedispositionofethicsviolations.確定違反道德規(guī)范的處理。c.Fosterhealthyethicalclimate.培養(yǎng)健康的道德環(huán)境。d.Maintainandadministerbusinessconductpolicy(e.g.,conflictofinterest)。維護(hù)和管理經(jīng)營(yíng)行為政策(如利益沖突)。e.Reportoncompliance.報(bào)告合規(guī)情況。2 .Riskmanagement:風(fēng)險(xiǎn)管理:a.Developandimplementanorganization-wideriskandcontrolframework.建立和實(shí)施一個(gè)全組織的風(fēng)險(xiǎn)和控制框架。b.Coordinateenterprise-wideriskassessment.協(xié)調(diào)全面風(fēng)險(xiǎn)評(píng)估。c.Reportcorporateriskassessmenttobroad.向董事會(huì)報(bào)告公司的風(fēng)險(xiǎn)評(píng)估情況。d.Reviewbusinesscontinuityplanningprocess.檢查經(jīng)營(yíng)持續(xù)性計(jì)劃過(guò)程。3 .Privacy:隱私:a.Determineprivacyvulnerabilities.確定隱私的薄弱環(huán)節(jié)。b.Reportoncompliance.報(bào)告合規(guī)情況。4.1 nformationorphysicalsecurity:信息或物理安全:a.Determinesecurityvulnerabilities.確定安全的薄弱環(huán)節(jié)。Determinedispositionofsecurityviolations.確定違反安全規(guī)行為定的處理。c.Reportoncompliance.報(bào)告合規(guī)情況。E.Governance,Risk,andControlKnowledgeElements(1525percent)治理、風(fēng)險(xiǎn)和控制知識(shí)要點(diǎn)(15%25%)1 .Corporategovernanceprinciples(AwarenessLevel)公司治理原則(要求了解)。2 .Alternativecontrolframeworks(AwarenessLevel)??蛇x擇的控制框架(要求了解)。3 .Riskvocabularyandconcepts(ProficiencyLevel)。風(fēng)險(xiǎn)的詞匯和概念(要求熟練掌握)。4 .Riskmanagementtechniques(ProficiencyLevel)。風(fēng)險(xiǎn)管理技術(shù)(要求熟練掌握)。5 .Risk/controlimplicationsofdifferentorganizationalstructures(ProficiencyLevel)。不同組織結(jié)構(gòu)中的風(fēng)險(xiǎn)/控制內(nèi)容(要求熟練掌握)。6 .Risk/controlimplicationsofdifferentleadershipstyles(AwarenessLevel)。不同領(lǐng)導(dǎo)風(fēng)格下的風(fēng)險(xiǎn)/控制內(nèi)容(要求了解)。7 .ChangemanagementAAwarenessLevel)。變革管理(要求了解)。8 .Conflictmanagement(AwarenessLevel)。沖突管理(要求了解)。9 .Managementcontroltechniques(ProficiencyLevel)。管理控制技術(shù)(要求熟練掌握)。10 .Typesofcontrol(preventive,detective,input,output)(ProficiencyLevel)??刂祁愋?預(yù)防型、檢查型、輸入、輸出)(要求熟練掌握)。F.PlanEngagements(1525percent)(ProficiencyLevel)計(jì)劃審計(jì)業(yè)務(wù)(15%25%)(要求熟練掌握)1.Initiatepreliminarycommunicationwithengagementclient.開展與審計(jì)業(yè)務(wù)客戶的初步溝通。2 .Conductapreliminarysurveyoftheareaofengagement.對(duì)審計(jì)業(yè)務(wù)范圍實(shí)施初步調(diào)查。a.Obtaininputfromengagementclient.從審計(jì)業(yè)務(wù)客戶處獲得信息。b.Performanalyticalreviews.進(jìn)行分析性復(fù)核。c.Performbenchmarking.進(jìn)行基準(zhǔn)比較。d.Conductinterviews.實(shí)施面談。e.Reviewpriorauditreportsandotherrelevantdocumentation.查閱以前的審計(jì)報(bào)告和其他相關(guān)資料。f.Mapprocesses.繪制流程圖。g.DevelopChecklists.編制檢查清單。3 .Completeadetailedriskassessmentofthearea(prioritizeorevaluaterisk/controlfactors)。完成相關(guān)領(lǐng)域的詳細(xì)風(fēng)險(xiǎn)評(píng)估(對(duì)風(fēng)險(xiǎn)/控制因素進(jìn)行優(yōu)先排序或評(píng)估)。4 .Coordinateauditengagementeffortswith.與以下方面協(xié)調(diào)審計(jì)業(yè)務(wù)工作:a.Externalauditor.外部審計(jì)師b.Regulatoryoversightbodies.法規(guī)監(jiān)管機(jī)構(gòu)5 .Establish/refineengagementobjectivesandidentify/finalizethescopeofengagement.建立/完善審計(jì)業(yè)務(wù)的目標(biāo),識(shí)別/確定審計(jì)業(yè)務(wù)的范圍。6 .Identifyordevelopcriteriaforassuranceengagements(criteriaagainstwhichtoaudit)。識(shí)別或開發(fā)確認(rèn)業(yè)務(wù)的標(biāo)準(zhǔn)(審計(jì)所依照的標(biāo)準(zhǔn))。7 .Considerthepotentialforfraudwhenplanninganengagement.在計(jì)劃審計(jì)業(yè)務(wù)時(shí)考慮舞弊的潛在可能。a.Beknowledgeableoftheriskfactorsandredflagsoffraud.理解舞弊的風(fēng)險(xiǎn)因素和危險(xiǎn)信號(hào)。b.Identifycommontypesoffraudassociatedwiththeengagementarea.識(shí)別與審計(jì)業(yè)務(wù)范圍相關(guān)的一般舞弊類型。-fl*,''1>,/J?I*7:'|1I'I1-ijj,iaic.Determineifriskoffraudrequiresspecialconsiderationwhenconductinganengagement.在實(shí)施審計(jì)業(yè)務(wù)時(shí),確定是否需要對(duì)舞弊的風(fēng)險(xiǎn)進(jìn)行特殊考慮。8 .Determineengagementprocedures.確定審計(jì)業(yè)務(wù)程序。9 .Determinethelevelofstaffandresourcesneededfortheengagement.確定審計(jì)業(yè)務(wù)所需的人員水平和資源。10 .Establishadequateplanningandsupervisionoftheengagement.建立對(duì)審計(jì)業(yè)務(wù)充分的計(jì)劃和監(jiān)督。11 .Prepareengagementworkprogram.編制審計(jì)業(yè)務(wù)工作方案。