CIA Part 1 Table of Contents

Table of Contents

Exam Introduction ............................................................................................................. 1

Box Styles Used in This Book 1

Section I – Foundations of Internal Auditing .................................................................. 2

A. The Purpose, Authority, and Responsibility of the IAA 9
B. The Internal Audit Charter 9
C. Assurance and Consulting Services 12
D. IIA Code of Ethics 14

Section II – Independence and Objectivity .................................................................... 17

A. Organizational Independence and Individual Objectivity 18
B and C. Impairments to Independence or Objectivity 22
D. Policies That Promote Objectivity 26

Section III – Proficiency and Due Professional Care .................................................... 27

A and B. Proficiency (Standard 1210) 27
C. Due Professional Care (Standard 1220) 32
D. Competency Through Continuing Professional Development 33

Section IV – Quality Assurance and Improvement Program ....................................... 34

A. The Requirements of the QAIP 35
B. Reporting the Results of the QAIP 40
C. Disclosure of Conformance or Nonconformance 41

Section V – Governance, Risk Management, and Controls ......................................... 43

Three Lines of Defense Model 43
A. Organizational Governance ....................................................................................... 45
B. Organizational Culture................................................................................................ 47
C. Ethics ........................................................................................................................... 49
D. Corporate Social Responsibility ................................................................................ 51
E. Concepts of Risk and Risk Management .................................................................. 55
Types of Risk 57
The Risk Management Process 58
Risk Appetite and Risk Tolerance 69
F. Globally Accepted Risk Management Frameworks .................................................. 70
COSO Framework on Enterprise Risk Management 72
ISO 31000 Principles, Framework, and Process 77

© 2018 HOCK international, LLC. For personal use only by original purchaser. Resale prohibited. i
Table of Contents CIA Part 1

G. Examining the Effectiveness of Risk Management ................................................. 81

H. Appropriateness of IAA’s Role in the Risk Management Process ......................... 84
I. Interpret Internal Control Concepts and Types of Controls ..................................... 86
Establishing the Control Process 90
Controls in the Accounting Transaction Cycles 94
J: Globally Accepted Internal Control Frameworks ................................................... 102
The COSO Model 102
Alternative Control Frameworks 108
K. Examine the Effectiveness and Efficiency of Internal Controls............................ 110

Section VI – Fraud Risks............................................................................................... 113

A. Fraud Risks and Types of Fraud 113
B. Evaluating Potential for Occurrence of Fraud 116
C. Recommend Controls to Prevent and Detect Fraud 120
D. Forensic Auditing 122

Appendix A: Glossary ................................................................................................... 124

Appendix B: Model Internal Audit Activity Charter .................................................... 127
Appendix C: Practice Advisories for QAIP .................................................................. 131
Appendix D: 40 Common Forms of Fraud ................................................................... 139

ii © 2018 HOCK international, LLC. For personal use only by original purchaser. Resale prohibited.
CIA Part 2 Table of Contents

Table of Contents

Part 2 Exam Introduction .................................................................................................. 1

Box Styles Used in This Book 1

Section I – Managing the Internal Audit Activity ............................................................. 2

1. Internal Audit Operations.............................................................................................. 3
1A. Policies and Procedures 3
1B. Administrative Activities of the Internal Audit Activity 7
2. Establishing a Risk-Based Internal Audit Plan ......................................................... 12
2A. Identify Potential Engagements 12
2B. Identify a Framework for Assessing Risk 13
Types of Engagements ................................................................................................... 16
2C. Assurance Engagements ......................................................................................... 17
1) Risk and Control Self-assessments 17
2) Audits of Third Parties and Contract Compliance 21
3) Quality Assurance Engagements 23
4) Due Diligence Assurance Engagements 26
5) Security Engagements 27
6) Privacy Audit Engagements 28
7) Performance Assurance Engagements 29
8) Operational Assurance Engagements 30
9) Financial Audit Engagements 31
10) Compliance Audit Engagements 37
2D. Consulting Services ................................................................................................. 39
1) Internal Control Training 43
2) Benchmarking 44
3) Business Process Mapping 46
4) Due Diligence Consulting 46
5) System Development Reviews 46
6) Privacy Consulting 47
7) Design of Performance Measurement Systems 47
8) Other Consulting Engagements 48
2E. Coordinate Internal Audit Efforts with Other Assurance Providers ..................... 49
3. Communicating and Reporting to Senior Management and the Board .................. 55
3A. Communicate Annual Audit Plan and Obtain Board Approval 55
3B. Identify Significant Risk Exposures to Report to the Board 56
3C. Report on the Effectiveness of the Organization’s Internal Controls & Risk Management 57
3D. Reporting Key Performance Indicators to the Board 58
Section II. Planning the Engagement ............................................................................. 63

© 2018 HOCK international, LLC. For personal use only by original purchaser. Resale prohibited. i
Table of Contents CIA Part 2

A. Establish Engagement Objectives/Criteria and Finalize Scope 66

B. Plan Engagement to Assure Identification of Key Risks and Controls 67
C. Complete a Detailed Risk Assessment of Each Audit Area 69
D. Determine Engagement Procedures and Prepare Work Program 70
E. Determine Level of Resources Needed 75

Section III – Conducting Internal Audit Engagements – Introduction ........................ 78

1. Information Gathering ................................................................................................. 78
1A. The Preliminary Survey 78
1B. Checklists and Questionnaires 84
1C. Sampling 85
2. Analysis and Evaluation ............................................................................................. 96
2A. Computerized Audit Tools and Techniques 97
2B. Evaluate the Relevance, Sufficiency, and Reliability of Evidence 101
2C. Analytical Approaches and Process Mapping 104
2D. Analytical Review Techniques and Process Mapping 108
2E. Working Papers and Documentation 127
2F. Develop Engagement Conclusions 134
3. Engagement Supervision ......................................................................................... 137

Section IV – Communicating Results and Monitoring Progress ............................... 140

1. Communicating Engagement Results and the Acceptance of Risk 140
1A. Initiate Preliminary Communication with Client 140
1B. Demonstrate Communications Quality and Elements 140
1C. Communicate Interim Progress 144
1D. Recommendations to Enhance and Protect Organizational Value 145
1E. Audit Communication and Reporting Process 145
1F and G. Assessing Residual Risk and Acceptance of Risk 151
2. Monitoring Progress ................................................................................................. 151

Appendix A: Sample Code of Conduct ........................................................................ 155

ii © 2018 HOCK international, LLC. For personal use only by original purchaser. Resale prohibited.
CIA Part 3 Table of Contents

Table of Contents

Exam Introduction ............................................................................................................. 1

Section I – Business Acumen........................................................................................... 2

1. Organizational Objectives, Behavior, and Performance ............................................ 2
1 A. Strategic Planning 2
1 B. Common Performance Measures 9
1 C. Organizational Behavior 26
1 D. Management Skills and Leadership Styles 35
2. Organizational Structure and Business Processes .................................................. 42
2 A. Risk and Control Implications of Different Organizational Structures 42
2 B. Risk and Control Implications of Common Business Processes 49
2 C. Project Management Techniques 65
2 D. Contracts 69
3. Data Analytics .............................................................................................................. 74
Data Analytics Process 74
Types of Data Analytics 75
Implementing Data Analytics in the Internal Audit Activity 76
The Future of Data Analytics 78
Section II – Information Security .................................................................................... 79
A. Physical Security Controls ......................................................................................... 80
B. User Authentication and Authorization Controls ..................................................... 81
C. Information Security Controls ................................................................................... 82
Firewalls 83
Intrusion Detection Systems 84
Encryption 84
Antivirus Software: Protection against Viruses, Trojan Horses, and Worms 85
D. Privacy ......................................................................................................................... 86
E. Emerging Technology Practices and Their Impact on Security .............................. 87
F. Cybersecurity Risks .................................................................................................... 89
G. Cybersecurity and Information Security-Related Policies ...................................... 91
Section III – Information Technology ............................................................................. 93
Introduction to Information Technology........................................................................ 93
1. Application and System Software .............................................................................. 94
Systems Development Lifecycle 94
System and Program Change Controls 97
Databases 98
The Internet 100

© 2018 HOCK international, LLC. For personal use only by original purchaser. Resale prohibited. i
Table of Contents CIA Part 3

Software Systems 102

2. IT Infrastructure and IT Control Frameworks .......................................................... 104
Networking Concepts 104
Operational Roles with IT 106
IT Control Frameworks 107
3. Business Continuity and Contingency Planning .................................................... 114
Disaster Recovery 115
Section IV – Financial Management ............................................................................. 117
1. Financial Accounting and Finance ....................................................................... 117
1 A 1. Financial Accounting Concepts and Principles 117
1 A 2. External Financial Statements 124
1 A 3. Intermediate Concepts of Financial Accounting 142
1 B. Advanced Concepts of Financial Accounting 150
1 C. Financial Analysis 160
1 D. The Revenue Cycle and Working Capital Management 181
1 E 1. Capital Structure 209
1 E 2. Capital Budgeting 220
1 E 3. Basic Taxation 235
1 E 4. Transfer Pricing 239
2. Managerial Accounting .......................................................................................... 247
2 A 1. Budgeting Concepts 247
2 A 2. Cost-Volume-Profit Analysis 259
2 A 3. Responsibility Centers and Responsibility Accounting 271
2 A 4. Shared Services Cost Allocation 278
2 B Cost Management Systems 288
2 B 1. Cost Classifications 288
2 B 2. Cost of Goods Sold (COGS) and Cost of Goods Manufactured (COGM) 297
2 B 3. Costing Systems 299
2 B 4. Variable and Absorption Costing for Manufacturing Costs 325
2 C. Decision Making 330

Appendix A – Time Value of Money Concepts (Present/Future Value) ..................... 344

Simple Interest 344
Compound Interest 345
Present Value 346
Future Value 352

ii © 2018 HOCK international, LLC. For personal use only by original purchaser. Resale prohibited.